{"title":"用于分析医疗物联网网络安全事件的动态风险评估方法","authors":"Ricardo M. Czekster , Thais Webber , Leonardo Bertolin Furstenau , César Marcon","doi":"10.1016/j.iot.2024.101437","DOIUrl":null,"url":null,"abstract":"<div><div>Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"29 ","pages":"Article 101437"},"PeriodicalIF":6.0000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Dynamic risk assessment approach for analysing cyber security events in medical IoT networks\",\"authors\":\"Ricardo M. Czekster , Thais Webber , Leonardo Bertolin Furstenau , César Marcon\",\"doi\":\"10.1016/j.iot.2024.101437\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"29 \",\"pages\":\"Article 101437\"},\"PeriodicalIF\":6.0000,\"publicationDate\":\"2024-11-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660524003780\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003780","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Dynamic risk assessment approach for analysing cyber security events in medical IoT networks
Advancements in Medical Internet of Things (MIoT) technology ease remote health monitoring and effective management of medical devices. However, these developments also expose systems to novel cyber security risks as sophisticated threat actors exploit infrastructure vulnerabilities to access sensitive data or deploy malicious software, threatening patient safety, device reliability, and trust. This paper introduces a lightweight dynamic risk assessment approach using scenario-based simulations to analyse cyber security events in MIoT infrastructures and supplement cyber security activities within organisations. The approach includes synthetic data and threat models to enrich discrete-event simulations, offering a comprehensive understanding of emerging threats and their potential impact on healthcare settings. Our simulation scenario illustrates the model’s behaviour in processing data flows and capturing the characteristics of healthcare settings. Our findings demonstrate its validity by highlighting potential threats and mitigation strategies. The insights from these simulations highlight the model’s flexibility, enabling adaptation to various healthcare settings and supporting continuous risk assessment to enhance MIoT system security and resilience.
期刊介绍:
Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT.
The journal will place a high priority on timely publication, and provide a home for high quality.
Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.