Medical Device Cyber Security: The First 164 Years Kevin Fu , University of Michigan Thursday, October 10- 4:30pm Friend Center 006 The U.S. Institute of Medicine commissioned my 2011 report on the role of trustworthy software in the context of the "510(k)" U.S. medical device regulations. More recently, the U.S. Food and Drug Administration has released draft guidance on cybersecurity for medical device manufacturing. This talk will provide a glimpse into the risks, benefits, and regulatory issues for medical device cybersecurity and innovation of trustworthy medical device software. Today, it would be difficult to find medical device technology that does not critically depend on computer software. The technology enables patients to lead more normal and healthy lives. However, medical devices that rely on software (e.g., drug infusion pumps, linear accelerators) continue to injure or kill patients in preventable ways---despite the lessons learned from the tragic radiation incidents of the Therac-25 era. The lack of trustworthy medical device software leads to shortfalls in properties such as safety, effectiveness, dependability, reliability, usability, security, and privacy. Come learn a bit about the science, technology, and policy that shapes medical device software. Kevin Fu is an Associate Professor of Electrical Engineering and Computer Science at the University of Michigan where he directs the Archimedes Center for Medical Device Security and the SPQR group. His research investigates how to achieve trustworthy computing on embedded devices with application to health care, commerce, and communication. His most recent contributions appear in computer science and medical conferences and journals such as USENIX Security and IEEE Security and Privacy. Kevin received his PhD in EECS from the MIT. Fu received a Sloan Research Fellowship, NSF CAREER award, Fed100 Award, and best paper awards from various academic silos of computing. The research is featured in critical articles by the NYT, WSJ, and NPR. Kevin was named MIT Technology Review TR35 Innovator of the Year for work on medical device security. Kevin has testified in Congress on health matters and has written commissioned work for the Institute of Medicine of the National Academies. He served as a visiting scientist at the Food & Drug Administration, the Beth Israel Deaconess Medical Center of Harvard Medical School, Microsoft Research, and MIT CSAIL. Previous employers include Bellcore, Cisco Systems, HP Labs, and Holland Community Hospital. He is a member of the ACM Committee on Computers and Public Policy and the NIST Information Security and Privacy Advisory Board. Kevin also holds a certificate of achievement in artisanal bread making from the French Culinary Institute.