论文信息 - A cyber risk scoring system for medical devices

A cyber risk scoring system for medical devices

Abstract The increased connectivity of medical devices expedites patient treatment and provides lifesaving capabilities, but the lack of emphasis on device security has led to several cyber security breaches. Most medical professionals do not have adequate expertise in information technology or cyber security, yet they are responsible for assessing which medical devices provide the best balance of risk and probability of success. This paper proposes a cyber risk scoring system that considers a physician’s worst-case assessment of the potential of a medical device to impact a patient. The scoring system also relies on a security questionnaire based on the STRIDE model that helps generate a risk score for the medical device. Three test scenarios involving medical devices are used to demonstrate the application and utility of the risk scoring system.

[1] Michael J. Assante,et al. The Industrial Control System Cyber Kill Chain , 2016 .

[2] Steve Wicinski. Code of Federal Regulations Search Form , 2014 .

[3] Donna Burton,et al. Department of Homeland Security Website. Administered by the U.S. Department of Homeland Security, Washington, DC 20528. Retrieved August 2009, from http: //www.dhs.gov/ , 2010, Gov. Inf. Q..

[4] Kevin Fu,et al. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5] Ping Yu,et al. Electronic Health Record , 2012, Encyclopedia of Gerontology and Population Aging.

[6] Barack Obama,et al. Statement on the Release of the 'Framework for Improving Critical Infrastructure Cybersecurity' by the National Institute of Standards and Technology, February 12, 2014 , 2014 .

[7] B. Obama. Presidential Policy Directive 21: Critical Infrastructure Security and Resilience , 2013 .