WP1 (Ethics) and WP2 (Management) helped with a smooth realisation of all the tasks and the use of the modules in compliance with ethical principles.
WP3 aimed to improve the risk prevention capabilities. The state-of-the art has been updated with new vulnerabilities and new categories of attacks, combining physical and cyber threats. In addition, an identification of critical assets and a requirement analysis were performed. This permits to highlight several cascading attacks scenarios against health facilities. They have been classified by incident likelihood and impact severity. A methodology combining both EBIOS and BowTie has been defined and used for a detailed analysis of risks and related cyber and physical controls.
The Consortium could rely on an analysis of EU legal framework relevant to SAFECARE with specific sections dedicated to applicable laws and regulations in MS where pilot demonstrations took place.
WP4 concerned the physical security of the overall cyber-physical approach of SAFECARE. Five major modules are delivered: the suspicious behavior detection system, the intrusion detection system, the sensor data collection system, the mobile alerting system, the building threat monitoring system.
The specifications of four modules are available as public deliverables on the website. Three patents have been filed.
WP5 was dedicated to cyber security solutions. Five main modules and prototypes are delivered: the IT threat detection system, the BMS threat detection system, the advanced file analysis system, the E-health devices security analytics, the cyber threat monitoring system. The specifications of three modules are available as public deliverables on the website.
WP6 was about the definition of the global architecture of SAFECARE and the design and development of integrated cyber-physical security solutions. WP6 activities have been successfully completed and developed tools have been deployed several times and on different platforms/facilities, according to the test and demonstrations phase: the Data Exchange Layer, the Central Database, the prototype of Impact Propagation and Detection System Model (ready and capable to exchange data with the central database), the Threat response and alert system (TRAS), the Hospital availability management system (HAMS) and the E-health security risk management model.
The WP7 had the general objective of testing the full prototype on a test platform, training security and health practitioners to use the prototypes, deploying test beds and demonstrating the full prototype in an operational environment and evaluating the security impact of the prototype on risk assessment. All these objectives have been successfully reached.
Tests and demonstrations have been conducted in three different hospital sites (Turin, Marseille and Amsterdam) and on a virtual hospital. The feedbacks from these experimentations were dispatched among all the partners in order to perfect the solution promoted by SAFECARE.
The WP8 was dedicated to the dissemination, exploitation and standardization. SAFECARE held its first public project event in M13, which attracted a wide audience and was a valuable opportunity for discussion with stakeholders external to the project. Collaboration within the research community has increased via participation in the European Cluster for Securing Critical Infrastructure (ECSCI) and its respective dissemination activities, but also through coorganization of a big clustering event with two other INFRA projects (SecureGas and SATIE). Further, SAFECARE Commercial Event took place at M39 as a hybrid event (online and in the CNAM premises in Paris) and offered participants the opportunity to learn about the project’s main achievements and to be shown the SAFECARE solutions developed.
The cyber and physical security standards in the healthcare sector, their importance, best practices, as well as the gaps, recommendations, the cyber and physical security certification related issues, were identified and presented (based on the normative literature, SAFECARE partners’ and external stakeholders’ knowledge and experience).
An analysis of all items of knowledge involved in the project has been carried out and innovative aspects of results have been identified, while paying particular attention to the related IP rights and the measures that have been applied for their protection.