Sean Evoy, Wind River Product Line Manager for Wind River Simics discusses cybersecurity for medical devices: reducing risk with pen testing.
1. How can medical device software development improve to meet today’s cybersecurity challenges?
Cybersecurity threats are a daily concern for medical device companies, hospitals, doctors, and patients. It’s a matter of life or death – ensuring medical devices work properly and aren’t compromised by security threats and breaches. Also imperative is keeping patient data safe from hackers and criminals. As U.S. FDA guidelines stress, protecting medical device software and hardware from security risk is increasingly important in the development and operation of medical devices. One way to reduce cybersecurity risk is by foiling threats at the source. A medical device developer can get ahead of cybersecurity problems through vulnerability testing – known as penetration testing (pen testing) in the information technology (IT) world or fault injection in the embedded engineering community.
2. How does pen testing mitigate cybersecurity risk for medical device software development throughout a system’s lifecycle?
A pen test simulates an attack on a system or a medical device system to detect known vulnerabilities. A library of known attacks, or faults, drive an automated tool that injects each fault and analyzes the device-under-test (DUT) response. Testing uses the same binaries found in a production system but runs on a virtual device, so there’s no unintentional interference or damage by your test rig. As new vulnerabilities are discovered, you can add them to the library and improve your pen testing process. Pen testing is one of the best ways to mitigate cybersecurity risk, because it’s used throughout a system’s lifecycle: during development, deployment, and after each modification.
3. How can a medical device developer conduct pen testing on a software system being developed for their product?
One of the most effective ways to deploy pen testing is via cybersecurity simulation, a process used to expose known and unknown vulnerabilities by putting medical device security defenses under evolving, real-world security threat settings. Simulation engines, such as Wind River Simics, allow medical device system developers to test system cybersecurity in a controlled environment. Simics decouples your work from the physical hardware, while still retaining the ability to connect the physical medical device hardware when required. Simics virtual hardware gives on-demand access to any target system, supporting continuous integration and automated testing with members of your development team or suppliers.
4. How does Wind River Simics allow cybersecurity simulation for a medical device system?
Simics uses virtual hardware to conduct full system simulations, often the only way to detect cybersecurity threats originating with one component attacking others. Advantages of this approach are:
- Conducting tests impossible on physical hardware, such as spoofing malware to trigger responses exposing its existence
- Testing defense-in-depth strategies, such as flagging a suspect component as inoperable, isolating it from the system
- Simics as a cybersecurity sandbox, safely containing suspect malware for forensic analysis
5. What other medical device system areas can use Simics’ simulation capabilities?
As medical devices and systems become more complex, Simics can help test by modeling complete networked systems, running a full production software stack – unmodified binaries, including binary input-output system (BIOS), firmware, operating systems, and applications. Recent Simics releases improve multicore and parallel core support. Fully parallel simulation is on the horizon, and Simics provides support for distributing complex, multi-core simulations across available host resources. The only restriction on system complexity or its performance requirements is the capacity of the simulation host network.
You may also be interested in our brief, “Cybersecurity, IoT, and Embedded Systems.”