Cybersecurity Challenges and Considerations for Medical Devices

Dr. Jason Jaskolka

Assistant Professor, Department of Systems and Computer Engineering, Carleton University

September 28, 2017 9:00 - 10:30

Mackenzie Building Room 4332, Carleton University

abstract

Wearable and implantable medical devices have advanced considerably in the last few decades, enhancing patients' quality of life with improved diagnosis, monitoring, and therapy for a wide range of medical conditions. Modern medical devices often consist of low-power hardware and embedded software components to perform sensing, computation, and actuation, in many cases without patient or physician involvement. Many have also adopted wireless interfaces to support data collection and therapy adjustments. The evolution of these devices with more complex software and increased connectivity to existing computer networks has exposed them to a new frontier of cybersecurity vulnerabilities from which they were previously shielded.

Security problems in medical devices often emerge as unintended consequences when systems are enhanced in other ways. For example, when a medical device gains a wireless interface for clinical monitoring, it may also expose the patient to a number of realistic threats including malicious tampering to deliver lethal results, privacy violations such as eavesdropping and tracking of unsuspecting patients, and even device counterfeiting and data fraud. Therefore, the designers of such devices face many challenges and must consider many inter-related factors that contribute to such a potentially insecure environment to gain a better understanding of how to identify the vulnerabilities that threaten the security and privacy of modern medical devices and their data, why these vulnerabilities persist, and what the solution space should look like.

In this talk, I will outline the design principles for securing wearable and implantable medical devices and their data, identify the key classes of vulnerabilities to which modern medical devices are exposed, and discuss security and privacy challenges and pitfalls in designing these devices. I will conclude by sketching some of the defensive measures and solutions that have been proposed to address this complex and multi-faceted problem.

biography

Jason Jaskolka is an Assistant Professor in the Department of Systems and Computer Engineering at Carleton University, Ottawa, ON, Canada. He received his Ph.D. in Software Engineering in 2015 from McMaster University, Hamilton, ON, Canada. His research interests include cybersecurity assurance and security-by-design, covert channel analysis, distributed multi-agent systems, and formal methods and algebraic approaches for software engineering.