Periodic Reporting for period 2 - SPHINX (A Universal Cyber Security Toolkit for Health-Care Industry)
Période du rapport: 2020-07-01 au 2022-03-31
SPHINX’s approach is focused on the analysis of cyber vulnerabilities of health critical infrastructures, including the combination of both real situation awareness and cyber situation awareness within the environment of the infrastructure. In order to make this feasible, a multidisciplinary group of innovators driven by start-ups, consolidated SMEs in the health domain, experts in the security domain from research institutes, international networks in cybersecurity, and key industry drivers came together to provide an innovative action and solution to protect the health critical infrastructure.
The SPHINX consortium moved from theory to practice, implementing these tools, test them, integrate them with a common cyber security toolkit, including advanced visualisation dashboards and third parties enabling APIs. This process happened over two major development and testing iterations with the SPHINX Ecosystem Demo Platform deployed in all three pilot sites, and the measurements collected were validated against the KPIs set. The intensive dissemination led to the organising and taking part in multiple workshops and events, training activities, synergistic activities with other closely linked projects (PANACEA and CureX), scientific publications and participation in scientific conferences etc.
* A comprehensive awareness about the cybersecurity landscape of healthcare organisations
* The acknowledgement of a prevailing regulatory and ethical framework for SPHINX
* Identification of key performance indicators to enable the evaluation of the SPHINX’s performance and impact in the cybersecurity systems of healthcare organisations
* The identification of the SPHINX requirements and guidelines, built upon the consideration of the latest cybersecurity needs and expectations
Technology Validation Pilots and Privacy assessment
* The SPHINX Ecosystem Demo Platform was implemented by successfully deploying the SPHINX Universal Cybersecurity Toolkit to all the 3 pilot sites
* For validation and measurement purposes, a replication/emulation environment of Hospital’s legacy systems was implemented and installed
* Measurement Results of pilot activities where test scenarios for specific cyberattacks and use-cases have been evaluated using Key Performance Indicators
* Demonstrated the SPHINX toolkit efficiency to proactively and reactively mitigate risks and respond to cyber-incidents.
* Feedback from Users’ experience (largely positive) on SPHINX ecosystem environment captured and assessed
SPHINX Common Integration Platform & Incremental Strategy
* Configuration, deployment and maintenance of the tools and the infrastructure required to support SPHINX components’ deployment and testing
* Implementation and deployment of the Common Integration Platform components
* Definition and testing of well-functioning interfaces for the interconnection and operation of the SPHINX components
* Integration and testing of the SPHINX components
Cyber security risk assessment & Beyond – Sphinx Intelligence, Sphinx Toolkits, Analysis and Decision Making
* Review of existing situational awareness standards, techniques, tools, and technologies
* Components’ internal design and formal definition of their interfaces
* Setup of initial computational infrastructure to test the integration of tools to support the system release process
* Stability enhancement of the developed components and deployment on SPHINX platforms
SPHINX Toolkits
* Integration between the subcomponents and execution of demo cases to test the functionalities
* Release of the SPHINX toolkits with their interconnections and microservice architecture
* Initial MVP for each tool of the Toolkit
Analysis and Decision Making
Development, integration and testing of
* Decision Support System and Analytic Engine
* Attack & Behaviour Simulators
* Interactive Dashboards
* Knowledge Base Repository
SPHINX Dissemination, sustainability and exploitation
* Multiple far-reaching dissemination and communication activities
* Expansion of synergy activities and establishment of new ones
* Market analysis to collect relevant exploitation and sustainability related information
* Exploitation and sustainability strategy of the project, including a business plan for SPHINX Toolkit commercialisation.
* Organisation of training activities dedicated to the capacity building