NEw MEdical CYbersecurity assessment and design Solutions

Resultado final

Research ethics assessment and management plan for NEMECYS activities, with possible recommendations for improvements. Updated on need.

Project public website

A dedicated public website will be developed to serve as a communication and dissemination platform for the project.

Systematic review of documentation (initial)

A comprehensive review based on desk research of current regulations, guidelines, standards and best practices regarding cyber security of medical devices, identifying the relevant stakeholders for the included measures.

Dissemination & Communication Plan

A living document that coordinates and aligns all communication and dissemination activities.

Exploitation plan (initial)

Preliminary analysis identifying exploitable items and first draft exploitation plans for each, taking communication activities into account.

Data Management plan (final)

The data management plan will include information on: - the handling of research data during & after the end of the project- what data will be collected, processed and/or generated- which methodology & standards will be applied- whether data will be shared/made open access and- how data will be curated & preserved (including after the end of the project).

Risk Benefit Schemes (initial)

Synthesis of T2.1 – T2.5 inclusive for balanced and proportionate risk assessment and control, delivered in two iterations (M18 & M28).

Report on Dissemination and Communication Activities (first)

Reporting on accomplished dissemination and communication activities in first half of project.

Data Management Plan (Initial)

The data management plan will include information on: - the handling of research data during & after the end of the project- what data will be collected, processed and/or generated- which methodology & standards will be applied- whether data will be shared/made open access and- how data will be curated & preserved (including after the end of the project).

Publicaciones

Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices

Autores: Laura Carmichael, Steve Taylor, Samuel Senior, Mike Surridge, Gencer Erdogan, Simeon Tverdal
Publicado en: Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
Editor: SCITEPRESS - Science and Technology Publications
DOI: 10.5220/0013306100003899

Semi-Automated Threat Vulnerability & Risk Assessment (TVRA) for Medical Devices

Autores: Nabil Moukafih, Hongsen Zhang, Gregory Epiphaniou, Carsten Maple, Steve Taylor, Laura Carmichael
Publicado en: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments, 2025
Editor: ACM
DOI: 10.1145/3652037.3663896

Blockchain-based data provenance architecture for IoMT-based healthcare systems

Autores: Ravishankar Borgaonkar, Andrea Neverdal Skytterholm, Guillaume Bour
Publicado en: 3rd Workshop on SecUre aNd Resilient digItal tranSformation of healthcarE (SUNRISE 2025), 2025
Editor: Springer Nature Link
DOI: 10.5281/ZENODO.18609072

Is My Data in Your Retrieval Database? Membership Inference Attacks Against Retrieval Augmented Generation

Autores: Maya Anderson; Guy Amit; Abigail Goldsteen
Publicado en: Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
Editor: SciTePress
DOI: 10.48550/ARXIV.2405.20446

Cybersecurity Guidances for Medical Devices: An MDCG and FDA Regulatory Comparison

Autores: Andrea Neverdal Skytterholm, Christos Androutsos, Adamantios Ntanis, Martin Gilje Jaatun
Publicado en: 2025 IEEE International Conference on Smart Computing (SMARTCOMP), 2025
Editor: IEEE
DOI: 10.1109/SMARTCOMP65954.2025.00079

Cyber-Risk Indicators for Connected Medical Devices

Autores: Simeon Tverdal, Gencer Erdogan, Andrea Neverdal Skytterholm, Samuel M. Senior, Steve Taylor, Laura Carmichael
Publicado en: Communications in Computer and Information Science, Cybersecurity, 2025
Editor: Springer Nature Switzerland
DOI: 10.1007/978-3-031-94855-8_19

Navigating cybersecurity compliance: The cyber compass for medical device manufacturers

Autores: Andrea Neverdal Skytterholm, Adam Ntanis, Karin Bernsmed, Bjørn Magnus Mathisen, Egil Wille, Christos Androutsos, Martin Gilje Jaatun
Publicado en: 2025
Editor: Springer Nature Link
DOI: 10.5281/ZENODO.18608956

From Manual to Automated Cyber Risk Assessment: LLM- and RAG-Driven Multi-Agent Threat Modeling with CORAS in Healthcare Case Studies

Autores: Gencer Erdogan, Morgan Gillette, Simeon Tverdal, Ragnhild Halvorsrud
Publicado en: 2025 12th International Conference on Dependable Systems and Their Applications (DSA), 2025
Editor: IEEE
DOI: 10.5281/ZENODO.17579818

Dynamic Cyber Risk Assessment for Connected Medical Devices: the NEMECYS Approach

Autores: Gencer Erdogan, Laura Carmichael, Steve Taylor, Simeon Tverdal and Andrea Neverdal Skytterholm
Publicado en: Joint Proceedings of RCIS 2024 Workshops and Research Projects Track, 2024, ISSN 1613-0073
Editor: Springer

Workshop Insights: Navigating Cybersecurity Regulations for Device Manufacturers and Healthcare Operators

Autores: Andrea Skytterholm, Lars Halvdan Flå and Martin Gilje Jaatun
Publicado en: Cyber Science 2024 - Proceedings of the International Conference on Cybersecurity, Situational Awareness & Social Media, 2024, ISBN 0000000000000
Editor: Springer Nature

Lessons Learned from a Cybersecurity Risk Assessment of OpenADR in Smart Grid Planning

Autores: Gencer Erdogan, Aida Omerovic, Eivind Solvang, Andreas Killingberg, Are Kvinnesland, Inge Abrahamsen Avinor
Publicado en: 2025 IEEE International Conference on Cyber Security and Resilience (CSR), 2025
Editor: IEEE
DOI: 10.1109/CSR64739.2025.11130051

Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts

Autores: Samuel Senior, Laura Carmichael, Steve Taylor, Mike Surridge, Xavier Vilalta
Publicado en: Proceedings of the 11th International Conference on Information Systems Security and Privacy, 2025
Editor: SCITEPRESS - Science and Technology Publications
DOI: 10.5220/0013166900003899

MDCG 2019-16 Guidelines: Case Study-Based Assessment and Path Forward

Autores: Christos Androutsos, Steve Taylor, Karin Bernsmed, Andrea Neverdal Skytterholm, Gregory Epiphaniou, Nabil Moukafih, Theodoros N. Arvanitis, Sotiris Messinis, Nikos Papadakis, Marco Fruscione, Andrés Castillo, Dusko Milojevic, Dimitrios S. Karas, Nikolaos Fotos, Max Ostermann, Oscar Freyer, Stephen Gilbert, Vasilis Pezoulas, Lambros Athanasiou, George Gkois, Dimitrios I. Fotiadis
Publicado en: Communications in Computer and Information Science, Cybersecurity, 2025
Editor: Springer Nature Switzerland
DOI: 10.1007/978-3-031-94855-8_22

Aurora-fuzzware: Bridging the gap to enable practical fuzzing of microcontroller-based IoT devices

Autores: Noah Holmdin, Ravishankar Borgaonkar, Egil Wille,Martin Gilje Jaatun
Publicado en: 3rd Workshop on SecUre aNd Resilient digItal tranSformation of healthcarE (SUNRISE 2025), 2025
Editor: Springer Nature Link
DOI: 10.5281/ZENODO.18608799

Improving Membership Inference Attacks against Classification Models

Autores: Shlomit Shachor, Natalia Razinkov and Abigail Goldsteen
Publicado en: Intelligent Decision Technologies. Proceedings of the 16th KES-IDT 2024 Conference, 2024, ISSN 2190-3018
Editor: Springer Verlag

A Way Forward for the MDCG 2019-16 Medical Device Security Guidance

Autores: Steve Taylor, et.al.
Publicado en: PETRA '24: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments, 2024, ISBN 9798400717604
Editor: Association for Computing Machinery
DOI: 10.1145/3652037.3663894

NEMECYS: Addressing Challenges to Building Security Into Connected Medical Devices

Autores: Martin Gilje Jaatun, Steve Taylor, Colin Upstill, Ariel Farkash, Salvador Garcia and Christos Androutsos
Publicado en: HCist - International Conference on Health and Social Care Information Systems and Technologies 2023, 2024, ISSN 1877-0509
Editor: Elsevier
DOI: 10.1016/j.procs.2024.06.307

Membership Inference Attacks Against Time-Series Models

Autores: Noam Koren; Abigail Goldsteen; Guy Amit; Ariel Farkash
Publicado en: Proceedings of Machine Learning Research, 2024
Editor: ACML
DOI: 10.48550/ARXIV.2407.02870

Security-by-design challenges for medical device manufacturers

Autores: Karin Bernsmed and Martin Gilje Jaatun
Publicado en: EICC '24: Proceedings of the 2024 European Interdisciplinary Cybersecurity Conference, 2024, ISBN 9798400716515
Editor: Association for Computing Machinery
DOI: 10.1145/3655693.3661297

Fuzzing the ARM Cortex-M: A Survey

Autores: Silje Marie Sørlien, Åse Marie Solnør, Karin Bernsmed and Martin Gilje Jaatun
Publicado en: Cyber Science 2024 - Proceedings of the International Conference on Cybersecurity, Situational Awareness & Social Media, 2024, ISBN 0000000000000
Editor: Springer Nature

Resultado final

Publicaciones

Compartir esta página Compartir esta página en las redes sociales

Descargar Descargar el contenido de la página