6美国演讲.pdf

1、What Could Go Wrong?Threat Modeling Considerations in Medical and IoT Devices2025/01/11Trevor Slattery Blue Goat CyberBlue Goat CyberWe Provide Full-Service Medical Device Submissions&Postmarket ManagementIntroductionTrevor Slattery joined Blue Goat Cyber in 2022 and serves as the Director of Medica

2、l Device Cybersecurity.A former penetration tester and security researcher,Trevor specializes in medical device security and has identified dozens of 0-day vulnerabilities in critical healthcare technologies.He holds a background in application security and regulatory affairs,bringing a unique blend

3、 of technical expertise and strategic insight to safeguard patient safety and ensure regulatory compliance.Medical Device ExpertiseInfusion PumpsBlood Glucose Monitors&Insulin PumpsWearable ECGs&Remote Patient MonitorsPacemakers and DefibrillatorsVentilators&Critical Care MachinesNetworked Surgical

4、Robots&Deep Brain StimulatorsWhy is Threat Modeling Important for Medical Devices?Major Impact:53%of medical devices in 2022 had a known critical vulnerabilityConstant Attacks:89%of facilities dedications to healthcare experience around one cybersecurity attack per weekExamples of Medical Device Vul

5、nerabilitiesMedtronic Insulin Pump Recall Vulnerabilities allowed attackers to alter insulin delivery remotely,posing life-threatening risksSt.Jode Pacemakers Flaws allowed hackers to interfere with functionality such as battery depletion or pacing modificationWannaCry Ransomware Attack affected MRI

6、 machines and other medical equipment,demonstrating the severe impact of ransomware on connected devicesWhy is Threat Modeling Important?Threat modeling explores hypotheticals for devices and helps build out plans for building security into a deviceThreat modeling early and often contribute to secur