U.S. Department of Veteran Affairs and UL Sign CRADA for Medical Devices Cybersecurity Standards
CRADA Project Will Support Improvement of Veterans Patient Safety and Security through Use of UL Cybersecurity Assurance Program
NORTHBROOK, Ill., June 17, 2016 /PRNewswire/ -- The U.S. Department of Veteran Affairs (VA) and UL (Underwriters Laboratories), a global safety science organization, today announced a signed Cooperative Research and Development Agreement Program (CRADA) for medical devices cybersecurity standards and certification approaches. As part of the Federal Technology Transfer Act of 1986, the CRADA mechanism was established to encourage the creation of teams to solve technological and industrial problems for the greater benefit of the country.
This CRADA project will support improvement of Veterans patient safety and security through the use and verification of UL's Cybersecurity Assurance Program (CAP). Working with UL, the VA's Office of Information & Technology will refine existing and emerging standards and practices related to network connectable medical devices, medical device data systems and related health information technology. Both parties expect the project to accelerate the sharing of medical device cybersecurity information, standards and lifecycle requirements towards creating a safety certification framework for Veterans.
As medical devices are susceptible to cybersecurity attacks, creating both patient safety risks and disclosure risks for protected health information, the VA and UL will seek to address an existing gap in the marketplace for cybersecurity standards and practical certification approaches for connected medical devices. Historically, the ability to patch and reconfigure devices as well as very long service lifetimes results in devices with old, vulnerable software and present challenges in the defense against cybersecurity attacks of medical devices.
"Working together with the VA, we will contribute to industry-wide situational awareness of both medical device vulnerabilities and threats," said Anura Fernando, UL Principal Engineer for Medical Software & Systems Interoperability. "We believe that this project will positively impact the direction that manufacturers take in improving the overall security posture of medical cyber assets."
This agreement was reached soon after UL announced its new Cybersecurity Assurance Program (CAP) in April. CAP uses the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness.
The CAP program was established with input from major stakeholders representing government, academia and industry to help vendors identify security risks in their products and systems, and suggest methods for mitigating those risks in a wide range of applications, including industrial control systems, medical devices, automotive, HVAC, lighting, smart home, appliances, alarm systems, fire systems, building automation, smart meters, network equipment and consumer electronics.
The CAP specifically addresses the U.S. White House Cybersecurity National Action Plan (CNAP), designed to enhance cybersecurity capabilities within the U.S. government and across the country. UL's CAP services and software security efforts were recognized within the CNAP as a way to test and certify network-connectable devices used in the Internet of Things supply chain and ecosystems by critical infrastructures, such as energy, utilities and healthcare.
This CRADA project will be completed in December of this year.
For more information on the UL Cybersecurity Assurance Program, visit http://www.ul.com/cybersecurity. For product testing, evaluation or certification questions, email [email protected].
About UL
UL is a premier global independent safety science company that has championed progress for more than 120 years. Our nearly 11,000 professionals are guided by the UL mission to promote safe working and living environments for all people. UL uses research and standards to continually advance and meet ever-evolving safety needs. We partner with businesses, manufacturers, trade associations and international regulatory authorities to bring solutions to a more complex global supply chain. For more information about our certification, testing, inspection, training and education services, visit http://www.UL.com.
MEDIA CONTACTS:
Tara Kambeitz
Marketing Manager
UL LLC
O: (360) 269.6238
E: [email protected]
Related Links
- Tags:
- Anura Fernando
- certification approaches
- Cooperative Research and Development Agreement Program (CRADA)
- cybersecurity
- Cybersecurity Assurance Program (CAP)
- Cybersecurity National Action Plan (CNAP)
- Department of Veteran Affairs (VA)
- Federal Technology Transfer Act of 1986
- interoperability
- malware
- Marc Wine
- medical devices cybersecurity standards
- patient safety
- patient security
- security awareness
- Underwriters Laboratories (UL)
- White House
- Login to post comments