Belimed AG is a leading provider of products and services for the sterilization, disinfection, and cleaning of medical and surgical instruments. With a cloud platform, customers can remotely monitor all their machinery. Belimed contracted konplan to perform a feasibility study on a new feature “Secure Firmware Over-the-air (FOTA) Update” for the existing system. The goal is to enable software updates to be completed more systematically, quickly, and securely.

Secure architecture from different perspectives
The FOTA study was formulated by konplan using different perspectives. The user-related perspective involved creating the FOTA workflow with stakeholder involvement. The technology-related perspective used risk analysis with a focus on end-to-end IT security and security technologies.
Based on the workflow, konplan developed the security requirements and the architectural structure including a data flow diagram, and then, integrated the results with a defense-in-depth concept. Threat modeling was used to identify risks related to the CIA Triad and develop appropriate mitigations. The modeling combined the results from various approaches: classic bottom-up STRIDE modeling, the OWASP Top Ten Security Risks, and the Common Weakness Enumerations (CWE). The identified IT security risk mitigations were then compared with the specifications of IEC 62443 (Cybersecurity for industrial automation and control systems), and the entire system architecture was updated accordingly.

Detailed basis for secure implementation
The study provided Belimed with a comprehensive overview of the architecture and implementation of the Secure Firmware Over-the-air Update feature in its current system. This includes workflow and security requirements for the system, secure architecture with defense-in-depth IT security, a “recipe book” for implementation, and a draft document list for regulatory authorities.