On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”(premarket cybersecurity guidance). This coincided with release of the FDA-supported incident preparedness and response playbook, the announcement of two new Information Sharing Analysis Organizations (ISAOs), and FDA’s recent news release discussing the agency’s enhanced cybersecurity partnership with the U.S. Department of Homeland Security (DHS) earlier this month. FDA’s recent flurry of activity focuses on providing additional clarity about when to interact with FDA, what information would be useful in submissions, and what level of documentation is expected. Cybersecurity clearly is a high priority issue for FDA and the agency is working hard to bring together stakeholders and provide the best information it can so that all entities that are involved in managing the multifaceted and evolving area of cybersecurity have the best and most current information to manage the risks of a cybersecurity intrusion.
The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about what if anything should be the US federal response to such IoT-driven cyberattacks. Against that backdrop, in November 2016 two US federal agencies have issued guidance on securing IoT.
The Cybersecurity Information Sharing Act of 2015 provides limited liability protection and information disclosure protections for private-to-private and private-to-government cybersecurity information sharing. On February 16, 2016, two key U.S. agencies released a set of documents describing how CISA’s provisions are expected to work in practice.
Recent developments in the United States suggest that cybersecurity of the maritime sector will come under increasing focus in 2016. On December 16, 2015, H.R. 3878, “Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015,” passed the House of Representatives. The Bill’s language echoes and expands upon recommendations made by the General Accountability Audit in its June 5, 2014 study Maritime Port Cybersecurity. It also reflects congressional focus on enabling cybersecurity information sharing as seen in the recent passage of the Cybersecurity Information Sharing Act.
The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration, Department of Health and Human Services, and the Department of Homeland Security. The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices.
Development of the new Cybersecurity Framework is now in full swing. President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity (which we previously covered) calls on NIST to lead the development of a Cybersecurity Framework that will provide “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address […]
A report on the address by DHS Secretary Napolitano at the Madrid global privacy conference.
The Department of Homeland Security (DHS) has released new directives regarding government searches of electronic and digital devices at the U.S. border, including computers, disks, drives, tapes, mobile phones, cameras, and music and other media players. The directives consist of guidelines for the U.S. Immigration and Customs Enforcement (ICE), dated August 18, and for the U.S. […]