A Dynamic and Self-Organized Artificial Swarm Intelligence Solution for Security and Privacy Threats in Healthcare ICT Infrastructures

The healthcare sector has undergone dramatic changes in the past several years, primarily spurred by the adoption of new medical technology including IoT, Cloud Computing, and Big Data. The increasing interconnection of technology in healthcare between devices at the physical and cyber levels has transformed these infrastructures into large Health Care Information Infrastructures (HCIIs), which are considered critical and sensitive due to their importance for people’s well-being and safety. On the other hand, the evolving digital interconnectivity of medical devices has also changed the threat landscape, as the digitalization of patient data is attracting more attention from cybercriminals, producing a wide range of security and privacy challenges and increasing the danger of potential cybersecurity attacks in HCIIs. The integrated nature introduces new potential entry points for propagating cyber-attacks and risks. In addition, health critical infrastructures have cyber-physical aspects, with medical equipment, such as x-ray machines, which malicious actors might control remotely, causing patient harm. Hospitals, health plans, research labs handle unique and valuable assets that are more and more exposed to cyber threats. Personal health information (PHI) and (EHRs) constitute another very sensitive asset, only found in health care infrastructures, due to the sensitivity of information included.
The overall objective of the AI4HEALTHSEC project is to enhance the security and resilience of the modern digital healthcare ecosystems and the provided medical supply chain services through the provision of a novel Dynamic Situational Awareness Framework (DSAF). DSAF will support, on design level, the HCIIs and the other stakeholders comprising the Health Care ecosystem to recognize, identify, model, and dynamically analyse cyber risks. It will support forecasting, treatment and response to advanced persistent threats and handle daily cyber-security and privacy risks, incidents and data breaches and will establish new scientific foundation in assessing and reducing security risks and incidents, cascading effects of threats, and propagated vulnerabilities, addressing the complexity of underlying interconnected healthcare infrastructures, entities, supply chain services, applications and cyber assets.

The main results achieved in the first reporting period are:
- The Swarm Intelligent model is developed that considers two types of conceptual agents, i.e. primary and supervisor. The communication and coordination among the agents are structured and formulated to tackle the risks and incidents for enhancing security and resilience of healthcare eco system.
- The Individualised Autonomous Networking Protocol has been designed to support this objective. The protocol is currently in implementation phase that provides distributed data management and reasoning capability.
- The design and development of data sensing and data Fusion functionalities and models, of the anomalies identification functions and of the orchestration functions have started. A concrete incident handling methodology has been defined based on NIST, including identification of events, analysis and evaluation, response, and post-incident response operations.
- The detailed specification of the AI4HEALTHSEC framework has been developed that aims to provide a dynamic situational awareness for the overall healthcare eco system. The defined framework is called evidence-driven Risk and privacy Assessment methodology for Healthcare ecosystem (RA4Health).
- The preliminary implementation of the modules of the AI4HEALTHSEC system has been released. The integration plan has been defined and the final platform integration activities have been initiated (some functionalities are already partly available).
- The pilot scenarios have been defined, also identifying the specific technical needs to deploy the AI4HEALTHSEC system in the corresponding real operational environments. The preliminary operations for the deployment of the AI4HEALTHSEC Framework have started.
Several dissemination activities and actions have been performed by the members of the consortium, through the participation in workshops, events, conferences and seminars, the use of social media, the presentation of scientific papers, the publication of articles and others.

The project’s ambition is to integrate, validate and roll-out an AI DSAF for HCIIs which will be able to address and cover the distributed and interconnected nature of complex, interrelated cyber components, network and operating environments. The ground-breaking nature of the project’s objectives is based on the introduction of:
- a rigorous, rational approach for the identification, classification evaluation and mitigation of the detected vulnerabilities, threats and risks associated with the interdependent and interconnected HCIIs together with their cascading effects;
- forecasting procedures for predicting and representing combined attacks/threats paths and patterns and measuring their effectiveness and applicability;
- incident handling and response models and processes that combine active approaches that are used to detect and analyse anomaly activities and attacks in real-time with reactive approaches that deals with the analysis of the underlying infrastructure to assess an incident;
- techniques for producing real-time insights, alerts and warnings about cyber events;
- extraction and acquisition process to retrieve evidential data from the compromised HCIIs in a way that ensures their integrity and validity;
- innovative approaches and algorithms based on unobserved components techniques and linear state-space models, in order to identify attacks and incidents and extract or infer meaningful information from cyber systems;
- empirical approach to stimulate the behaviour of Health Care stakeholders to measure the cascading effects of various cyber-attack patterns and security incidents within the Health Care digital ecosystem;
- a variety of hybridization forms of mathematical models and means combining data mining, machine learning and visualization techniques and tools to optimize the automatic analysis of huge amounts of events, information and evidence from multiple, different and diverse sources;
- novel processes of attacks’ scenarios reconstruction and evidence representation to increase the efficiency of investigation results.
The project advances the state-of-the-art in cyber situational awareness for the HCIIs, through introducing a novel swarm-inspired, self-organizing and dynamic collaboration approach, incorporating novel mathematical instrument for managing security risks information, incidents, threats and vulnerabilities, as well as through exploiting novel Big Data technologies.
It will combat cyber advanced persistent threats and security incidents that can be part of wider plans for cyber-attacks and cyber-organized crime, improving the security and the resilience of the EU HCIIs, persons and first responders against cyber advanced persistent threats and actors. The project’s outputs and knowledge can be transferred and be usable on the cyber security and privacy protection of any critical infrastructure, making such knowledge available to stakeholders of other critical infrastructures, to avoid potential attack replications, and increase the total security and privacy level of the EU Critical Infrastructures.