Cybersecurity issues in medical devices threaten patient safety and can cause harm if exploited. Standards and regulations therefore require vendors of such devices to provide an assessment of the cybersecurity risks as well as a description of their mitigation. Security assurance cases (SACs) capture these elements as a structured argument. Compiling an SAC requires taking domain-specific regulations and requirements as well as the way of working into account. In this case study, we evaluate CASCADE, an approach for building SAC in the context of a large medical device manufacturer with an established agile development workflow. We investigate the regulatory context as well as the adaptations needed in the development process. Our results show the suitability of SACs in the medical device industry. We identified 17 use cases in which an SAC supports internal and external needs. The connection to safety assurance can be achieved by incorporating information from the risk assessment matrix into the SAC. Integration into the development process can be achieved by introducing a new role and rules for the design review and the release to production as well as additional criteria for the definition of done. We also show that SACs built with CASCADE fulfill the requirements of relevant standards in the medical domain such as ISO 14971.

翻译：医疗设备中的网络安全问题威胁患者安全，若被利用可能造成伤害。相关标准与法规要求此类设备供应商提供网络安全风险评估及缓解措施说明。安全保证案例（SACs）以结构化论证形式整合这些要素。构建SAC需综合考虑特定领域法规要求、产品需求及工作流程。本案例研究评估了CASCADE方法——一种在具备成熟敏捷开发流程的大型医疗设备制造商中构建SAC的方案。我们考察了监管环境及开发流程所需的适应性调整。研究结果表明SAC在医疗设备行业具有适用性，我们识别出17个SAC能同时满足内部与外部需求的用例。通过将风险评估矩阵信息纳入SAC，可实现与安全保证体系的衔接。在开发流程中引入新角色、制定设计评审与生产发布规则、扩展"完成定义"的附加标准，可实现SAC的流程集成。研究还证实采用CASCADE构建的SAC满足ISO 14971等医疗领域相关标准的要求。