My research vision is a world where science-based security is built-in by design to all embedded systems: medical devices, autonomous transportation, healthcare delivery, manufacturing, and the Internet of Things. This is challenging because the number of vulnerabilities continues to increase dramatically while solutions remain largely piecemeal and reactive. Finding systematic solutions that address root causes rather than symptoms of risk is extremely important now because consumers are surrendering control to IoT devices before the autonomous systems have adequate trustworthiness to withstand modern, constantly evolving adversaries and threat models.
I presently serve as the inaugural Acting Director of Medical Device Cybersecurity at FDA's Center for Devices and Radiological Health where I lead the Distinguished Speaker Series on Cybersecurity for Biomedical Engineering at the UCSF-Stanford Center for Regulatory Science and Innovation (FDA CERSI). I direct the Security and Privacy Research (SPQR) group at Michigan. I am a founding member of the N95decon.org team on decontamination science for emergency reuse of N95 filtering facepiece respirators during healthcare worker PPE shortages. I founded the Archimedes Center for Healthcare and Device Security where my writing appears on my archived blog on medical device security and safety.
Selected Talks and Events (less incomplete list):
University of Toronto
Schwartz Reisman Institute for Technology and Society
Honors: IEEE Fellow for contributions to embedded and medical device security, Top Influencers in Health InfoSec, World Economic Forum Young Scientist, Fed100 Award,TR35 Innovator of the Year 2009, Sloan Fellowship, NSF CAREER, Paper Awards [ACM SIGCOMM, IEEE S&P, USENIX Security]
News: Kevin Fu joins AAMI Editorial Board on Biomedical Instrumentation and Technology, Science Friday, NY Times and Wired and Ars Technica on Light Commands, NY Times on an acoustic virus, Slashdot interview, NBC Chicago, NY Times, Scientific American, MIT Technology Review, Slashdot, Economist, PBS Newshour, Forbes, BBC, LA Times, NIST. [Archived news]
Fun stuff: Cybersecurity standup comedy. I wrote the lyrics of a Taylor Swift-inspired a capella music video about programming. I used to maintain a collection of links on why Ann Arbor is cool.
Undergrads considering graduate school: When my students are not kiteboarding on the beautiful shores of Lake Michigan, they are probably publishing security research with an emphasis on analog sensor security or medical device security within the field of embedded security. Prospective graduate students can read advice on how to write more effective graduate school applications. This event was part of a larger national set of workshops to broaden participation in computing research. Also see my links to reports on women in computing research.
Selected publications (complete list):
Videos and More (complete talks list):
Announcements: Chair of CCC Cybersecurity Task Force; Senate testimony; House testimony; Program chair for USENIX Security; Appointment to ACM Committee on Computers and Public Policy; first graduate course in the nation dedicated to medical device security.
Affiliations: THaW, Security @Michigan, SPQR Lab, Archimedes
Recent research support: National Science Foundation, ADI, Archimedes