Cyber Security Risk Management for Health-based Critical Infrastructures
Lead Research Organisation:
University of Brighton
Department Name: Sch of Computing, Engineering & Maths
Abstract
Critical Infrastructure (CI) is a term used to describe assets that are essential for the functioning of society and economy. Examples of Critical Infrastructures include telecommunications, public health, water supply, transportation, and financial services. Securing Critical Infrastructure has been identified as an important challenge. The project aims to introduce a security risk management framework to support the security analysis of Health-based Critical Infrastructures. This will be achieved through the definition of models for critical information assets, as well as vulnerabilities and threats associated with software systems supporting Critical Infrastructures.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/N509607/1 | 01/10/2016 | 31/03/2023 | |||
| 1792624 | Studentship | EP/N509607/1 | 03/10/2016 | 02/10/2019 | Myrsini Athinaiou |
| Description | Through this research fund, a resilience framework has been developed that supports security after an incident has occurred. The framework consists of a meta-model, a process that guides the requirements engineer to utilise the language and reasoning support that generates alternative resilience healthcare system design options and solves implementational bottlenecks. The project is still ongoing and further evaluations will take place to assist in the further development of the current outcomes. |
| Exploitation Route | They can be used along with event and behaviour management system to support the security of healthcare critical infrastructures. They also extend current security requirements elicitation and analysis approaches and as such, they can form a base for the specification of such approaches to other critical infrastructures sectors. |
| Sectors | Digital/Communication/Information Technologies (including Software),Healthcare |
| Description | We have conducted IT professionals from healthcare and they are interested to test our research outcomes and share it with colleagues. They think that this research is relevant to the current challenges that the healthcare sector is dealing with for the next five to ten years. They believe that it can be used for the development of systems based on current knowledge and complementary programs used by their partners. By using resilience along with prevention they think that the quality of health provision in terms of cyber security and safety will be increased. |
| First Year Of Impact | 2018 |
| Sector | Digital/Communication/Information Technologies (including Software),Healthcare |
| Impact Types | Policy & public services |
| Title | Resilience Analysis tool for Healthcare Critical Infrastructures from a cybersecurity perspective. |
| Description | There is a beta version of the tool that will be released in 2019. It allows the implementation of the modelling language and supports decision making through semi-automation, following algorithms contained in the reasoning section of the thesis document. The development is taking place using angular and only open source licences. |
| Type Of Technology | Software |
| Year Produced | 2019 |
| Impact | It allows the testing of the modelling-language and process. It offers to requirements engineers an implementation capability of the analysis described in the thesis, which based on their inputs generates security requirements that need to be maintained under incident conditions, alternative healthcare contexts that affect the implementation of maintaining the security requirements as part of resilience designs and re-allocate responsibilities among actors in case of bottlenecks in the resilience activities. |
| Description | Doctoral consortium presentation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | The purpose was to provide an overview of the research project to professionals and experienced academics and receive their feedback. The presentation was followed by a fruitful dialogue that indicated that the motivation was clear and the research methods that could possibly address the issue were properly identified. The presentation at the RCIS2017 conference won the Best Doctoral Consortium Presentation Award. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.semanticscholar.org/paper/Cyber-security-risk-management-for-health-based-Athinaiou/ee66... |
| Description | News article publication |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Public/other audiences |
| Results and Impact | The intended purpose for publishing in an online newspaper was to reach a broader audience and connect the WannaCry incident with the research project indicating how current research can help to present and future cyber threats, related to healthcare. The article informed the general public about the threat landscape and the feedback received was that the majority of the readers were thinking that only data were endangered and not that kinetic impact was also possible. From there the article was used in other online news providers and contact with CTOs and CIOs (from the US and the UK) was initiated and is still ongoing. |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://theconversation.com/why-has-healthcare-become-such-a-target-for-cyber-attackers-80656 |
| Description | Three Minutes Thesis Competition (3MT) |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | The intended purpose was to share an outline of the research project in a simplified language to an audience of postgraduate students with different research interests and exchange ideas as well as test the relevance of the work with current healthcare research. Researchers from biomaterial sciences and the nursing school were particularly interested and expressed their interest to participate in the assessment process of the resilience framework. |
| Year(s) Of Engagement Activity | 2017,2018 |
| URL | https://blogs.brighton.ac.uk/doctoralcollege/2017/06/07/three-minute-thesis-live-final-may-2017/ |