Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table).
<div class="section abstract"><div class="htmlview paragraph">The idea of keeping a vehicle safe and secure throughout its whole life cycle, as well as having the opportunity to add functionality after initial delivery, is the key motivation behind automotive software updates. Today, safety or security issues that appear after vehicle delivery need to be resolved by starting a recall campaign. These campaigns require the vehicle user to visit a car repair workshop to get an update. Over The Air (OTA) software updates, being location-independent, can pave the way for higher update frequencies and more efficiency regarding customer satisfaction, resource consumption as well as safety and security.</div><div class="htmlview paragraph">In this paper we analyze requirements for OTA software updates phrased in various standards and regulations as well as in existing development and type approval processes. Prevailing challenges for OTA updates are extracted to identify necessary activities and artifacts within the procedure. Based on that a concept for the approval and execution processes of OTA updates is designed. This concept includes the involved entities, required communication and exchange paths as well as the OTA update specification.</div></div>
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.