NEw MEdical CYbersecurity assessment and design Solutions

Leistungen

Research ethics assessment and management plan for NEMECYS activities, with possible recommendations for improvements. Updated on need.

Project public website

A dedicated public website will be developed to serve as a communication and dissemination platform for the project.

Systematic review of documentation (initial)

A comprehensive review based on desk research of current regulations, guidelines, standards and best practices regarding cyber security of medical devices, identifying the relevant stakeholders for the included measures.

Dissemination & Communication Plan

A living document that coordinates and aligns all communication and dissemination activities.

Exploitation plan (initial)

Preliminary analysis identifying exploitable items and first draft exploitation plans for each, taking communication activities into account.

Data Management plan (final)

The data management plan will include information on: - the handling of research data during & after the end of the project- what data will be collected, processed and/or generated- which methodology & standards will be applied- whether data will be shared/made open access and- how data will be curated & preserved (including after the end of the project).

Risk Benefit Schemes (initial)

Synthesis of T2.1 – T2.5 inclusive for balanced and proportionate risk assessment and control, delivered in two iterations (M18 & M28).

Report on Dissemination and Communication Activities (first)

Reporting on accomplished dissemination and communication activities in first half of project.

Data Management Plan (Initial)

The data management plan will include information on: - the handling of research data during & after the end of the project- what data will be collected, processed and/or generated- which methodology & standards will be applied- whether data will be shared/made open access and- how data will be curated & preserved (including after the end of the project).

Veröffentlichungen

Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices

Autoren: Laura Carmichael, Steve Taylor, Samuel Senior, Mike Surridge, Gencer Erdogan, Simeon Tverdal
Veröffentlicht in: Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
Herausgeber: SCITEPRESS - Science and Technology Publications
DOI: 10.5220/0013306100003899

Semi-Automated Threat Vulnerability & Risk Assessment (TVRA) for Medical Devices

Autoren: Nabil Moukafih, Hongsen Zhang, Gregory Epiphaniou, Carsten Maple, Steve Taylor, Laura Carmichael
Veröffentlicht in: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments, 2025
Herausgeber: ACM
DOI: 10.1145/3652037.3663896

Blockchain-based data provenance architecture for IoMT-based healthcare systems

Autoren: Ravishankar Borgaonkar, Andrea Neverdal Skytterholm, Guillaume Bour
Veröffentlicht in: 3rd Workshop on SecUre aNd Resilient digItal tranSformation of healthcarE (SUNRISE 2025), 2025
Herausgeber: Springer Nature Link
DOI: 10.5281/ZENODO.18609072

Is My Data in Your Retrieval Database? Membership Inference Attacks Against Retrieval Augmented Generation

Autoren: Maya Anderson; Guy Amit; Abigail Goldsteen
Veröffentlicht in: Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
Herausgeber: SciTePress
DOI: 10.48550/ARXIV.2405.20446

Cybersecurity Guidances for Medical Devices: An MDCG and FDA Regulatory Comparison

Autoren: Andrea Neverdal Skytterholm, Christos Androutsos, Adamantios Ntanis, Martin Gilje Jaatun
Veröffentlicht in: 2025 IEEE International Conference on Smart Computing (SMARTCOMP), 2025
Herausgeber: IEEE
DOI: 10.1109/SMARTCOMP65954.2025.00079

Cyber-Risk Indicators for Connected Medical Devices

Autoren: Simeon Tverdal, Gencer Erdogan, Andrea Neverdal Skytterholm, Samuel M. Senior, Steve Taylor, Laura Carmichael
Veröffentlicht in: Communications in Computer and Information Science, Cybersecurity, 2025
Herausgeber: Springer Nature Switzerland
DOI: 10.1007/978-3-031-94855-8_19

Navigating cybersecurity compliance: The cyber compass for medical device manufacturers

Autoren: Andrea Neverdal Skytterholm, Adam Ntanis, Karin Bernsmed, Bjørn Magnus Mathisen, Egil Wille, Christos Androutsos, Martin Gilje Jaatun
Veröffentlicht in: 2025
Herausgeber: Springer Nature Link
DOI: 10.5281/ZENODO.18608956

From Manual to Automated Cyber Risk Assessment: LLM- and RAG-Driven Multi-Agent Threat Modeling with CORAS in Healthcare Case Studies

Autoren: Gencer Erdogan, Morgan Gillette, Simeon Tverdal, Ragnhild Halvorsrud
Veröffentlicht in: 2025 12th International Conference on Dependable Systems and Their Applications (DSA), 2025
Herausgeber: IEEE
DOI: 10.5281/ZENODO.17579818

Dynamic Cyber Risk Assessment for Connected Medical Devices: the NEMECYS Approach

Autoren: Gencer Erdogan, Laura Carmichael, Steve Taylor, Simeon Tverdal and Andrea Neverdal Skytterholm
Veröffentlicht in: Joint Proceedings of RCIS 2024 Workshops and Research Projects Track, 2024, ISSN 1613-0073
Herausgeber: Springer

Workshop Insights: Navigating Cybersecurity Regulations for Device Manufacturers and Healthcare Operators

Autoren: Andrea Skytterholm, Lars Halvdan Flå and Martin Gilje Jaatun
Veröffentlicht in: Cyber Science 2024 - Proceedings of the International Conference on Cybersecurity, Situational Awareness & Social Media, 2024, ISBN 0000000000000
Herausgeber: Springer Nature

Lessons Learned from a Cybersecurity Risk Assessment of OpenADR in Smart Grid Planning

Autoren: Gencer Erdogan, Aida Omerovic, Eivind Solvang, Andreas Killingberg, Are Kvinnesland, Inge Abrahamsen Avinor
Veröffentlicht in: 2025 IEEE International Conference on Cyber Security and Resilience (CSR), 2025
Herausgeber: IEEE
DOI: 10.1109/CSR64739.2025.11130051

Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts

Autoren: Samuel Senior, Laura Carmichael, Steve Taylor, Mike Surridge, Xavier Vilalta
Veröffentlicht in: Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
Herausgeber: SCITEPRESS - Science and Technology Publications
DOI: 10.5220/0013166900003899

MDCG 2019-16 Guidelines: Case Study-Based Assessment and Path Forward

Autoren: Christos Androutsos, Steve Taylor, Karin Bernsmed, Andrea Neverdal Skytterholm, Gregory Epiphaniou, Nabil Moukafih, Theodoros N. Arvanitis, Sotiris Messinis, Nikos Papadakis, Marco Fruscione, Andrés Castillo, Dusko Milojevic, Dimitrios S. Karas, Nikolaos Fotos, Max Ostermann, Oscar Freyer, Stephen Gilbert, Vasilis Pezoulas, Lambros Athanasiou, George Gkois, Dimitrios I. Fotiadis
Veröffentlicht in: Communications in Computer and Information Science, Cybersecurity, 2025
Herausgeber: Springer Nature Switzerland
DOI: 10.1007/978-3-031-94855-8_22

Aurora-fuzzware: Bridging the gap to enable practical fuzzing of microcontroller-based IoT devices

Autoren: Noah Holmdin, Ravishankar Borgaonkar, Egil Wille,Martin Gilje Jaatun
Veröffentlicht in: 3rd Workshop on SecUre aNd Resilient digItal tranSformation of healthcarE (SUNRISE 2025), 2025
Herausgeber: Springer Nature Link
DOI: 10.5281/ZENODO.18608799

Improving Membership Inference Attacks against Classification Models

Autoren: Shlomit Shachor, Natalia Razinkov and Abigail Goldsteen
Veröffentlicht in: Intelligent Decision Technologies. Proceedings of the 16th KES-IDT 2024 Conference, 2024, ISSN 2190-3018
Herausgeber: Springer Verlag

A Way Forward for the MDCG 2019-16 Medical Device Security Guidance

Autoren: Steve Taylor, et.al.
Veröffentlicht in: PETRA '24: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments, 2024, ISBN 9798400717604
Herausgeber: Association for Computing Machinery
DOI: 10.1145/3652037.3663894

NEMECYS: Addressing Challenges to Building Security Into Connected Medical Devices

Autoren: Martin Gilje Jaatun, Steve Taylor, Colin Upstill, Ariel Farkash, Salvador Garcia and Christos Androutsos
Veröffentlicht in: HCist - International Conference on Health and Social Care Information Systems and Technologies 2023, 2024, ISSN 1877-0509
Herausgeber: Elsevier
DOI: 10.1016/j.procs.2024.06.307

Membership Inference Attacks Against Time-Series Models

Autoren: Noam Koren; Abigail Goldsteen; Guy Amit; Ariel Farkash
Veröffentlicht in: Proceedings of Machine Learning Research, 2024
Herausgeber: ACML
DOI: 10.48550/ARXIV.2407.02870

Security-by-design challenges for medical device manufacturers

Autoren: Karin Bernsmed and Martin Gilje Jaatun
Veröffentlicht in: EICC '24: Proceedings of the 2024 European Interdisciplinary Cybersecurity Conference, 2024, ISBN 9798400716515
Herausgeber: Association for Computing Machinery
DOI: 10.1145/3655693.3661297

Fuzzing the ARM Cortex-M: A Survey

Autoren: Silje Marie Sørlien, Åse Marie Solnør, Karin Bernsmed and Martin Gilje Jaatun
Veröffentlicht in: Cyber Science 2024 - Proceedings of the International Conference on Cybersecurity, Situational Awareness & Social Media, 2024, ISBN 0000000000000
Herausgeber: Springer Nature

Leistungen

Veröffentlichungen

Diese Seite teilen Diese Seite in sozialen Netzwerken teilen

PDF-Datei herunterladen Den Inhalt der Seite herunterladen