Skip to main content

A Universal Cyber Security Toolkit for Health-Care Industry

Periodic Reporting for period 1 - SPHINX (A Universal Cyber Security Toolkit for Health-Care Industry)

Reporting period: 2019-01-01 to 2020-06-30

SPHINX aims to introduce a health tailored Universal Cyber Security Toolkit, thus enhancing the cyber protection of Health and care IT Ecosystem and ensuring the patient data privacy and integrity. SPHINX toolkit will provide an automated zero-touch device and service verification toolkit that will be easily adapted or embedded on existing, medical, clinical or health available infrastructures, whereas a user/admin will be able to choose from a number of available security services through SPHINX cyber security toolkit. The SPHINX toolkit will enable service providers to specify complete services and sell or advertise these through a secure and easy to use interface.
SPHINX envisions a transparent cybersecurity ecosystem custom tailored for the health and care domain that: with minimal effort medical organizations (hospitals, medical center) will become aware and understand the cybersecurity risks (know or unknown threats and vulnerabilities) and will take informed decisions affecting their cyber-physical security and privacy. The proposed cybersecurity technology will transform the organisations’ decisions into reliable automated security services and solutions, will promote security-risk end-user habits through behavioural engineering, and deliver usable transparency.
During the first half of the SPHINX project (M1-M18), the consortium analysed the state-of-the-art in cybersecurity, the cybersecurity and information security status of the healthcare sector, alongside the pilots’ environment and specific requirements, where the components of SPHINX are aimed. Particular attention has been paid on ethical and legal issues that are inherent in endeavours that are related to health data, and rules were created and adapted to be followed by the project’s partners for its duration, and others to become the basis of the legal requirements for the exploitation of the project’s results. At the same time, a set of appropriate and applicable use cases has been generated, together with the first version of the SPHINX architecture, where the basis for the functionality and interactions between components and tools is defined. At this time, most of the 21 components have demonstrable results. Following the paradigm of continuous integration, interfaces and data exchange is designed and implemented as soon as it is required, since the project used a common code repository and integration environment from the beginning of the implementation cycles.
Conceptualisation, Use Cases and System Architecture
Work Package 2 is dedicated to the Conceptualisation, Use Cases and System Architecture of the SPHINX System. During this period, emphasis in the work performed was given to the:
• In-depth analysis of advanced cyber security threats digest
• Production of a comprehensive taxonomy of cyber threats
• Identification of ethical requirements and the analysis of the relevant regulatory and ethical framework for SPHINX System
• Systematisation of stakeholder/user requirements for advanced cybersecurity systems for healthcare organisations
• Definition of use cases for the SPHINX System that specifically address users' requirements and expectations
• Architectural design and technical specifications’ elicitation for the SPHINX System
• Organisation of the SPHINX Workshop on Cyber Security Situation Awareness for Health Organisations (CYBERSEC4HEALTH)

Technology Validation Pilots and Privacy assessment
During this period, emphasis was given to record the ICT infrastructure and the assets in the pilot sites (DYPE5’s two hospitals, POLARIS hospital and HESE hospital) with respect to the characteristics that could potential affect the deployment and operation of the SPHINX system. Furthermore, we executed two cyber-security awareness surveys targeting to two different groups of healthcare employees. The responses were analysed and revealed a low-level of cyber-security awareness in SPHINX pilots which is also associated with the low number of ICT resources.

SPHINX Common Integration Platform & Incremental Strategy
During this period, emphasis was given to define the implementation framework and procedures, the tools to support the defined workflow as well as technologies to be integrated in the SPHINX software with the aim to reach a consensus between the consortium members and successfully deliver the SPHINX software in incremental releases. After this initial phase, emphasis was given in the preparation and deployment of the environment for continuous integration and testing of the SHPINX components.

Cyber security risk assessment & Beyond – Sphinx Intelligence, Sphinx Toolkits, Analysis and Decision Making
During this period, emphasis was given to start the discussion of detailed component architecture and definition of the common data structures for inter-component communication. Setup of an internal task to follow the ENISA progress on Cybersecurity certification process and start of the implementation of a very simple SandBox version using opensource components as well as the start of the Analysis on Situational Awareness Approaches for Advanced Threats Management.

SPHINX Toolkits
During this period, the work started by defining the initial component design and feature selection based on the previously elicited requirements and use cases from WP2 deliverables. Moved on to provide a high-level sequence diagram for the main flow of each components and having a close discussion internally on how it would fit the holistic view for the project. All tech partners were tasked and delivered a specification of each tool’s services using the standard OpenAPI format. These APIs were uploaded to the central Gitlab repository for the project and kept versioned when changes occur, to ensure accountability, integrity and general cohesion. From that skeleton API the different tech partners started the development of a minimum viable product for each component.

Analysis and Decision Making
During this period, emphasis was given to the connection between the various SPHINX components necessary for the facilitation of analysis and decision making processes. After pinpointing the “key” interfaces of the Decision Support System (DSS) component, output data samples were requested and received by the component developers. All relevant data received and produced will be stored in a NoSQL database and the Analytic Engine (AE) shall produce analytics that will enhance the user’s situational awareness, like what course of actions is mostly used for a specific kind of attack, details of the packet responsible for the attack etc.

SPHINX Dissemination, sustainability and exploitation
During this reporting period SPHINX has focused the efforts to prepare the ground for its future exploitation and sustainability, beyond the end of the project. The first key priority has been to design carefully the dissemination plan in order to increase awareness at the targeted audience about the project and engage them for the entire project duration. Based on the plan, the entire consortium has been implementing several dissemination activities continuously. SPHINX has also been implementing horizontal tasks to design the initial version of the exploitation and sustainability plan.
During this period, the emphasis was given to increase awareness through dissemination activities and organise the exploitation activities that should start the upcoming period.