Workshop
Event Title
Public Workshop - Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019
January 29 - 30, 2019
- Date:
- January 29 - 30, 2019
- Time:
-
9:00 AM - 4:30 PM ET
- Location:
-
Event LocationWhite Oak Campus: The Great Room
Conference Center
10903 New Hampshire Ave
Building 31, Room 1503
Silver Spring, MD 20993
United States
- Organized By:
-
Organizer
Attend
The Food and Drug Administration (FDA) is announcing a public Workshop entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”. The purpose of the workshop is to discuss the newly released draft guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. FDA seeks to bring together diverse stakeholders to discuss, in-depth, the draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” and the sub-topic of the draft guidance regarding a Cybersecurity Bill of Materials (CBOM), which can be a critical element in identifying assets, threats, and vulnerabilities.
The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the US and globally. Such cyberattacks and exploits can delay diagnoses and/or treatment and may lead to patient harm.
Although FDA issued guidance addressing recommendations for device cybersecurity information in premarket submissions in 2014 , the rapidly evolving landscape, and the increased understanding of the threats and their potential mitigations necessitates an updated approach. This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.
- Date, Time and Location
- Federal Register Draft Guidance Notice
- Agenda
- Program Booklet
- Handouts
- Presentations
- Webcast Archived Links
- Transcripts
- Contact Us
Date, Time and Location
This meeting will be held January 29th and January 30th 2019, beginning at 9:00 a.m. – 4:30 p.m. at the following location:
FDA White Oak Campus
10903 New Hampshire Avenue
Bldg. 31, Room 1503 (the Great Room)
Silver Spring, MD, 20993
FDA Campus Information, (e.g., local airports, directions, local hotels, etc.)
The meeting will be webcasted.
Agenda
Agenda Day 1: January 29, 2019
| Time | Event |
|---|---|
| 8:30am–9:00am | Registration (for pre-registered attendees) |
| 9:00am–9:25am | FDA Welcome/Medical Device Cybersecurity State of the Union: Trustworthiness, Transparency and Resilience – A Recipe for Advancing Device Cyber Safety |
| 9:25am–9:30am | Meeting Logistics |
| 9:30am–9:40am | FDA Leadership Remarks |
| 9:40am–9:50am | BREAK |
| 9:50am–10:35am | Session I Plenary Panel - Legacy Learnings: Drag of the Past Driving Increased Resilience in the Future |
| 10:35am– 10:50am | Medical Device Premarket Guidance Draft Overview |
| 10:50am–11:35am | Session II Plenary Panel - Threat Modeling & Systems Approaches |
| 11:35am–12:20pm | Session III Plenary Panel - Risk Assessment Approaches & Labeling |
| 12:20pm–1:05pm | LUNCH |
| 1:05pm–1:25pm | Keynote |
| 1:25pm–2:05pm | Session IV Plenary Panel - Transitioning from Implied Trust to Trustworthiness: Authentication, Authorization, and Encryption |
| 2:05pm 2:10pm | Move to Breakout |
| 2:10pm–2:55pm | Breakout Session: Premarket Guidance Topics Other than CBOM |
| 2:55pm–3:00pm | Return from Breakout |
| 3:00pm–3:45pm | Session V Plenary Panel - Increasing Transparency, Advancing Protection, and Enabling Timely Response: Cybersecurity Bill of Materials (CBOM) |
| 3:45pm–3:55pm | BREAK |
| 3:55pm–4:45pm | Breakout Session: CBOM |
| 4:45pm | Adjorn |
Agenda Day 2: January 30, 2019
| Time | Event |
|---|---|
| 8:30am–9:00am | Registration (for pre-registered attendees) |
| 9:00am–9:30am | Welcome, Day 1 Breakout Report Outs, Recap Day 1 |
| 9:30am–10:00am | Session VI Plenary Panel - Patient Perspectives: The True Endpoint |
| 10:00am–11am | Session VII Plenary Panel: Leveraging Innovation and Collaboration in the Ecosystem to Advance Cyber Safety |
| 11am–11:10am | BREAK |
| 11:10am–11:55am | Session VIII Plenary Panel - Scoring Vulnerabilities: What’s the clinical context? |
| 11:55am–12pm | CyberMed Safety (Expert) and Analysis Board (CYMSAB) Breakout Framing |
| 12pm–12:05pm | Move to Breakout |
| 12:05pm–12:55pm | Break Out Session: CYMSAB |
| 12:55pm–1:40pm | LUNCH |
| 1:40pm–2:40pm | Session IX Plenary Panel - Establishing Trust, Embracing Transparency, Increasing Resilience: Best Practices & Tools |
| 2:40pm–3:25pm | Session X Plenary Panel - Information Sharing: An Evolving Journey |
| 3:25pm–3:35pm | BREAK |
| 3:35pm–4:20pm | Session XI Plenary Panel - Preparedness and Response: Wanna Cry Again? |
| 4:20pm–4:40pm | CYMSAB Breakout Report Out, Workshop Recap, and Closing Remarks |
Handouts
- 405(d) Managing Threats and Protecting Patients Fact Sheet
- UL2900 - A Cybersecuirty aid for industry and regulators
- Joint Security Plan FAQ
- Selection Election of Cybersecurity - Related Standards in Development for Medical Devices
Presentations
- Opening Remarks
- From the Perspective of a Medical Device Manufacturer
- CBOM
- A Recipe for Advancing Device Cyber Safety
- Health-ISAC
- Medical Device Premarket Guidance Draft Overview
- Threat Modeling Control Ontology
Webcast Archived Links
Day 1
Part 1: https://collaboration.fda.gov/pnpq29drgcss/
Part 2: https://collaboration.fda.gov/p0epitgrbu73/
Part 3: https://collaboration.fda.gov/p8b8jelpyj0d/
Day 2
Part 1: https://collaboration.fda.gov/pfkc5ol7lzno/
Part 2: https://collaboration.fda.gov/p9ox49hoewem/
Part 3: https://collaboration.fda.gov/p69je8amth7a/
Part 4: https://collaboration.fda.gov/p79jdyidctcj/
Transcripts
Contact Us
If you require special accommodations due to a disability, or need additional information regarding registration, please contact Susan Monahan, Office of Communications, Education, and Radiation Programs, Center for Devices and Radiological Health, Food and Drug Administration, 10903 New Hampshire Avenue, Bldg. 32, Silver Spring, MD 20993, 301-796-5661, susan.monahan@fda.hhs.gov.
For questions regarding workshop content please contact:
Aftin Ross
Center for Devices and Radiological Health
Office of the Center Director
Emergency Preparedness/Operations & Medical Countermeasures
White Oak 66, Room 5402 | 10903 New Hampshire Avenue | Silver Spring, MD 20993
Office: 301-796-5679 Cell: (202) 870-0517
aftin.ross@fda.hhs.gov