You are here

Home

Medical Device Cybersecurity Tools or Compensating Controls

Agency:
Department of Commerce
Branch:
National Institute of Standards and Technology
Program | Phase | Year:
SBIR | Phase I | 2017
Solicitation:
2017-NIST-SBIR-01
Topic Number:
9.04.08.77

NOTE: The Solicitations and topics listed on this site are copies from the various SBIR agency solicitations and are not necessarily the latest and most up-to-date. For this reason, you should use the agency link listed below which will take you directly to the appropriate agency server where you can read the official version of this solicitation and download the appropriate forms and rules.

The official link for this solicitation is: https://www.grants.gov/web/grants/view-opportunity.html?oppId=291164


Release Date:

January 10, 2017

Open Date:

January 10, 2017

Application Due Date:

March 30, 2017

Close Date:

March 30, 2017

Description:

Medical devices, such as infusion pumps, are a critical component of our national healthcare delivery system. There are millions of digitally connected medical devices in our hospitals, nursing homes, outpatient clinics, other commercial points of care and, increasingly, in the home. These devices are connected to people and to critical networks in these environments, and vulnerabilities in their programming provide entry points for cyber attacks with significant consequences [1].

There will be billions of exposures between patients and connected medical devices over the next 10 years. It is imperative that the technology, security, medical and public health experts collaborate to better design, implement and operate medical devices that compose critical cyber physical human systems.

NIST is working on cybersecurity guidance for wireless infusion pumps [2]. NIST is interested in funding innovative technologies to better secure medical devices, device associated networks to deliver safer clinical work flow and environments. These technologies should have near term commercial potential and promise of adoption by healthcare delivery systems. These technologies would deliver increased awareness of device fitness, function and security threat in the promotion of safer healthcare delivery environments.

Phase I expected results:
Design of the hardware and/or software for a medical device or compensating control for medical device that demonstrates the desired security properties/features while not having a negative impact on the functionality or safety of the device. Some examples of these security properties/feature are malware protection, device monitoring, asset inventory, risk assessment, encryption, patching and updating, device tracking, etc. Description of the threats that the design will counter. Example scenarios of specific attacks that will be thwarted by the device.

Phase II expected results: Provide a prototype that demonstrates the design and attack scenarios from Phase I. Along with the prototype, provide a discussion of the security properties/features it addresses and how this fits within the healthcare ecosystem. Taking into consideration the cyber-safety concerns of medical devices as well as the usability challenges presented within the healthcare environment.

US Flag An Official Website of the United States Government