Diabetes Technology Society

Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard

Background People DTMoSt Guidance DTSec Standard Protection Profile Extended Package: Enhanced Basic Extended Package: Moderate DTSec Website

Diabetes Technology Society (DTS) is pleased to announce that the steering committee members of the Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard (DTMoSt) project have developed the DTMoSt Guidance for Use of Mobile Devices in Diabetes Control Contexts.

PRESS RELEASEDownload PDF

New Standard Provides Security Guidance for Consumer Mobile Phones Controlling Diabetes Devices

May 22, 2018 – Burlingame, CA – Diabetes Technology Society (DTS) today announced the first official public release of DTMoSt, a consensus cybersecurity standard whose goal is to provide assurance that consumer mobile phones can safely control diabetes devices.

Today, dozens of companies have developed mobile apps to help people monitor their diabetes. Soon, smartphones will also enable patients and healthcare professionals to directly manage care, including the use of apps as remote controls for insulin delivery. DTMoSt aims to ensure that sufficient security measures are taken to protect the integrity of these control solutions and the safety of patients with diabetes.

The DTMoSt Guidance builds upon the DTS Cybersecurity Standard for Connected Diabetes Devices (DTSec), which is the first consensus cybersecurity standard for connected diabetes devices with US government input. DTMoSt will be the first standard with both performance requirements and assurance requirements for manufacturers of connected medical devices controlled by a mobile platform. DTMoSt identifies threats, such as malicious remote and app-based attacks and resource starvation, to the safe operation of mobile device-enabled solutions and offers guidance to developers, regulators, and other stakeholders to help manage these risks.

Today, the public lacks visibility into and assurance for the security properties of connected devices,” said David Kleidermacher, Vice President - head of security for Android, Chrome OS, and Play at Google, and the standard’s Steering Committee technical chair. “DTMoST enables the application of a kind of security nutrition label, based on independent expert security evaluation, that is keenly needed to fill this gap, especially in critical solutions such as mobile-controlled medical care.”

“CyberSafety by-Design is integral to our Omnipod connected digital diabetes innovations at Insulet,” said Dr. Aiman Malek, Executive Vice President and Chief Technology Officer at Insulet. “The DTMoSt Guidance provides the cybersecurity blueprint to help address the diabetes community’s request to build mobile applications that provide safe control of their pumps.”

Anura Fernando, Principal Engineer – Medical Systems at UL, said “UL is glad to be a part of this effort focused on bringing more attention to the security issues that are driven by specific clinical use cases in diabetes management.”

The standard was open to public comment for 45 days, from February 7, 2018 through March 24, 2018.

AVAILABILITY

DTMoSt, The Diabetes Technology Society Guidance for Mobile Platforms Controlling a Diabetes Device Security and Safety Standard is available at https://www.diabetestechnology.org/dtmost.shtml

DTSec, The Diabetes Technology Society Cybersecurity Standard for Connected Diabetes Devices and the Diabetes Technology Society Protection Profile for Connected Diabetes Devices are available at https://www.diabetestechnology.org/dtsec.shtml

We are soliciting public comment about the Guidance document (which relates to the DTSec Standard and DTSec Protection Profile) and the two new extended packages, defining IT security requirements, called Enhanced Basic and Moderate, which together replace what was previously a single assurance package within DTSec. The red boxes above link to the new documents that are being published for review. The blue boxes link to previously published and finalized DTSec documents.

The public comment period will be 45 days from February 7, 2018 through March 24, 2018. We will answer all comments. Please fill in the boxes on this DTMoSt website to submit comments.

Please complete all fields below.

First Name:
Last Name:
Affiliation:
Phone:
Email:

Your phone number and email address will not be shared with anyone

Comment 1

Document:
Section:
Page:
Lines:
Comment:
Proposed change by the Commenter:

Type of Response Requested:

I want my comment and committee’s response to my comment to be public on the DTMoSt website

I want my comment and committee’s response to my comment to remain private to me only

All fields are required. If you are not redirected to the thank you page after clicking Submit Feedback, then please make sure that you have filled out all fields and entered a valid email address.

Press Release

DTMoSt is Posted for Public Comment

For more information visit https://www.diabetestechnology.org

Sean Yuan
Cybersecurity Administrator
Diabetes Technology Society
845 Malcolm Road, Suite 5
Burlingame, California 94010
650-692-7100
yuan@diabetestechnology.org

Certified Devices

Device	Certification
CONTOUR©NEXT ONE (Manufacturer: Ascensia Diabetes Care)
CONTOUR©PLUS ONE (Manufacturer: Ascensia Diabetes Care)

Approved Testing Labs

	Booz Allen Hamilton Cyber Assurance Testing Lab (CATL) Primary Contact: Eric Winterton Email: catl@bah.com
	BrightSight Primary Contact: Ernst Bovelander Email: bovelander@brightsight.com
	TÜV Rheinland — North America Primary Contact: Uwe Meyer Email: umeyer@us.tuv.com
	Underwriters Laboratories (UL) Primary Contact Name: Anura S. Fernando E-mail: Anura.S.Fernando@ul.com

For inquiries regarding how to become an approved DTSec lab, please contact info@diabetestechnology.org.

Public Comment about DTMoSt is solicited

Diabetes Technology Society (DTS) is developing its second cybersecurity standard, called the Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard (DTMoSt). This document is a guidance that expands upon the principles of the DTS Cybersecurity Standard for Connected Diabetes Devices (DTSec), DTS’ first cybersecurity standard. DTMoSt applies these principles to the use of mobile phones to control actions by wearable or implantable diabetes devices. DTMoSt aims to provide assurance that off-the-shelf consumer mobile phones can safely control diabetes devices. This guidance is for industry, clinicians, patients, payers, and regulators.

The DTMoSt Steering Committee includes representatives from: 1) the US government, including FDA, DHS, FBI, NIH, NASA, and DoD; 2) the Australian government; 3) professional organizations, including ADA, The Endocrine Society, and AADE; 4) Standards Development Organizations, including IEEE and UL; 5) industry, including mobile phone manufacturers, hardware and software manufacturers, medical device manufacturers, and medical device testing labs 6) academicians from medicine, diabetes education, information technology, engineering, mathematics, and law; and 7) patients.

We are soliciting public comment about the Guidance document (which relates to the DTSec Standard and DTSec Protection Profile) and the two new extended packages called Advanced Basic and Extended Moderate, which together replace what was preciously a single assurance package within DTSec. The public comment period will be 45 days from February 7, 2018 through March 24, 2018. We will answer all comments. Please fill in the boxes on this DTMoSt website to submit comments.

Thank you,

David Klonoff, Chair, DTMoSt Steering Committee
David Kerr, Chair, DTMoSt Steering Committee
Dave Kleidermacher, Technical Chair, DTMoSt Steering Committee
Barry Ginsberg, Assistant Chair, DTMoSt Steering Committee

DTMoSt Steering Committee Members

David Klonoff (Chair)
Medical Director, Diabetes Research Institute
Mills-Peninsula Medical Center
San Mateo, California

David Kerr (Chair)
Director of Research and Innovation
Sansum Diabetes Research Institute
Santa Barbara, California

Dave Kleidermacher (Technical Chair)
VP, Head of Security - Android, Google Play and Chrome OS
Google
Mountain View, California

Barry Ginsberg (Assistant Chair)
Consultant
Diabetes Technology Consultants
Arlington, Virginia

Aiman Abdel-Malek
Senior Vice President, Advanced Technology & Engineering
Insulet Corporation
Billerica, Massachusetts

David Armstrong
Professor of Clinical Surgery
USC
Los Angeles, California

Guillermo Arreaza-Rubin
Director Clinical Immunology and Diabetes Technology Program
NIDDK / NIH
Bethesda, Maryland

Joshua Balsam
Mechanical Engineer
FDA
Silver Spring, Maryland

Steve Barnaby
Device Connectivity Engineer III
Novo Nordisk
Seattle, Washington

Stayce Beck
Branch Chief, Diabetes Diagnostic Devices
FDA
Silver Spring, Maryland

Don Boyer
President
BOYER@RegulatorySolns
Ottawa, Canada

Carole C. Carey
EMBS Standards Committee Chair
IEEE
Piscataway, New Jersey

Elvis Chan
Supervisory Special Agent
FBI
San Francisco, California

Joe Chapman
Principal, Digital-Micro Hardware Engineer
The MITRE Corporation
Bedford, Massachusetts

Penny Chase
Senior Principal Scientist
The MITRE Corporation
Bedford, Massachusetts

Kong Chen
Dir, Human Energy & Body Weight Regulation Core
NIDDK / NIH
Bethesda, Maryland

Sammy Choi
Chief, Department of Research
Womack Army Medical Center
Fort Bragg, North Carolina

Mark Coderre
National Security Practice Director / CISO
OpenSky Corporation
Tolland, Connecticut

Barry Conrad
Lead Diabetes Educator
Stanford Children’s Health
Palo Alto, California

Keesha Crosby
Founder/CEO
Tri-Guard Risk Solutions
Fairfax, Virginia

Eyal Dassau
Senior Research Fellow in Biomedical Engineering
Harvard University
Cambridge, Massachusetts

Sheldon Durrant
Sr. Infosec Engineer/Scientist
The MITRE Corporation
Bedford, MA

Anura Fernando
Principal Engineer – Medical Systems Interoperability & Security
UL
Northbrook, Illinois

Joseph Fernando
Principal Architect
ARM
Bellevue, Washington

Justin Fisher
Lead Associate
Booz Allen Hamilton
Annapolis Junction, Maryland

Brian Fitzgerald
General Engineer
FDA
Silver Spring, Maryland

Mike Golden
Senior Director, Business Development
Samsung IoT | Healthcare
San Jose, California

Christian Howell
Cyber Investigator
Department of Homeland Security
Washington, DC

Christopher Keegan
Senior Managing Director
Beecher Carlson
New York, New York

Lisa Kerr
Director Biomaterials and Engineering Section
Laboratories Branch, Therapeutic Goods Administration
Woden, Australia

Mandeep Khera
Security Executive
Independent consultant
Fremont, California

Michael Kirwan
Co-Chair, IEEE 11073 PHD Working Group
Vice President, Continua
Arlington, Virginia

Boris Kovatchev
Professor, Psychiatry and Neurobehavioral Sciences
University of Virginia
Charlottesville, Virginia

Jeffrey LaBelle
Assistant Professor of Biological & Health Systems Engineering
Arizona State University
Tempe, Arizona

Benjamin Lee
Senior Director, Head of Data & Analytics
Flex
San Jose, California

Bryan Mazlish
Chief Technology Officer
Bigfoot Biomedical
Milpitas, California

Luis Malave
President
EOFlow
San Jose, California

Laurel Messer
Manager, Pediatric Artificial Pancreas Research
University of Colorado/ Barbara Davis Center
Aurora, Colorado

Uwe Meyer
Director – Medical Testing, Business Field Manager – Products
TÜV Rheinland
Cologne, Germany

Thomas Miller
Vice President
Novo Nordisk
Seattle, Washington

Irina Nayberg
Research Coordinator, Diabetes Research Institute
Mill-Peninsula Medical Center
San Mateo, California

John Oberlin
Pediatric Endocrinologist
USAF
San Antonio, Texas

Dale Nordenberg
Executive Director
MDISS
New York, New York

Anil Patel
Global Strategy Director
UL
San Jose, California

Yarmela Pavlovic
Partner
Hogan Lovells
San Francisco, California
yarmela.

Matt Petersen
Managing Director, Medical Information
American Diabetes Association
Arlington, Virginia

Patrick Phelan
Chief Information Security Officer
UCSF
San Francisco, California

Gil Porat
R&D Software Manager
Abbott Diabetes Care
Alameda, California

Azhar Rafiq
Director, Medical Informatics
NASA
Richmond, Virginia

Kelly Rawlings
Vice President, Healthy Living Content
American Diabetes Association
Arlington, Virginia

Jeffery Reynolds
Technical Program Director, Product Engineering
Ascensia Diabetes Care
Tarrytown, New York

J.P. Ribeiro
Senior Director, Advanced Technology
Insulet Corporation
La Jolla, California

Linda Ricci
Health Scientist
FDA
Silver Spring, Maryland

Naomi Schwartz
Electrical engineer
FDA
Silver Spring, Maryland

Shahid Shah
Citus Health
Chairman of the Board
Washington, DC

Jennifer Sherr
Associate Professor, Pediatrics (Endocrinology)
Yale University
New Haven, Connecticut

Christine Sublett
President & Principal Consultant
Sublett Consulting, LLC
San Mateo, California

Michael Taborn
Platform Architect
Intel Corporation
Phoenix, Arizona

Eugene Vasserman
Associate Professor and Keystone Research Scholar, Department of Computer Science
Kansas State University
Manhattan, Kansas

Alicia Warnock
Endocrinologist
Walter Reed NNMC,
Bethesda, Maryland

Tim West
Chief Risk Officer
Atredis Partners
St. Louis, Missouri

Eric Winterton
Principal
Booz Allen Hamilton
Annapolis Junction, Maryland

Michael Wiseman
Assistant Secretary
Laboratories Branch, Therapeutic Goods Administration
Symonston, Australia

Jonathan Woo
Chief Strategy Officer
EOFlow
San Jose, California

Margie Zuk
Senior Principal Cybersecurity Engineer
The MITRE Corporation
Bedford, Massachusetts

DTMoSt is Posted for Public Comment

Burlingame, California: February 7, 2018 – Diabetes Technology Society (DTS) is pleased to announce that the steering committee of the DTS Mobile Platform Controlling a Diabetes Device Security and Safety Standard (DTMoSt) project has developed the Guidance for Use of Mobile Devices in Diabetes Control Contexts.

We are seeking input on the Guidance document and the two extended packages defining IT security requirements. These documents are now available for public comment. We will be seeking input for 45 days through March 24, 2018. We will review and respond to each comment.

To view the documents and provide feedback, please visit:
https://www.diabetestechnology.org/dtmost.shtml

Objectives

Abstracts

Program

Startup Showcase

Travel

Objectives

Abstracts

Program