NATIONAL CYBERSECURITY FRAMEWORKS: AN OVERVIEW OF U.S.A., AUSTRALIAN AND JAPANESE REGULATORY APPROACHES

SRAVYA ARIKATLA; MANISHA PENCHALA; PRASANTHI D.

doi:10.22159/ijpps.2025v17i11.56328

Authors

SRAVYA ARIKATLA Department of Regulatory Affairs, G. Pulla Reddy College of Pharmacy, Osmania University, Hyderabad, Telangana-500028, India https://orcid.org/0009-0006-3309-0884
MANISHA PENCHALA Department of Regulatory Affairs, G. Pulla Reddy College of Pharmacy, Osmania University, Hyderabad, Telangana-500028, India https://orcid.org/0009-0009-3646-0387
PRASANTHI D. Department of Regulatory Affairs, G. Pulla Reddy College of Pharmacy, Osmania University, Hyderabad, Telangana-500028, India https://orcid.org/0000-0002-3856-814X

DOI:

https://doi.org/10.22159/ijpps.2025v17i11.56328

Keywords:

Software bill of materials (SBOM), Cybersecurity, Cyberattack, OTS software, Vulnerability, Software as medical device

Abstract

Cybersecurity has become a top priority for nations worldwide as digital threats grow in complexity and frequency. Countries like the United States, Australia, and Japan have developed strong regulatory and strategic frameworks to address these evolving challenges. In the United States, cybersecurity efforts are supported by legislation such as the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Information Sharing Act (CISA), which focus on risk management, public-private coordination, and national defence. The Cybersecurity and Infrastructure Security Agency (CISA) plays a key role in overseeing national preparedness and response activities.

Australia has taken significant steps to strengthen its cybersecurity infrastructure through the Australian Cyber Security Centre (ACSC) and legal mandates under the Security of Critical Infrastructure Act. The country also enforces strict data protection rules via the Privacy Act 1988, including mandatory breach reporting and increased penalties for non-compliance.

Japan’s approach is guided by the Basic Act on Cybersecurity, which lays the foundation for government and industry cooperation. The National Centre of Incident Readiness and Strategy for Cybersecurity (NISC) lead policy coordination and national defence efforts. Japan also prioritizes personal data protection through the Act on the Protection of Personal Information (APPI), aligning with global privacy standards.

Together, these regulatory efforts reflect a growing international recognition of cybersecurity as essential to national security, economic stability, and public trust. While tailored to national contexts, these frameworks emphasize preparedness, resilience, and collaboration in securing the digital landscape.

Downloads

Download data is not yet available.

References

1. Pachava VR, Krishna BS. Regulatory framework of cybersecurity for medical device software in USA, EU and India. Int J Curr Pharm Res. 2023;15(5):49-54.

2. Prajwal A. 4.0-impact of the internet of things on health care. Int J Appl Pharm. 2020;12(5):64-9.

3. Food and Drug Administration. Content of premarket submissions for management of cybersecurity in medical devices (Draft guidance). United States Department of Health and Human Services; 2025. Available from: https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm356190.pdf. [Last accessed on 28 Jul 2025].

4. Williams PA, Woodward AJ. Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med Devices (Auckl). 2015 July;8:305-16. doi: 10.2147/MDER.S50048, PMID 26229513.

5. Slabodkin G. FDA warns about Log4j cybersecurity vulnerabilities in medical devices. Med Tech Dive; 2021 Dec 20. Available from: https://www.medtechdive.com/news/fda-warns-log4j-cybersecurity-risks-medical-devices/611773.

6. Medcrypt. Software as a medical device: understanding regulations and security priorities. Medcrypt blog; 2024 July 2. Available from: https://www.medcrypt.com/blog/software-as-a-medical-device-understanding-regulations-and-security-priorities. [Last accessed on 15 Aug 2025].

7. Lechner NH. An overview of cybersecurity regulations and standards for medical device software. In: Proceedings of the central European conference on information and intelligent systems; 2017 Sep. Available from: https://archive.ceciis.foi.hr/public/conferences/2017/06/QSS-3.pdf. [Last accessed on 28 Jul 2025].

8. Unitet States Food and Drug Administration. Off-the-shelf software use in medical devices: guidance for industry and food and drug administration staff. United States Department of Health and Human Services; 2019 Sep 27. Available from: https://www.fda.gov/media/71794/download. [Last accessed on 28 Jul 2025].

9. Bit Sight. 7 cybersecurity frameworks to reduce cyber risk. BitSight Blog. Available from: https://www.bitsight.com/blog/7-cybersecurity-frameworks-to-reduce-cyber-risk. [Last accessed on 28 Jul 2025].

10. Therapeutic Goods Administration. TGA cybersecurity and testing requirements for medical devices. Available from: htpps://www.medsectesting.com/tga-cybersecurity-and-testing-requirements-for-medical-devices.

11. Therapeutic Goods Administration. Medical device cyber security guidance for industry. Canberra (AU) Therapeutic Goods Administration; 2022 Nov. Available from: https://www.tga.gov.au/sites/default/files/medical-device-cyber-security-guidance-industry.pdf. [Last accessed on 28 Jul 2025].

12. UL. Medical device cybersecurity in Japan. UL Solutions; 2021 Mar 19. Available from: https://www.ul.com/news/medical-device-cybersecurity-japan.

13. Pharmaceuticals and Medical Devices Agency. Cybersecurity requirements for medical device product registration; 2023. Available from: https://www.pmda.go.jp/files/000266827.pdf. [Last accessed on 28 Jul 2025].

14. Ropes, Gray LL. FDA finalizes guidance on medical device manufacturer cybersecurity responsibilities; 2023 Oct 10. Available from: https://www.ropesgray.com/en/insights/alerts/2023/10/fda-finalizes-guidance-on-medical-device-manufacturer-cybersecurity-responsibilities.

15. Mitch. 2025 update of FDA premarket cybersecurity guidance. MD101 Consulting; 2025 Jul 4. Available from: https://www.cm-dm.com/post/2025-July4-update-of-FDA-Premarket-Cybersecurity-guidance.

16. Therapeutic Goods Administration. Complying with medical device cyber security requirements (guidance for manufacturers and sponsors). Canberra (AU) Goods Administration; 2019 July 1. Available from: https://www.tga.gov.au/resources/guidance/complying-medical-device-cyber-security-requirements?utm. [Last accessed on 09 Aug 2025].

17. Pharmaceuticals and Medical Devices Agency (PMDA). Recent trends in cybersecurity assurance of medical devices. Pharmaceuticals and medical devices safety information; 2020 Jun. Available from: https://www.pmda.go.jp/files/000235348.pdf. [Last accessed on 28 Jul 2025].

18. Pharmaceuticals and Medical Devices Agency. Cybersecurity requirements for medical device product registration; 2023. Available from: https://www.pmda.go.jp/files/000266827.pdf.

19. U. S. Food and Drug Administration. Postmarket management of cybersecurity in medical devices: guidance for industry and FDA staff; 2016 Dec. Available from: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/postmarket-management-cybersecurity-medical-devices.

20. ICON plc. FDA final guidance document on post-market cybersecurity. ICON insights blog; 2018 Apr 20. Available from: https://www.iconplc.com.insights/blog.2018/04/20/fda-guidance-onpostmarket-cybersecurity.

21. U. S. Food and Drug Administration. (n. d.). Cybersecurity in medical devices: reporting cybersecurity issues. FDA Digital Health Center of Excellence. Available from: https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity#reporting. [Last accessed on 28 Jul 2025].

22. Therapeutic Goods Administration. Procedure for recalls product alerts and product corrections (PRAC). Department of Health; 2025 Mar 5. Available from: https://www.tga.gov.au/how-we-regulate/monitoring-safety-and-shortages/procedure-recalls-product-alerts-and-product-corrections-prac.

23. Pharmaceuticals and Medical Devices Agency (PMDA). Recent trends in cybersecurity assurance of medical devices. Pharmaceuticals and medical devices safety information; 2020 Jun. Available from: https://www.pmda.go.jp/files/000235348.pdf. [Last accessed on 28 Jul 2025].

24. Pharmaceuticals and Medical Devices Agency (PMDA). Recent trends in cybersecurity assurance of medical devices. Pharmaceuticals and medical devices safety information; 2020 Jun. Available from: https://www.pmda.go.jp/files/000235348.pdf. [Last accessed on 28 Jul 2025].

25. Nagashima Ohno, Tsunematsu. In brief: cyberthreat detection and reporting in Japan. Lexology; 2025 Feb 5. from https://www.lexology.com.library.aspx?g=b5a4686a-ac39-4622-a928-a7b471b58a00.