“The Food and Drug Administration (FDA), as part of a collaborative effort with industry, is developing and will soon release a playbook of best practices for threat modeling to bolster cybersecurity postures across industry and government…”
“Threat modeling is a structured process that works to identify potential security threats and vulnerabilities, quantify the seriousness of each and prioritize techniques to mitigate attack and protect IT resources. This type of modeling enables FDA to move toward verifiable security control…”
“Over the past year, FDA has engaged with the Medical Device Innovation Consortium (MDIC) and industry to conduct threat modeling bootcamps to drive adoption of threat modeling throughout the medical device ecosystem. The team is currently developing a playbook based on its lessons learned to increase the outreach and adoption of threat modeling best practices for medical devices.”
“’Threat modeling has become a recognized cybersecurity best practice,’ Jessica Wilkerson, Cyber Policy Advisor at FDA, said during the agency’s Webinar for Medical Device Cybersecurity Threat Modeling. ‘Many organizations in both private and public sectors recommend threat modeling to help manage and respond to cyber security risks… but it’s very complex and requires an incredibly involved and an incredibly specialized set of knowledge and expertise to really effectively apply.'”
“The playbook is divided into four parts, focusing on different threat modeling techniques as well as the challenges organizations face in applying these techniques:
- Understand the medical device and how it operates
- Understand where an organization’s weaknesses and vulnerabilities lie
- Understand how to manage threats by eliminating, mitigating, accepting or transferring risk
- Understand that threat modeling is a continuous process…” Read the full article here.
Source: FDA is Working on a Threat Modeling Playbook – By Sarah Sybert, October 28, 2021. GovernmentCIO.
