Cybersecurity Seminar Series

UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering

Takes place monthly, on the third Thursday of each month from 9-10 am Pacific time



This joint FDA and UCSF-Stanford Center of Excellence in Regulatory Science and Innovation (CERSI) speaker series consists of one-hour virtual lectures on cybersecurity topics with application to medical device security and biomedical engineering. The key goal is to introduce key concepts of cybersecurity science and engineering via distinguished academic speakers to the biomedical engineering and manufacturing communities. Topics covered include human factors for cybersecurity, trustworthy medical device software, security engineering for machine learning, cybersecurity of computer vision, threat modeling, software bills of materials, software safety, cybersecurity regulations, and the science of cybersecurity. This speaker series is an educational opportunity, not intended to discuss FDA policy.



Date Talk Title Speaker

Innocence and Experience: Regulatory Tales

The history of attempts to regulate technology is long and varied. This talk will review examples from a range of technical areas, some successful, some less so, and will draw a few lessons from them. Topic areas will include building construction, automobiles, airplanes, cybersecurity, and perhaps others. Discussion will be encouraged.

PDF iconIntroductory Slides

PDF iconPresentation Slides with Notes

Video Recording

Carl Landwehr, PhD
University of Michigan



Laws for Cybersecurity?

Cyber-security today is focused largely on defending against known attacks. We learn about the latest attack and find a patch to defend against it. Our defenses thus improve only after they have been successfully penetrated. This is a recipe to ensure some attackers succeed---not a recipe for achieving system trustworthiness. We must move beyond reacting to yesterday's attacks and instead start building systems whose trustworthiness derives from first principles--laws that relate attacks, defense mechanisms, and security properties. This talk will explore examples of such laws, suggest avenues for future exploration, and discuss risks implicit in using such a deductive framework.

Register Now!

Fred B. Schneider, PhD
Cornell University



Security and Privacy for Humans

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, 20+ years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the research from my lab that evaluates security and privacy for humans and proposes some new solutions.

Lorrie Faith Cranor, DSc
Carnegie Mellon University


What Biomedical Engineering Can Learn from Research and Academic Programs in Embedded Cybersecurity

Biomedical engineering students learn how to ensure the safety and effectiveness of medical products ranging from medical devices to pharmaceutical products. Today, that advanced degree skill set must include embedded cybersecurity because of endemic cyber threats to technology inside medical products. A lot can be learned from advances in Internet of Things (IoT) security education and research. The mission of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University is to provide the defense and intelligence community with the knowledge, methodology, solutions, and highly skilled cybersecurity professionals to mitigate penetration and manipulation of our nation’s cyber-physical infrastructure. The Internet of Things (IoT) permeates all areas of life and work, with unprecedented economic effects. The IoT is a network of dedicated physical objects (things) whose embedded system technology senses or interacts with its internal state or external environment. Embedded systems perform dedicated functions within larger mechanical or electrical systems. Critical infrastructures in transportation, smart grid, manufacturing, and health care, etc. are highly dependent on embedded systems for distributed control, tracking, and data collection. While it is paramount to protect these systems from hacking, intrusion, and physical tampering, current solutions rely on a patchwork of legacy systems, and this is unsustainable as a long-term solution. Transformative solutions are required to protect these systems. In this talk, we will present our current research that addresses security vulnerabilities in IoT ecosystems to provide secure, resilient, and robust operation.

Kevin T. Kornegay, PhD
Morgan State University

TBD Security Engineering of Machine Learning

Ross J. Anderson, PhD

Edinburgh University; University of Cambridge


Kevin Fu, PhD
Acting Director of Medical Device Cybersecurity and Program Director for Cybersecurity
Digital Health Center of Excellence
Center for Devices and Radiological Health
U.S. Food and Drug Administration



This seminar series does not represent official FDA policy or guidance. The contents are those of the speaker(s) and do not necessarily represent the official views of, nor an endorsement by, FDA/HHS or the U.S. Government.



Please email [email protected] or [email protected] with any questions.