Safety and Security Co-Design with Application to Medical Device Industry

Engineering is experiencing rapid changes in response to new needs, from embedding "intelligence on board" for communication, control and decisions, up to large-scale architecture such as systems of systems and Internet of Things. These systems rely on high degree of autonomy together with complex functional dependencies, and are exposed to endogenous and exogenous risks which cannot be understood and mitigated as a sum of their parts. Among these risks, those related to security are becoming a serious concern for safety and operability. The healthcare sector recognizes the importance of integrating security and safety in the life cycle of a medical device. This is reflected in the MDR 2017/745 medical device regulations, which require manufacturers to address security in the life cycle of medical devices that incorporate software, or software that are medical devices in themselves. This paper discusses principles of safety and security for medical devices according to the state of the practice, and exemplifies their pros and cons with the intent of converging in a new state-of-the-art. This eventually becomes the "game changer" in favor of co-design. Design challenges and expected benefits are discussed based on security and risk management expertise from information technology and operational technology.

Keywords: Safety, Security, Co-engineering, Risk management.