Medical device security needs to be more like rugby

Author: Justine Bone


As a New Zealand native I grew up surrounded by world class rugby. This sport, as you might know, is considered one of the purest team sports. Winning requires shared responsibilities in dynamic situations; and the winners are those who can coordinate passing, tackling and kicking the ball downfield with the fewest errors.


In rugby, a scrum is a method of restarting play where players pack closely together with their heads down, attempting to gain possession of the ball.


Is no coincidence that the same term came to be used in agile product delivery/development. The inventors used “scrum” to stress the importance of working as a team to solve complex problems.

Over the course of my career, my approach to solving complex problems has evolved to better reflect my kiwi roots.


Early on, as an NYC hacker looking to pay the rent and feed a growing shoe budget, I was drawn to siloed hacking, where I could narrow my focus to complex vulnerability exploitation, working within well-defined constraints for one singularly clear outcome.


As a rugby-exposed Kiwi I was drawn to MedSec, where industry-wide collaboration is necessary to address the complex, safety-driven landscape of medical device security. The state of medical device cybersecurity needed more scrums and fewer silos, and MedSec was positioned by its deep expertise to be the first to bring cohesion to organizations suffering from operating fragmentation.


In short, medical device security needs to be more like rugby, where individuals collaborate with agility and a singleness of purpose in very dynamic situations.


How do we do that? We combine device and HDO expertise to develop playbooks for every situation, from the regulatory to threat modeling to the highest potential attack vectors. We work with in-house teams to build cross-functional teams to win.





17 views