A study into data analysis and visualisation to increase the cyber-resilience of healthcare infrastructures

© 2017 Association for Computing Machinery. In May 2017, a global ransomware campaign adversely affected approximately 48 UK hospitals. Response to the WannaCry cyber-attack resulted in many hospital networks being taken offline, and non-emergency patients being refused care. This is a clear example that data behaviour within healthcare infrastructures needs to be monitored for malicious, erratic or unusual activity. There is a perceived lack of threat within healthcare organisations with regards to cyber-security. Hospital infrastructures present a unique threat vector, with a dependence on legacy software, medical devices and bespoke software. Additionally, many PCs are shared by a number of users, all of whom use a variety of disparate IT systems. Every healthcare infrastructure configuration is unique and a one size fits all security solution cannot be applied to healthcare. Existing cyber-security technology within hospital infrastructures is typically perimeter-focused. Once a malicious user has compromised the boundary through a backdoor, there is a lack of security architecture monitoring active potential threats inside the network. Therefore, this paper presents research towards a system, which can detect unusual data behaviour through the use of advanced data analytics and visualisation techniques. Machine learning algorithms have the capability to learn patterns of data and profile users' behaviour, which can be represented visually. The proposed system is tailored to healthcare infrastructures by learning typical data behaviours and profiling users. The system adds to the defence-in-depth of the healthcare infrastructure by understanding the unique configuration of the network and autonomously analysing

A Study into Detecting Anomalous Behaviours within HealthCare Infrastructures

The theft of medical data, which is intrinsically valuable, can lead to loss of patient privacy and trust. With increasing requirements for valuable and accurate information, patients need to be confident that their data is being stored safely and securely. However, medical devices are vulnerable to attacks from the digital domain, with many devices transmitting data unencrypted wirelessly to electronic patient record systems. As such, it is now becoming more necessary to visualise data patterns and trends in order identify erratic and anomalous data behaviours. In this paper, a system design for modelling data flow within healthcare infrastructures is presented. The system assists information security officers within healthcare organisations to improve the situational awareness of cyber security risks. In addition, a visualisation of TCP Socket Connections using real-world network data is put forward, in order to demonstrate the framework and present an analysis of potential risks

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

An Investigation into Healthcare-Data Patterns

Visualising complex data facilitates a more comprehensive stage for conveying knowledge. Within the medical data domain, there is an increasing requirement for valuable and accurate information. Patients need to be confident that their data is being stored safely and securely. As such, it is now becoming necessary to visualise data patterns and trends in real-time to identify erratic and anomalous network access behaviours. In this paper, an investigation into modelling data flow within healthcare infrastructures is presented; where a dataset from a Liverpool-based (UK) hospital is employed for the case study. Specifically, a visualisation of transmission control protocol (TCP) socket connections is put forward, as an investigation into the data complexity and user interaction events within healthcare networks. In addition, a filtering algorithm is proposed for noise reduction in the TCP dataset. Positive results from using this algorithm are apparent on visual inspection, where noise is reduced by up to 89.84%

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Foresight Review on Design for Safety

This review explores how a culture of design for safety can enhance the safety of the world around us. Design for safety goes beyond legislation, regulations and standards. These all play an important role for established products and services but their limited scope often leads to missed opportunities to enhance safety by taking a broader perspective. Design is applied to both mature industries (which have many years of experience and a good understanding of risks and how to reduce them) and emerging industries (that use new technologies requiring new ways of controlling risk which may not yet be known or understood). An example of an emerging risk is the internet that is enabling rapid innovation of new products which generate data. This data is widely shared across the internet and the risks associated with this are as yet not fully understood by the public. A design for safety culture takes a holistic approach to understanding the influences that affect safety. Such influences are varied and take into account the broader environment within which design operates, including complex interactions, behaviour and culture. It goes beyond traditional design methods and focuses on the goal of a safer design. Implementing design for safety requires an understanding of the challenges and the methods to address them. It needs multidisciplinary teams that bring together people with the relevant skills to understand the challenges and a collaborative approach of ‘designing with’ rather than the more traditional approach of ‘designing for’. This can be achieved through an international diverse community that works together to identify and share best practices

Foresight Review on Design for Safety

This review explores how a culture of design for safety can enhance the safety of the world around us. Design for safety goes beyond legislation, regulations and standards. These all play an important role for established products and services but their limited scope often leads to missed opportunities to enhance safety by taking a broader perspective. Design is applied to both mature industries (which have many years of experience and a good understanding of risks and how to reduce them) and emerging industries (that use new technologies requiring new ways of controlling risk which may not yet be known or understood). An example of an emerging risk is the internet that is enabling rapid innovation of new products which generate data. This data is widely shared across the internet and the risks associated with this are as yet not fully understood by the public. A design for safety culture takes a holistic approach to understanding the influences that affect safety. Such influences are varied and take into account the broader environment within which design operates, including complex interactions, behaviour and culture. It goes beyond traditional design methods and focuses on the goal of a safer design. Implementing design for safety requires an understanding of the challenges and the methods to address them. It needs multidisciplinary teams that bring together people with the relevant skills to understand the challenges and a collaborative approach of ‘designing with’ rather than the more traditional approach of ‘designing for’. This can be achieved through an international diverse community that works together to identify and share best practices