Periodic Reporting for period 2 - SAFECARE (SAFEguard of Critical heAlth infrastructure)
Reporting period: 2019-09-01 to 2021-11-30
SAFECARE conceived an integrated cyber-physical security approach and designed an architecture that combines together different monitoring and management tools, each considering a specific aspect of the global solution. Assets, vulnerabilities, threats, incidents, and impacts are all considered together with their dependencies, forming a shared intelligence that greatly enhances the value of each single data.
WP3 aimed to improve the risk prevention capabilities. The state-of-the art has been updated with new vulnerabilities and new categories of attacks, combining physical and cyber threats. In addition, an identification of critical assets and a requirement analysis were performed. This permits to highlight several cascading attacks scenarios against health facilities. They have been classified by incident likelihood and impact severity. A methodology combining both EBIOS and BowTie has been defined and used for a detailed analysis of risks and related cyber and physical controls.
The Consortium could rely on an analysis of EU legal framework relevant to SAFECARE with specific sections dedicated to applicable laws and regulations in MS where pilot demonstrations took place.
WP4 concerned the physical security of the overall cyber-physical approach of SAFECARE. Five major modules are delivered: the suspicious behavior detection system, the intrusion detection system, the sensor data collection system, the mobile alerting system, the building threat monitoring system.
The specifications of four modules are available as public deliverables on the website. Three patents have been filed.
WP5 was dedicated to cyber security solutions. Five main modules and prototypes are delivered: the IT threat detection system, the BMS threat detection system, the advanced file analysis system, the E-health devices security analytics, the cyber threat monitoring system. The specifications of three modules are available as public deliverables on the website.
WP6 was about the definition of the global architecture of SAFECARE and the design and development of integrated cyber-physical security solutions. WP6 activities have been successfully completed and developed tools have been deployed several times and on different platforms/facilities, according to the test and demonstrations phase: the Data Exchange Layer, the Central Database, the prototype of Impact Propagation and Detection System Model (ready and capable to exchange data with the central database), the Threat response and alert system (TRAS), the Hospital availability management system (HAMS) and the E-health security risk management model.
The WP7 had the general objective of testing the full prototype on a test platform, training security and health practitioners to use the prototypes, deploying test beds and demonstrating the full prototype in an operational environment and evaluating the security impact of the prototype on risk assessment. All these objectives have been successfully reached.
Tests and demonstrations have been conducted in three different hospital sites (Turin, Marseille and Amsterdam) and on a virtual hospital. The feedbacks from these experimentations were dispatched among all the partners in order to perfect the solution promoted by SAFECARE.
The WP8 was dedicated to the dissemination, exploitation and standardization. SAFECARE held its first public project event in M13, which attracted a wide audience and was a valuable opportunity for discussion with stakeholders external to the project. Collaboration within the research community has increased via participation in the European Cluster for Securing Critical Infrastructure (ECSCI) and its respective dissemination activities, but also through coorganization of a big clustering event with two other INFRA projects (SecureGas and SATIE). Further, SAFECARE Commercial Event took place at M39 as a hybrid event (online and in the CNAM premises in Paris) and offered participants the opportunity to learn about the project’s main achievements and to be shown the SAFECARE solutions developed.
The cyber and physical security standards in the healthcare sector, their importance, best practices, as well as the gaps, recommendations, the cyber and physical security certification related issues, were identified and presented (based on the normative literature, SAFECARE partners’ and external stakeholders’ knowledge and experience).
An analysis of all items of knowledge involved in the project has been carried out and innovative aspects of results have been identified, while paying particular attention to the related IP rights and the measures that have been applied for their protection.
The definition of critical assets, requirements and scenarios of threat was done as the basis for the specifications and work that has been carried out. This allowed the development of a framework that has a real impact in the hospital’s security. Twelve scenarios have been modelised. One scenario was updated due to the covid-19 situation and another one to take into account non malveillant incidents. A new methodology, combining both EBIOS RM and Bowtie, has been designed to describe risks.
The estimation of impacts and cascading effects, the visualization of impacted assets and the integration with physical and cyber detection systems (impacts are visualized and considered by BTMS, MAS, CTMS, TRAS and HAMS) is a key feature of SAFECARE and has positive effects on the management of incidents as it improves the awareness of security staff and provides automatic decision support.
The approach to a cyber-physical integrated security constitutes the most relevant added value of SAFECARE solution, as recognized by SAFECARE experts’ boards. This stood out also from demonstrations survey results. The provisioning of a unique solution for both cyber and physical security, and the innovative functionalities provided, could be adopted by European hospitals, with a positive impact on the protection and safety of these critical infrastructures of patients and staff.