Cargando…

Cross-Domain Security Asset Management for Healthcare

Healthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access...

Descripción completa

Detalles Bibliográficos
Autores principales: Stirano, Federico, Lubrano, Francesco, Vitali, Giacomo, Bertone, Fabrizio, Varavallo, Giuseppe, Petrucci, Paolo
Formato: Online Artículo Texto
Lenguaje:English
Publicado: 2021
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7888298/
http://dx.doi.org/10.1007/978-3-030-69781-5_10
_version_ 1783652133378195456
author Stirano, Federico
Lubrano, Francesco
Vitali, Giacomo
Bertone, Fabrizio
Varavallo, Giuseppe
Petrucci, Paolo
author_facet Stirano, Federico
Lubrano, Francesco
Vitali, Giacomo
Bertone, Fabrizio
Varavallo, Giuseppe
Petrucci, Paolo
author_sort Stirano, Federico
collection PubMed
description Healthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access to restricted areas, and cyber attacks, like the notorious wannacry ransomware that abruptly disrupted the British National Health System in May 2017. Even the recent COVID-19 pandemic period has been negatively characterized by an increase of both physical and cyber incidents that specifically targeted hospitals and undermined an essential public service like healthcare. Effective security solutions are necessary in order to protect and enhance the resiliency of the Critical Infrastructures. This paper presents the work being developed in the context of the SAFECARE H2020 project, that specifically considers the requirements for security of hospitals. A particular focus is given to the asset management that consider cross-domain aspects of security, like the physical location and virtual connections that link different components of a hospital. This allows advanced knowledge that enables to infer and forewarn of possible elaborated cyber-physical kill chains. This is particularly important and useful during crisis, as allows to have a holistic overview of the status of the hospital and the potential impacts of one or more incidents to the critical assets. The description and simulation of an attack scenario is also given, together with the description of the messages exchanged by the security systems and the information made available to security operators.
format Online
Article
Text
id pubmed-7888298
institution National Center for Biotechnology Information
language English
publishDate 2021
record_format MEDLINE/PubMed
spelling pubmed-78882982021-02-17 Cross-Domain Security Asset Management for Healthcare Stirano, Federico Lubrano, Francesco Vitali, Giacomo Bertone, Fabrizio Varavallo, Giuseppe Petrucci, Paolo Cyber-Physical Security for Critical Infrastructures Protection Article Healthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access to restricted areas, and cyber attacks, like the notorious wannacry ransomware that abruptly disrupted the British National Health System in May 2017. Even the recent COVID-19 pandemic period has been negatively characterized by an increase of both physical and cyber incidents that specifically targeted hospitals and undermined an essential public service like healthcare. Effective security solutions are necessary in order to protect and enhance the resiliency of the Critical Infrastructures. This paper presents the work being developed in the context of the SAFECARE H2020 project, that specifically considers the requirements for security of hospitals. A particular focus is given to the asset management that consider cross-domain aspects of security, like the physical location and virtual connections that link different components of a hospital. This allows advanced knowledge that enables to infer and forewarn of possible elaborated cyber-physical kill chains. This is particularly important and useful during crisis, as allows to have a holistic overview of the status of the hospital and the potential impacts of one or more incidents to the critical assets. The description and simulation of an attack scenario is also given, together with the description of the messages exchanged by the security systems and the information made available to security operators. 2021-01-28 /pmc/articles/PMC7888298/ http://dx.doi.org/10.1007/978-3-030-69781-5_10 Text en © The Author(s) 2021 Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
spellingShingle Article
Stirano, Federico
Lubrano, Francesco
Vitali, Giacomo
Bertone, Fabrizio
Varavallo, Giuseppe
Petrucci, Paolo
Cross-Domain Security Asset Management for Healthcare
title Cross-Domain Security Asset Management for Healthcare
title_full Cross-Domain Security Asset Management for Healthcare
title_fullStr Cross-Domain Security Asset Management for Healthcare
title_full_unstemmed Cross-Domain Security Asset Management for Healthcare
title_short Cross-Domain Security Asset Management for Healthcare
title_sort cross-domain security asset management for healthcare
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7888298/
http://dx.doi.org/10.1007/978-3-030-69781-5_10
work_keys_str_mv AT stiranofederico crossdomainsecurityassetmanagementforhealthcare
AT lubranofrancesco crossdomainsecurityassetmanagementforhealthcare
AT vitaligiacomo crossdomainsecurityassetmanagementforhealthcare
AT bertonefabrizio crossdomainsecurityassetmanagementforhealthcare
AT varavallogiuseppe crossdomainsecurityassetmanagementforhealthcare
AT petruccipaolo crossdomainsecurityassetmanagementforhealthcare