Skip to main content

SAFEguard of Critical heAlth infrastructure

Periodic Reporting for period 1 - SAFECARE (SAFEguard of Critical heAlth infrastructure)

Reporting period: 2018-09-01 to 2019-08-31

Over the last decade, health services are at the same time among the most critical infrastructures and the most vulnerable ones. They are widely relying on information systems to optimize organization and costs, whereas ethics and privacy constraints severely restrict security controls and thus increase vulnerability. The aim of the project is to provide solutions that will improve physical and cyber security in a seamless and cost-effective way. It will promote new technologies and novel approaches to enhance threat prevention, threat detection, incident response and mitigation of impacts. The project will also participate in increasing the compliance between security tools and European regulations about ethics and privacy for health services. Finally, project pilots will take place in the hospitals of Marseille, Turin and Amsterdam, involving security and health practitioners, in order to simulate attack scenarios in near-real conditions. These pilot sites will serve as reference examples to disseminate the results and find customers across Europe. The European Union has faced numerous threats that quickly increased in their magnitude, changing the lives, the habits and the fears of hundreds of millions of citizens. The sources of these threats have been heterogeneous, as well as weapons to impact the population. As Europeans, we know now that we must increase our awareness against these attacks that can strike the places we rely upon the most and destabilize our institutions remotely. Today, the lines between physical and cyber worlds are increasingly blurred. Nearly everything is connected to the Internet and if not, physical intrusion might rub out the barriers. Threats cannot be analysed solely as physical or cyber, and therefore the most advanced technologies from the physical and cyber security spheres will be used to achieve a global optimum for systemic security and for the management of combined cyber and physical threats and incidents, their interconnections and potential cascading.
The work is performed thought several Work Packages :

Work Package 3
WP3 aims to improve the risk prevention capabilities. The state-of-the art has been updated with new vulnerabilities and new categories of attacks, combining physical and cyber threats. In addition, an identification of critical assets and a requirement analysis were performed. This permits to highlight several cascading attacks scenarios against health facilities. They have been classified by incident likelihood and impact severity.
Work Package 4
Five major modules are to be delivered in the frame work of this work package: The suspicious behaviour detection system, The intrusion detection system, Sensor data collection system, The mobile alerting system, The building threat monitoring system.
WP4 has delivered specifications of all five of these components. The combination on planned functionality from the detection systems with the prototypical mobile interface has been demonstrated at the M12 review.
Work Package 5
In order to improve the detection of Advanced Persistent Threats, a connector with the malware analyser has been integrated into the IT probe. Moreover, in order to detect anomalies on the IT network, machine learning algorithms have been developed and trained for threat detection with public datasets. To protect healthcare networks containing Building Management Systems and networked medical equipment, the sensor has been upgraded to support main e-health and building automation communication protocols.
Work Package 6
WP6 is devoted to the integration of physical and cyber security solutions, under development in WP4 and WP5 respectively. After the first six months of work, the WP6 defined the global architecture of the SAFECARE system has been delivered. It provides a description of each software of the ecosystem and how they interact with each other’s. Also, the Hospital Availability Management System module specifications have been delivered.
Work Package 7
The WP7, about Tests and demonstrations, will start at M18
Work Package 8
The WP8 is dedicated to the dissemination, exploitation and standardization.
The first achievement has been submitted, also several activities have already been put in place: Website, LinkedIn and Twitter profile, Material design for flyers, Events participation and Organization, Newsletters.
Work Package 1
WP1 will make sure to consolidate the DPIA evolve over the months.
Work Package 3
The studies performed at WP3 will support the specification and development of the new modules ensuring the use of the best technologies in terms of security and innovation. Once the environment set up and validated, a final version of the risk assessment and impact analysis report will be presented to health and security practitioners in order to improve health services availability and ensure a better patient safety.
Work Package 4
Progress on detection of suspicious behaviours and intrusions, and aggregation of video data together with data from access control systems and sensors and external systems (fire management, power management, etc.), is well underway and expected to produce the results specified in the deliverables to date. Similarly the mobile alerting system is well underway, and integration of the BTMS and MAS with the rest of the Safecare architecture, is making satisfactory progress towards the foreseen integrated solution.
Work Package 5
Five major modules are to be delivered in this framework:
• The IT threat detection system will improve detection capabilities on zero day attacks by identifying new activities as a deviation from normal behaviours.
• The BMS threat detection system will lead to an innovation capacity for preventing new threats targeting healthcare building networks.
• The advanced file analysis system will improve threat detection and deal with specific health related file formats
• The e-health devices security analytics will allow to identify meaningful security, threat and risk attributes for e-health devices.
• The cyber threat monitoring system will provide quick response strategies to face complex scenarios of cyber/physical attacks.

Work Package 6
WP6 is in the middle of the specification phase.
A central database that stores assets, incidents, impacts information and their interconnection, with an innovative approach based on ontologies, is being developed.
As a result, with the help of end-users, a dedicated graphic interface to visualize an incident, its cascading effects and potential impacts will be designed. Thus, SOC will have useful information, helping them to respond to an incident or mitigate a risk, in an effective way.
Work Package 7
In the framework of this work package, tests and demonstrations will be conducted on three different hospital sites. The feedback of the experience from these experimentations will have to be dispatch among partners in order to perfect the solution promoted by the SAFECARE project.
Work Package 7 will start at M18.
Work Package 8
A summary of what has been done (and could have been improved) in term of dissemination and communication will be proposed at the very end of the project. This will close the project and will sum up the key events of the development period in terms of communication and dissemination. It will be submitted at M35 to give the consortium the chance collect all relevant outputs until the end of the project.
Kick-off meeting in Marseille
Flyer Safecare