The U.S. Department of Veteran Affairs (VA) and global safety science organization Underwriters Laboratories (UL) have signed a Cooperative Research and Development Agreement Program (CRADA) for medical device cybersecurity standards and certification approaches.
The CRADA mechanism was established as part of the Federal Technology Transfer Act of 1986 to encourage the creation of teams to solve technological and industrial problems for the greater benefit of the country.
This CRADA project will support the improvement of veteran’s patient safety and security through the use and verification of UL’s Cybersecurity Assurance Program (CAP).
Working with UL, the VA’s Office of Information & Technology will refine existing and emerging standards and practices related to network connectable medical devices, medical device data systems, and related health information technology.
Both parties expect the project to accelerate the sharing of medical device cybersecurity information, standards, and life cycle requirements toward creating a safety certification framework for veterans.
The VA and UL seek to address the existing gap in the marketplace for cybersecurity standards and practical certification approaches for connected medical devices.
Historically, the ability to patch and reconfigure devices, as well as long-service lifetimes, results in devices with old, vulnerable software and presents challenges in defending medical devices against cybersecurity attacks.
UL Principal Engineer for Medical Software & Systems Interoperability, Anura Fernando, said working with the VA, they will contribute to industry-wide situational awareness of medical device vulnerabilities and threats.
“We believe that this project will positively impact the direction that manufacturers take in improving the overall security posture of medical cyber assets,” Fernando said.
This CRADA project is expected to be completed in December of this year.