Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures

In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios

Cyberattack Path Generation and Prioritisation for Securing Healthcare Systems

Cyberattacks in the healthcare sector are constantly increasing due to the increased usage of information technology in modern healthcare and the benefits of acquiring a patient healthcare record. Attack path discovery provides useful information to identify the possible paths that potential attackers might follow for a successful attack. By identifying the necessary paths, the mitigation of potential attacks becomes more effective in a proactive manner. Recently, there have been several works that focus on cyberattack path discovery in various sectors, mainly on critical infrastructure. However, there is a lack of focus on the vulnerability, exploitability and target user profile for the attack path generation. This is important for healthcare systems where users commonly have a lack of awareness and knowledge about the overall IT infrastructure. This paper presents a novel methodology for the cyberattack path discovery that is used to identify and analyse the possible attack paths and prioritise the ones that require immediate attention to ensure security within the healthcare ecosystem. The proposed methodology follows the existing published vulnerabilities from common vulnerabilities and exposures. It adopts the common vulnerability scoring system so that base metrics and exploitability features can be used to determine and prioritise the possible attack paths based on the threat actor capability, asset dependency and target user profile and evidence of indicator of compromise. The work includes a real example from the healthcare use case to demonstrate the methodology used for the attack path generation. The result from the studied context, which processes big data from healthcare applications, shows that the uses of various parameters such as CVSS metrics, threat actor profile, and Indicator of Compromise allow us to generate realistic attack paths. This certainly supports the healthcare practitioners in identifying the controls that are required to secure the overall healthcare ecosystem

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Recently, the rapid growth of technology and the increased teleworking due to the COVID-19 outbreak have motivated cyber attackers to advance their skills and develop new sophisticated methods, e.g., Advanced Persistent Threat (APT) attacks, to leverage their cybercriminal capabilities. They compromise interconnected Critical Information Infrastructures (CIIs) (e.g., Supervisory Control and Data Acquisition (SCADA) systems) by exploiting a series of vulnerabilities and launching multiple attacks. In this context, industry players need to increase their knowledge on the security of the CIs they operate and further explore the technical aspects of cyber-attacks, e.g., attack’s course, vulnerabilities exploitability, attacker’s behavior, and location. Several research papers address vulnerability chain discovery techniques. Nevertheless, most of them do not focus on developing attack graphs based on incident analysis. This paper proposes an attack simulation and evidence chains generation model which computes all possible attack paths associated with specific, confirmed security events. The model considers various attack patterns through simulation experiments to estimate how an attacker has moved inside an organization to perform an intrusion. It analyzes artifacts, e.g., Indicators of Compomise (IoCs), and any other incident-related information from various sources, e.g., log files, which are evidence of cyber-attacks on a system or network

A Novel Risk Assessment Methodology for SCADA Maritime Logistics Environments

In recent years maritime logistics infrastructures are the global links among societies and economies. This challenges adversaries to intrude on the cyber-dependent ICTs by performing high-level intelligent techniques. A potential cyber-attack on such infrastructures can cause tremendous damages starting from supply chain service disruption ending up with threatening the whole human welfare. Current risk management policies embed significant limitations in terms of capturing the specific security requirements of ICTs and control/monitoring devices, such as IoT platforms, satellites and time installations, which are primary functioning for the provision of Maritime Logistics and Supply Chain (MLoSC) services. This work presents a novel risk assessment methodology capable of addressing the security particularities and specificities of the complex nature of SCADA infrastructures and Cyber-Physical Systems (CPSs) of the Maritime Logistics Industry. The methodology identifies asset vulnerabilities and threats to estimate the cyber-risks and their cascading effects within the supply chain, introducing a set of subsequent security assessment services. The utilization of these services is demonstrated via a critical, real-life SCADA scenario indicating how they can facilitate supply chain operators in comprehending the threat landscape of their infrastructures and guide them how to adopt optimal mitigation strategies to counter or eliminate their cyber-risks

Modelling Human Tasks to Enhance Threat Identification in Critical Maritime Systems

International audienceMaritime supply chains involve various infrastructures and human actors, belonging to different organizations with diverse business and operational goals. Existing cybersecurity risk assessment methods are mainly focused on the identification of malicious actors and the relevant cyber threats. Nevertheless, threats can also arise from operators’ tasks and errors, while interacting with information systems. In this paper, we analyze how human task modeling techniques support the identification of cyber threats on supply chain operators’ tasks. In particular, we focus on external attackers threatening supply chain operators’ tasks, on internal supply chain operators making errors during planned tasks, as well as on insiders deviating from planned tasks. We present the application of the proposed technique on the MITIGATE risk assessment methodology. In addition, we describe an illustrative example of a maritime transport supply chain service process involving four types of users deriving from three types of organizations, who implement tasks ranging from the cargo manifest declaration to the maritime requested services preparation

EUS – Fine- Needle Aspiration Biopsy (FNAB) in the Diagnosis of Pancreatic Adenocarcinoma: A Review

Solid masses of the pancreas represent a variety of benign and malignant neoplasms of the exocrine and endocrine tissues of the pancreas. A tissue diagnosis is often required to direct therapy in the face of uncertain diagnosis or if the patient is not a surgical candidate either due to advanced disease or comorbidities. Endoscopic ultrasound (EUS) is a relatively new technology that employs endoscopy and high-frequency ultrasound (US). EUS involves imaging of the pancreatic head and the uncinate from the duodenum and imaging of the body and tail from the stomach. It has been shown to be a highly sensitive method for the detection of pancreatic masses. It is superior to extracorporeal US and computed tomographic (CT) scans, especially when the pancreatic tumor is smaller than 2-3 cm. Although EUS is highly sensitive in detecting pancreatic solid masses, its ability to differentiate between inflammatory masses and malignant disease is limited. Endoscopic retrograde cholangiopancreatography (ERCP) brushing, CT-guided biopsies, and transabdominal ultrasound (US) have been the standard nonsurgical methods for obtaining a tissue diagnosis of pancreatic lesions, but a substantial false-negative rate has been reported. Transabdominal US-guided fine-needle aspiration biopsy (US-FNAB) has been used for tissue diagnosis in patients with suspected pancreatic carcinoma. It has been shown to be highly specific, with no false-positive diagnoses. With the advent of curvilinear echoendoscopes, transgastric and transduodenal EUS-FNAB of the pancreas have become a reality EUS with FNAB has revolutionized the ability to diagnose and stage cancers of the gastrointestinal tract and assess the pancreas. Gastrointestinal cancers can be looked at with EUS and their depth of penetration into the intestinal wall can be determined. Any suspicious appearing lymph nodes can be biopsied using EUS/FNAB. The pancreas is another organ that is well visualized with EUS. Abnormalities such as tumors and cysts of the pancreas can be carefully evaluated using EUS and then biopsied with FNAB. There are many new applications of EUS using FNAB. Researchers are looking to deliver chemotherapeutics into small pancreatic cancers and cysts. Nerve blocks using EUS/FNAB to inject numbing medicines into the celiac ganglia, a major nerve cluster, are now routinely performed in patients with pain due to pancreatic cancer. The aim of this study is to perform a review of the literature regarding the usefulness of EUS/FNAB in the diagnosis of pancreatic adenocarcinoma

Cytology of Pericardial Effusion due to Malignancy

Background. Malignant pericardial effusion occurs in one tenth of all cancers. It is a very serious disorder that is mainly a secondary process due to metastasis because primary neoplasms of the pericardium such as mesotheliomas, sarcomas being exceedingly rare

Deliverable D7.4 - Repositories of Empirical Knowledge

This deliverable corresponds to the repositories of simulation scenarios, risk models, assurance models and more. The deliverable reflects the outcomes of task T7.4. “Repositories of threats, countermeasures and simulated scenarios”

Deliverable D6.3 - Best Practices for Replicability and Wider Use

This deliverable details the evaluation methodology of the MITIGATE project. It is produced based on tasks T2.2 and T7.1