May 23, 2016 – MEDSec Conference, San Jose, CA – Diabetes Technology Society today announced the first official public release of DTSec, a cyber security standard whose goal is to raise confidence in the security of network-connected medical devices through independent expert security evaluation.
This standard initially targets networked life-critical devices such as insulin pump controllers but inherently could be used in any medical product or component contributing to the protection of high value assets. This standard will provide the foundation for effective cybersecurity standards across other connected devices and the broader “Internet of Things (IoT)”.
DTSec leverages ISO/IEC 15408 to provide a framework for risk-based, multi-stakeholder definition of security requirements in the form of DTSec-published Protection Profiles (PPs) and product-specific Security Targets (STs), derived from the PP. DTSec-approved labs evaluate the products to ensure they meet the ST’s security requirements. Successfully evaluated products are then publicly listed for the world to see.
According to Dr. David Klonoff, Medical Director of the Diabetes Research Institute at Mills-Peninsula Health Services (Sutter Health) and chair of the DTSec steering committee, “DTSec is an important step in the fight to not only protect patients from hacking threats but also to provide consumers and regulators with the confidence needed to leverage the vast potential of the Internet of Medical Things in improving quality of life.”
“We can’t hope to raise the cybersecurity bar if we don’t know how to measure its height,” said David Kleidermacher, BlackBerry Ltd. Chief Security Officer and one of the standard’s lead authors. “The DTSec development process, standard, and protection profiles provide a blueprint for efficient, measurable security to be established for connected electronic products and systems in any industry.”
“We at Ascensia Diabetes Care are committed to bringing connected diabetes management products to the market that improve the lives of people with diabetes,” said Jeff Reynolds, Technical Program Director, Product Engineering, Ascensia Diabetes Care. “As a trusted partner in the diabetes community, we view our participation in DTSec as an excellent way to improve our security awareness and we plan to submit our next generation product for evaluation.”
“Agamatrix is proud to take a leadership position in security for medical devices,” said Wayne Menzie, Director of Commercial and Clinical Development, Agamatrix. “Agamatrix is beginning the process of evaluating our recently FDA cleared Jazz Wireless 2 blood glucose meter under DTSec.”
DTSec approved evaluation labs include Brightsight, the world’s largest independent security evaluator for high-criticality electronic products, such as financial transaction and industrial control systems, and Booz Allen Hamilton, which provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe.
“Trustworthiness of medical devices comes with the assurance that the security requirements are clear and the security measures are adequate and correctly implemented, and that security vulnerabilities are removed from approved devices”, said Dirk-Jan Out, CEO of Brightsight. “DTSec offers a sound platform for independent security assessments of critical devices by approved security labs in a practical, transparent and cost-efficient manner.”
According to Andy Castonguay, Principal Analyst at Machina Research, “DTSec pulls together an impressive set of constituents with a core focus on protecting a broad set of devices crucial to monitoring and treating diabetes with a comprehensive evaluation framework.”
Availability
The Standard for Wireless Diabetes Device Security (version 1.0) and the Protection Profile for Connected Diabetes Devices (version 1.0) are available for download online at https://www.diabetestechnology.org/dtsec.shtml
About the Diabetes Technology Society
Diabetes Technology Society (DTS) is a nonprofit organization committed to promoting development and use of technology in the fight against diabetes. The DTS mission is to spearhead collaborative efforts by experts in academia, clinical practice, industry, and government to accelerate development of practical technology for treating, monitoring, diagnosing, and preventing diabetes mellitus and its complications.
For more information visit https://www.diabetestechnology.org