Zero trust implementation

FDA Unveils Cybersecurity Modernization Action Plan Focused on Implementing Zero Trust Model

The Food and Drug Administration has released an action plan focused on improving the agency’s cyber defense capabilities using technological advances. Under the Cybersecurity Modernization Action Plan, the FDA aims to implement the zero trust cybersecurity approach to protect sensitive data and systems from cyberattacks.

The Office of Information Security is in charge of coordinating the digital transformation efforts across the agency and ensuring that the plan is being implemented in line with earlier action plans for technology, data and enterprise modernization, the FDA said.

The other objectives of the new plan include enhancing data exchange and collaboration across the FDA and between the agency and its public health partners, implementing security measures at each software development lifecycle stage, using artificial intelligence and machine learning technologies to improve cyber detection and response capabilities, and investing in the agency’s cybersecurity workforce.

According to the FDA, reconnaissance activities, denial of service, attempted exploitation and other cyber incidents increased by 457 percent during the pandemic.

Medical devices are also among the targets of malicious cyber actors. In June, House lawmakers approved a bill requiring the FDA to address cybersecurity risks facing such devices.

Following the bill’s approval, the agency completed a public consultation on draft guidance aimed at ensuring that the products are designed to be capable of mitigating emerging cybersecurity risks before they are sold on the market. The FDA is now finalizing the guidance for pre-market submissions.