Last week, the Food and Drug Adminstration (FDA) closed the public comment period on the draft guidelines for Postmarket Management of Cybersecurity in Medical Devices.
People have been asking us all week for our opinions on the FDA's new postmarket cybersecurity draft guidance. All three of Virta Labs' founders have been active in this area, with extensive research in applied security and longstanding support for collaborative efforts:
- raising the flag on potential issues in 2008;
- demonstrating the first attacks on a medical implant;
- signal-injection attacks in the analog domain;
- building novel nonintrusive defenses;
- organizing a series of successful workshops to bring together stakeholders for constructive discussions;
- conducting meta-analysis of postmarket security monitoring; and
- educating the National Academy of Engineering and numerous government bodies about the risks and rewards of medical device security
We read the draft guidance so that you could tl;dr and get back to your own job. Here are the highlights, as we see them.