Of SBOMs and Threat Models: An Expert’s View of New FDA Cybersecurity Guidance

article image

Kevin Fu, formerly the first FDA medtech cybersecurity czar, shares his perspective on what the recent FDA cyber guidance means for industry and how cyber preparedness has become an essential element of agency submissions.

Cybersecurity in medical devices has gone from being a regulatory backwater that was largely ignored by product companies just a decade ago to an area that is now top of mind for the medtech industry, regulators, and legislators. During the last few years, we have seen FDA appoint its first acting director of device cybersecurity, Kevin Fu, who is interviewed here, and recently the agency issued a new cybersecurity guidance document. In addition, on Capitol Hill, Congress passed and President Biden signed into law an omnibus bill (the 2023 Omnibus Appropriations Act) that includes several medtech cyber provisions, a number of which industry had long sought.

To guide our readers through this recent and ongoing government-wide focus on cybersecurity, we once again call on Kevin Fu, who has previously joined us for a series of conversations helping to explain this complex and rapidly evolving area. Fu is a pioneer in the medtech cybersecurity space—he launched the Archimedes Center at his lab at the University of Michigan to study this area and work with industry and healthcare institutions to more effectively understand and defend against this growing threat. He then moved on to become the first medtech cyber czar at the FDA, leaving recently to return to academia, transferring his lab, including the Archimedes Center, to Northeastern University in Boston.


This article is restricted to subscribers only.

Sign in to continue reading.


We're here to help! Please contact us at: