When it comes to cryptography, the FDA’s expectations are nuanced and center on demonstrating a “reasonable assurance of safety and effectiveness.” While not prescriptive, the FDA’s guidance signals clear principles that medical device manufacturers must heed. This includes, but is not limited to robust measures from the design phase through post-market surveillance, including threat modeling, risk management, security testing, and the development of supporting security documentation such as a Software Bill of Materials (SBOM) and post-market plans for monitoring and addressing cybersecurity vulnerabilities.

Beyond Algorithm Choice: Context and Implementation Matter

The FDA’s focus transcends simply selecting appropriate cryptography algorithms like Rivest–Shamir–Adleman (RSA) or Elliptic curve cryptography (ECC). The agency is intensifying scrutiny around how these algorithms are employed within the specific context of a medical device and its intended use. In short, it is not just about the algorithm but the security of its implementation and supporting infrastructure (e.g., PKI) and processes (e.g., key lifecycle management).

Key considerations include:

• Justification of Use Case: Manufacturers must articulate a clear rationale for a chosen cryptography strategy. Is it for securely establishing a TLS connection via key exchange? Is it to verify the integrity and authenticity of firmware updates via digital signatures? The justification should be rooted in a thorough risk assessment that identifies the specific security needs and why the method chosen is the most appropriate considering the tradeoff between security requirements and device capabilities. For instance, if a device is severely resource constrained, relying on symmetric keys for authentication could make sense, even if this approach introduces scalability and key management complexities.
• Emphasis on Key Management Lifecycle: The FDA places significant weight on the entire lifecycle of cryptographic keys. Secure generation, robust storage (often advocating for hardware-backed security like hardware security modules (HSMs) or secure elements), controlled and secure distribution (if applicable), secure usage, and timely destruction are all critical. Failure in any of these stages can render even the strongest algorithms useless. The FDA’s guidance implicitly encourages manufacturers to adopt best practices in key management, such as the principle of least privilege and segregation of duties.
• The Intricacies of Certificate Management: For use cases involving public key infrastructure (PKI), such as device authentication or secure communication with external systems, the FDA has started to scrutinize certificate management practices. This includes the selection of trusted Certificate Authorities (CAs) — whether public or private — and the processes for certificate generation, distribution, storage, revocation, and renewal. The FDA often raises concerns about the use of self-signed certificates in production environments due to the lack of a strong, independently verifiable trust anchor and the challenges associated with revocation. Proper compliance to CA standard practices are often expected for more complex deployments.
• Proper Integration is Non-Negotiable: The FDA recognizes that even theoretically sound cryptography can be undermined by flawed implementation. Manufacturers are expected to validate their cryptographic integrations through rigorous testing, including code analysis, vulnerability scanning, and penetration testing. Evidence of adherence to secure design practices and the use of well-vetted cryptographic libraries is always looked upon favorably.
• Future-Proofing through Cryptographic Agility: Recognizing the evolving threat landscape and the potential for future cryptographic breakthroughs (including threats posed by quantum computing), the FDA encourages manufacturers to consider cryptographic agility in their designs. This means having the ability to update or migrate to newer, stronger algorithms without requiring significant hardware or software redesigns. While not a current mandate for asymmetric algorithms, demonstrating an awareness of this long-term challenge is increasingly important.
• Transparency through Comprehensive Documentation: Detailed documentation is paramount for FDA submissions. Manufacturers must clearly articulate their choices of algorithms, key lengths, key management strategies, certificate management procedures, and the rationale behind these decisions based on their risk assessment and security requirements. This documentation serves as evidence of a thoughtful and security-conscious design process.

Navigating the Unique Challenges of Medical Devices

The medical device ecosystem presents specific challenges that influence the FDA’s perspective on asymmetric cryptography:

• Extended Device Lifespans: Unlike consumer electronics with shorter lifecycles, medical devices can remain in service for many years if not decades. This necessitates careful consideration of the long-term security of chosen asymmetric algorithms and the feasibility of future updates or migrations.
• Resource Constraints: Many medical devices operate with limited processing power and memory. Selecting efficient algorithms and optimizing their implementation to minimize resource consumption without compromising security is a critical balancing act. One path discussed for medical devices focuses on ephemeral cryptography which balances security with resource constraints. In ephemeral Diffie-Hellman-based key exchange (like ECDHE), the public keys are exchanged, and each side performs a cryptographic operation combining their private key with the peer’s public key to compute the same symmetric key. This key is then used for efficient, secure communication during the session. .
• Interoperability Demands: The interconnected nature of modern healthcare requires medical devices to communicate securely with various other systems. Ensuring seamless and secure interoperability across diverse platforms and protocols depends not just on using asymmetric cryptography, but having a proper Public Key Infrastructure (PKI) to establish and manage a foundation of trust.

Conclusion: A Call for Proactive and Informed Implementation

The FDA’s position on cryptography in medical devices is not about mandating specific algorithms but rather about ensuring their secure and appropriate implementation within a robust cybersecurity framework. Manufacturers must move beyond simply selecting a “strong” algorithm and focus on the entire ecosystem of key, library and algorithm management, certificate handling, secure implementation, and long-term maintainability. By adopting a proactive, risk-based approach and thoroughly documenting their cryptographic choices and practices, manufacturers can effectively leverage the power of asymmetric cryptography to fortify their medical devices and meet the FDA’s expectations for safety and effectiveness in an increasingly connected world.

Register for the webinar on June 18th, to demystify complex PKI concepts, provide actionable, step-by-step implementation strategies, and share real-world success stories.

‍