Dynamic risk assessment approach for analysing cyber security events in medical IoT networks

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2024-11-20 DOI:10.1016/j.iot.2024.101437

Ricardo M. Czekster , Thais Webber , Leonardo Bertolin Furstenau , César Marcon

{"title":"Dynamic risk assessment approach for analysing cyber security events in medical IoT networks","authors":"Ricardo M. Czekster , Thais Webber , Leonardo Bertolin Furstenau , César Marcon","doi":"10.1016/j.iot.2024.101437","DOIUrl":null,"url":null,"abstract":"<div><div>Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"29 ","pages":"Article 101437"},"PeriodicalIF":6.0000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003780","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.

查看原文本刊更多论文

用于分析医疗物联网网络安全事件的动态风险评估方法

医疗物联网（MIoT）技术的进步方便了远程健康监测和医疗设备的有效管理。然而，这些发展也使系统面临新的网络安全风险，因为复杂的威胁行为者会利用基础设施漏洞访问敏感数据或部署恶意软件，从而威胁患者安全、设备可靠性和信任度。本文介绍了一种轻量级动态风险评估方法，利用基于场景的模拟来分析 MIoT 基础设施中的网络安全事件，并对组织内的网络安全活动进行补充。该方法包括合成数据和威胁模型，以丰富离散事件模拟，全面了解新兴威胁及其对医疗环境的潜在影响。我们的模拟场景说明了该模型在处理数据流和捕捉医疗环境特征时的行为。我们的研究结果通过强调潜在威胁和缓解策略证明了该模型的有效性。从这些模拟中获得的见解突出了该模型的灵活性，使其能够适应各种医疗环境，并支持持续的风险评估，以增强移动医疗系统的安全性和弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.