W ashington A rea T rustworthy C omputing H our

1. 14th WATCH: Medical Device Cybersecurity: The First 164 Years Kevin Fu University of Massachusetts Amherst. THURSDAY November 15th, Noon, Room 110 WashingtonAreaTrustworthyComputingHour Abstract The U.S. Institute of Medicine commissioned my 2011 report on the role of trustworthy software in the context of the "510(k)" U.S. medical device regulations. This talk will provide a glimpse into the risks, benefits, and regulatory issues for medical device cybersecurity and innovation of trustworthy medical device software. Today, it would be difficult to find medical device technology that does not critically depend on computer software. The technology enables patients to lead more normal and healthy lives. However, medical devices that rely on software (e.g., drug infusion pumps, linear accelerators) continue to injure or kill patients in preventable ways---despite the lessons learned from the tragic radiation incidents of the Therac-25 era. The lack of trustworthy medical device software leads to shortfalls in properties such as safety, effectiveness, dependability, reliability, usability, security, and privacy. Come learn a bit about the science, technology, and policy that shapes medical device software. Speaker Prof. Kevin Fu investigates research problems in computer system security, ultra-low power computing, and medical device safety. His most recent research explores problems transcending engineering, science, medicine, and public policy that impact the trustworthiness of medical device software. Kevin also manufactures a batteryless, programmable, RFID-scale sensor/actuator platform called the UMass Moo. Past research contributions include the security analysis of cardiac implants, RFID credit cards, web authentication, and secure file systems. His research appears in venues ranging from peer-reviewed computer science conferences and medical journals to critical articles in the NYT, WSJ, and NPR. Kevin received his PhD in Electrical Engineering and Computer Science from the MIT Parallel and Distributed Operating Systems group where his research pertained to secure storage and web authentication. Kevin joins the University of Michigan as Associate Professor of Computer Science and Engineering in January 2013. He is currently Associate Professor of Computer Science at University of Mass Amherst. Kevin served as a visiting scientist at the Food & Drug Administration, the Beth Israel Deaconess Medical Center of Harvard Medical School, and MIT CSAIL. Previous employers include Bellcore, Cisco, HP Labs, Microsoft Research, and Holland Community Hospital. He is a member of the federal NIST Information Security and Privacy Advisory Board. Kevin received a Sloan Research Fellowship, NSF CAREER award, and several best paper awards from his computing research community. He was named MIT Technology Review TR35 Innovator of the Year. Kevin also holds a certificate of achievement in artisanal bread making from the French Culinary Institute. About the WATCH series: Transforming today’s trusted but untrustworthy cyberinfrastructure into one that can meet society’s growing demands requires both technical advances and improved understanding of how people and organizations of many backgrounds perceive, decide to adopt, and actually use technology. WATCH aims to provide thought-provoking talks by innovative thinkers with ideas that illuminate these challenges and provide signposts toward solutions. The series is jointly organized by NSF’s Computer Science and Engineering (CISE) and Social, Behavioral, and Economic (SBE) Directorates and the Office of Cyberinfrastructure (OCI), and sponsored by the CISE Secure and Trustworthy Cyberspace (SaTC) Program. Talks will be recorded and made available over the Internet. Thursday, November 15, 2012 NSF Stafford I Room 110, Noon Public Invited Questions/comments about WATCH? Contact Keith Marzullo kmarzull@nsf.gov