.png?width=3000&height=1600&name=CERSI3%20Archimedes%20CYBERSECURITY%20SEMINAR%20SERIES%20(3000%20x%201600%20px).png)
Cybersecurity Seminar Series
UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering
Overview
This joint FDA and UCSF-Stanford Center of Excellence in Regulatory Science and Innovation (CERSI) speaker series consists of one-hour virtual lectures on cybersecurity topics with application to medical device security and biomedical engineering. The key goal is to introduce key concepts of cybersecurity science and engineering via distinguished academic speakers to the biomedical engineering and manufacturing communities. Topics covered include human factors for cybersecurity, trustworthy medical device software, security engineering for machine learning, cybersecurity of computer vision, threat modeling, software bills of materials, software safety, cybersecurity regulations, and the science of cybersecurity. This speaker series is an educational opportunity, not intended to discuss FDA policy.
Moderator
Dr. Kevin Fu, Professor of Electrical & Computer Engineering, Northeastern University
Director, Archimedes Center for Healthcare and Device Security
Panelist
Matt Hazelett, Chief Operating Officer and Chief Quality Officer at MedSec
Soundharya Nagasubramanian, VP, Connectivity & Data Management at Vapotherm
Chris Reed, Sr. Director of Cybersecurity Policy | Global Regulatory Affairs at Medtronic
Axel Wirth, Chief Security Strategist at Medcrypt
Abstract
Software Bills of Materials (SBOMs) have emerged as a critical tool for understanding and managing cybersecurity risks in connected medical devices. Despite regulatory emphasis by the FDA and mandatory industry adoption, significant challenges remain in creating, maintaining, and effectively using SBOMs throughout the lifecycle of a medical device. We will explore the SBOM ecosystem in healthcare, from premarket creation to postmarket monitoring, examining the perspectives from both manufacturers and the healthcare delivery organizations.
The panel will discuss key challenges in SBOM such as component/vulnerability matching inconsistencies, the limitations of various SBOM analogies, and the resource constraints facing healthcare providers and device manufacturers attempting to leverage SBOMs at scale. Drawing from real-word examples and industry experience, we will discuss how different stakeholders can develop sustainable and efficient SBOM workflows that enhance patient safety. This session will provide practical insights for manufacturers, healthcare delivery organizations, regulators, and other players seeking not only SBOM compliance, but meaningful security improvements through SBOM implementation.
Topics covered will include: SBOM creation methodologies and their accuracy limitations; pre and post-market use cases with differing resource requirements; complexities of vulnerability data management; networked device inventory challenges faced by healthcare organizations; and strategies for effective vulnerability communication across key stakeholders.
Disclaimer
This seminar series does not represent official FDA policy or guidance. The contents are those of the speaker(s) and do not necessarily represent the official views of, nor an endorsement by, FDA/HHS or the U.S. Government.
Contact
Please email Archimedes Center (archimedes@northeastern.edu) and info@ucsfstanfordcersi.org with any questions.