Secure development lifecycles are essential for medical software
Security has long been a major subject in software engineering, and it has become essential on any medical software development.
According to a new report from cybersecurity firm Sophos, two thirds of healthcare organisations have been hit by ransomware attacks last year, up from a third in 2020. This two-fold increase indicates hackers and malicious agents are becoming considerably more capable and determined.
Unsurprisingly, this is the inevitable consequence of connectivity requirements, which are becoming standard for medical devices. But it doesn’t need to be this way.
Medical devices are becoming connected to other devices, the Internet, or hospital networks to serve functions that improve quality of care and enhance treatment options. Any company developing medical grade connected solutions today must make security an integral part of their software development lifecycle, or face the consequences.
Both European notified bodies and the FDA have put security under increased scrutiny, and it is unlikely that an insecure device will make it to market. Furthermore, security breaches after medical devices are deployed quickly become a minefield for liability and can be the cause of considerable losses.
1.Secure software concepts
To start the journey of secure software development, it is necessary that your development team understands a few core concepts:
- Confidentiality is the concept of preventing the disclosure of information to unauthorised parties
- Integrity refers to protecting the data from unauthorised alteration
- Availability is concerned with two issues: ensuring systems are available for authorised users when they require those systems and denying access to unauthorised users at all other times
- Authentication is the process of determining the identity of a user
- Authorisation is the process of applying access control rules to a user process and determining if a particular user process can access an object
- Accountability is the recording of actions and the users performing them
- Nonrepudiation is the concept of preventing a subject from denying a previous action with an object in the system
2.Secure design concepts
Secure design does not happen by accident. It arises from a deliberate architecture and action plans that are based on secure design principles:
- Good enough security. Security is never absolute, and it sets the stage for all the security aspects. It should be commensurate to the risk level. For example, a software designer should not use national security grade encryption to secure publicly available information.
- Least privilege means that a subject should have only the necessary rights and privileges to perform its current task with no additional rights or privileges
- Separation of duties ensures for any give task more than one individual needs to be involved. No single individual can abuse the system.
- Defence in depth is also known as layered security or diverse defence. If one defence is good, multiple overlapping defences are better.
- Fail-Safe states that when a system fails it should fail to a safe secure state
- Economy of mechanism refers to the principle of keeping things simple. The keep it simple principle tells us to eliminate those elements that we don’t need.
- Complete mediation states that when a subject’s authorisation is verified with respect to an object and an action, this verification occurs every time the subject requests access to an object
- Open design states that the security of a mechanism should not depend on the secrecy of its design or implementation
- Least common mechanism states that mechanisms used to access resources should not be shared
- Psychological acceptability states that security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present.
- Weakest link A system can only be considered as strong as its weakest link. Adversaries do not seek out the strongest defence to attempt a breach.
- Leverage existing components As components are reduced, fewer new components are introduced; hence the opportunity for additional vulnerabilities is reduced.
- Single point of failure is any aspect of a system that if it fails then it means the entire system fails
3.The secure software development lifecycle
The term secure development lifecycle (SDLC) comes from adding security activities to a software development lifecycle to reduce the number of security anomalies in the software being produced, as illustrated below.
A complete SDLC solution ensures systems are secure by design, secure by default and secure in their deployment.
It is essential to be able to demonstrate full implementation of the appropriate level of security throughout your development process.
At Sagentia Innovation, building secure and innovative medical solutions is in our DNA. With over three decades worth of experience, we can help you create the next game changing solution, with appropriate security at its core.