Cargando…
Cross-Domain Security Asset Management for Healthcare
Healthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access...
Autores principales: | , , , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
2021
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7888298/ http://dx.doi.org/10.1007/978-3-030-69781-5_10 |
_version_ | 1783652133378195456 |
---|---|
author | Stirano, Federico Lubrano, Francesco Vitali, Giacomo Bertone, Fabrizio Varavallo, Giuseppe Petrucci, Paolo |
author_facet | Stirano, Federico Lubrano, Francesco Vitali, Giacomo Bertone, Fabrizio Varavallo, Giuseppe Petrucci, Paolo |
author_sort | Stirano, Federico |
collection | PubMed |
description | Healthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access to restricted areas, and cyber attacks, like the notorious wannacry ransomware that abruptly disrupted the British National Health System in May 2017. Even the recent COVID-19 pandemic period has been negatively characterized by an increase of both physical and cyber incidents that specifically targeted hospitals and undermined an essential public service like healthcare. Effective security solutions are necessary in order to protect and enhance the resiliency of the Critical Infrastructures. This paper presents the work being developed in the context of the SAFECARE H2020 project, that specifically considers the requirements for security of hospitals. A particular focus is given to the asset management that consider cross-domain aspects of security, like the physical location and virtual connections that link different components of a hospital. This allows advanced knowledge that enables to infer and forewarn of possible elaborated cyber-physical kill chains. This is particularly important and useful during crisis, as allows to have a holistic overview of the status of the hospital and the potential impacts of one or more incidents to the critical assets. The description and simulation of an attack scenario is also given, together with the description of the messages exchanged by the security systems and the information made available to security operators. |
format | Online Article Text |
id | pubmed-7888298 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2021 |
record_format | MEDLINE/PubMed |
spelling | pubmed-78882982021-02-17 Cross-Domain Security Asset Management for Healthcare Stirano, Federico Lubrano, Francesco Vitali, Giacomo Bertone, Fabrizio Varavallo, Giuseppe Petrucci, Paolo Cyber-Physical Security for Critical Infrastructures Protection Article Healthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access to restricted areas, and cyber attacks, like the notorious wannacry ransomware that abruptly disrupted the British National Health System in May 2017. Even the recent COVID-19 pandemic period has been negatively characterized by an increase of both physical and cyber incidents that specifically targeted hospitals and undermined an essential public service like healthcare. Effective security solutions are necessary in order to protect and enhance the resiliency of the Critical Infrastructures. This paper presents the work being developed in the context of the SAFECARE H2020 project, that specifically considers the requirements for security of hospitals. A particular focus is given to the asset management that consider cross-domain aspects of security, like the physical location and virtual connections that link different components of a hospital. This allows advanced knowledge that enables to infer and forewarn of possible elaborated cyber-physical kill chains. This is particularly important and useful during crisis, as allows to have a holistic overview of the status of the hospital and the potential impacts of one or more incidents to the critical assets. The description and simulation of an attack scenario is also given, together with the description of the messages exchanged by the security systems and the information made available to security operators. 2021-01-28 /pmc/articles/PMC7888298/ http://dx.doi.org/10.1007/978-3-030-69781-5_10 Text en © The Author(s) 2021 Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. |
spellingShingle | Article Stirano, Federico Lubrano, Francesco Vitali, Giacomo Bertone, Fabrizio Varavallo, Giuseppe Petrucci, Paolo Cross-Domain Security Asset Management for Healthcare |
title | Cross-Domain Security Asset Management for Healthcare |
title_full | Cross-Domain Security Asset Management for Healthcare |
title_fullStr | Cross-Domain Security Asset Management for Healthcare |
title_full_unstemmed | Cross-Domain Security Asset Management for Healthcare |
title_short | Cross-Domain Security Asset Management for Healthcare |
title_sort | cross-domain security asset management for healthcare |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7888298/ http://dx.doi.org/10.1007/978-3-030-69781-5_10 |
work_keys_str_mv | AT stiranofederico crossdomainsecurityassetmanagementforhealthcare AT lubranofrancesco crossdomainsecurityassetmanagementforhealthcare AT vitaligiacomo crossdomainsecurityassetmanagementforhealthcare AT bertonefabrizio crossdomainsecurityassetmanagementforhealthcare AT varavallogiuseppe crossdomainsecurityassetmanagementforhealthcare AT petruccipaolo crossdomainsecurityassetmanagementforhealthcare |