Digital transformation in healthcare is the leveraging of advanced technologies to improving the delivery of care to patients and to coping with new requirements of such delivery, most notably the shift from hospital care to home care. While patient-needs-centric, it also necessarily requires changes and improvements of healthcare-related processes. Whereas various benefits of this transformation are broadly acknowledged, the increased connectivity; the huge volume of -sensitive- health information; and the lack of sufficient cybersecurity awareness and culture among both healthcare professionals and patients result in increased cybersecurity risk and make digital healthcare attractive to cyber criminals and prone to cybersecurity attacks such as phishing, ransomware, distributed denial-of-service attacks, and malware. The increasing connection of medical devices to the Internet, hospital networks and other medical devices expands the attack surface making the patient safety risks higher. The recent COVID-19 pandemic highlighted the interdependence and co-evolutionary dynamic of the cybersecurity and privacy risks in healthcare. All these have raised the need to develop new solutions to increase the cybersecurity and resilience of the healthcare sector and its supply chain.
Submission instruction for the workshop can be found here: https://cyballiance.nr.no/sunrise-2024/
Organizers
Habtamu Abie, habtamu.abie@nr.no
Vasileios Gkioulos, vasileios.gkioulos@ntnu.no
Sokratis Katsikas, sokratis.katsikas@ntnu.no
Sandeep Pirbhulal, sandeep@nr.no
Program
09:00 – 09:10
Opening Session: Introduction to the Workshop
Chair: Sandeep Pirbhulal/Habtamu Abie
09:10 – 09:50
Invited Keynote 1
Chair: Sandeep Pirbhulal
Invited Keynote Title: AI for Healthcare Security: The Intersection of Innovation and Resilience
Speaker: Ankur Shukla, Institute for Energy Technology (IFE), Norway
Abstract: TBD
Keywords: Healthcare Security, Resilience, AI, Medical Information
Email: Ankur.Shukla@ife.no
Website: https://ife.no/employee/ankur-shukla/
09:50 – 10:30
SESSION 1: Resilience and Dynamic Risk Assessment in Healthcare
Chair: Vasileios Gkioulos (TBC)
An Architecture of Adaptive Cognitive Digital Twins for Resilient Healthcare Infrastructures and Services, 09:50-10-10
Authors: Shouhuai Xu, Sandeep Pirbhulal and Habtamu
Presenter: Sandeep Pirbhulal, Norsk Regnesentral, Norway
Abstract: Modern healthcare infrastructures and services are dependent on ad- vanced data analytics, sensing and communication technologies, including 5G/6G networks, Artificial intelligence (AI), Internet of Medical Things (IoMT), In- formation Technology (IT), and Operational Technology (OT). This integration introduces multiple vulnerabilities that cyber attackers could exploit to launch successful attacks on modern healthcare infrastructures and services. Therefore, securing end-to-end monitoring of sensitive healthcare infrastructures and ser- vices, and identifying potential vulnerabilities, is crucial for achieving resilient healthcare infrastructures and services. In this study, we propose an architecture designed to enhance the resilience of healthcare infrastructures and services. This architecture is centered around the concept of Adaptive Cognitive Digital Twins (ACDTs), which are capable of orchestrating adaptive defenses to proactively re- spond to anticipated cyber-attacks. We detail the functions at each layer of the architecture.
Keywords: Internet of Medical Things, Digital Twins, Adaptive Security, Resilience
Email: sandeep@nr.no
Website: https://nr.no/ansatte/sandeep-pirbhulal/
Dynamic Safety and Security Risk Assessment in Healthcare and Critical Infrastructures, 10:10-10:30
Authors: Sabarathinam Chockalingam, Sandeep Pirbhulal, Pallavi Kaliyar and Habtamu Abie
Presenter: Sabarathinam Chockalingam, Institute for Energy Technology (IFE), Norway
Abstract: Critical Infrastructures, such as healthcare, play a vital role in maintaining societal well-being and bolstering the nation's economy. The growing integration of Cyber Physical Systems (CPSs), like social robots, within these infrastructures has made them more susceptible to both random faults and cyber-attacks. Traditional risk assessment frameworks typically address either safety or security risks, but often lack the ability to dynamically assess and mitigate both in an integrated manner. In our previous work, we developed a Bayesian Network (BN) framework that helps in developing BN models for distinguishing random faults and attacks, primarily focusing on diagnosis. However, this framework did not include proactive security measures. In this study, we enhance the BN framework to facilitate the development of models that incorporate proactive security measures by considering mitigating factors. In addition, we introduce extended Component Fault Trees (CFTs) for knowledge elicitation, leveraging their formal structure and the widespread familiarity with Fault Tree analysis among practitioners. We propose a translation scheme from extended CFTs to BNs to further refine the framework. The effectiveness of this framework is demonstrated through two use cases: remote patient monitoring in healthcare, and the deployment of social robots in smart cities. This study presents a holistic framework for dynamic safety and security risk assessment in critical environments.
Keywords: Dynamic Risk Assessment, Security and Safety, Bayesian Network, Critical Infrastructures, Remote Patient Monitoring
Email: Sabarathinam.Chockalingam@ife.no
Website: https://ife.no/employee/sabarathinam-chockalingam/
10:30 – 10:40
Networking and Coffee Break
10:40 – 11:20
Invited Keynote 2
Chair: Sandeep/Habtamu
Invited Keynote Title: TBD
Speaker: TBD
11:20 – 12:20
SESSION 2: Cybersecurity Adaptive and Continuous Authentication in Healthcare
Chair: Sandeep Pirbhulal/Habtamu Abie
5G Care: Adaptive Authentication Approach for 5G enabled Remote Healthcare Infrastructures, 11:20-11:40
Authors: Ali Hassan Sodhro, Muhammad Irfan Younas and Muhammad Jawed Iqbal
Present
Presenter: Ali Hassan Sodhro, Kristianstad University, Sweden
Abstract: The advent of 5G networks, space networks, and applications of IoT into healthcare is continuously increasing the concern related to cybersecurity in the landscape of changing network technologies. This paper critically reviews the use of datasets in the training of AI, ML, and DL models applied to various cybersecurity domains. Using the Goal-Question-Metric method as a guide to structured review protocol, this study will attempt to deeply investigate this type, characteristics, and effectiveness of such datasets. The review will identify and catalog real, synthetic, and hybrid datasets that single out their specific application domains and what that implies for model training for use in cybersecurity. For instance, experiments show that real datasets, like the derived network traffic, will make the models robust and practically relevant; synthetic datasets provide controllable conditions for testing at scale with diverse scenarios. Hybrid datasets have the advantage of both in providing a more comprehensive training environment. It identifies the impacts of datasets on cybersecurity for 5G networks, space networks, IoT healthcare, and underscores the importance of dataset diversity, benchmarking, and interoperability at the standardized level. The review also addresses the integration of advanced learning techniques to enhance privacy and efficiency. Despite this substantial progress, gaps still remain with respect to dataset diversity and standardized evaluation metrics. Future research directions include increasing the diversity of datasets, developing standardized benchmarks, ensuring model interoperability, leveraging new emerging technologies, and solving privacy and ethical problems. Research in these areas can largely go on to enhance effectiveness and reliability within cybersecurity measures for the secure development of network technologies.
Keywords: 5G-IoT, Remote Healthcare, Adaptive Authentication, AI, Security
Email: ali.hassan_sodhro@hkr.se
Website: https://researchportal.hkr.se/en/persons/ali-hassan-sodhro
A Secure Privacy-Preserving Multimodal Continuous Authentication Protocol for Healthcare Systems, 11:40-12:00
Authors: Ahmed Fraz Baig, Sigurd Eskeland, Bian Yang and Patrick Bours
Presenter: Ahmed Fraz Baig, Biofy AS, Norway
Abstract: eHealth systems require usable but more robust authentication mechanisms to balance security and usability. Continuous authentication is a security mechanism that passively conducts user authentication throughout the session. Continuous authentication may best fit healthcare systems as it enhances security and improves usability by seamlessly authenticating users. It may face limitations when only one modality is supported, such as keystroke dynamics, gait dynamics, touch dynamics, etc. These modalities collect and utilize user-sensitive data containing
information about user behavioral and contextual activities, and other user-sensitive attributes, e.g., user gender, age, etc., may also be derived from such data, which causes privacy concerns. Continuous authentication using multiple modalities may overcome the limitations of a single modality at the cost of compromising user privacy. The more modalities we employ, the more privacy we compromise. In this paper, we propose a privacy-preserving protocol that supports continuous authentication using multiple modalities. Our proposed protocol protects 1) user-sensitive attributes and 2) the privacy of the type of modality (such as user activities). The biometric performance of the proposed protocol is determined in the following ways: a) individually, on two public datasets, a keystroke dynamics dataset, and a swipe gesture dataset, and b) multimodal, by combining swipe gesture and keystroke data. For multimodal, instead of computing cosine similarity for each action, we computed the extended similarity based on multiple (k) keystroke and swipe gesture actions. The experimental evaluation proves that our proposed protocol with the extended technique performs better than the original cosine similarity. The proposed protocol offers efficient biometric performance, low communication and computation costs, and security in the presence of a semi-honest authentication server, malicious users, and external adversaries.
Keywords: Continuous Authentication, Healthcare System, Privacy-Preserving, Multimodel
Email: fraz.ahmed99@gmail.com
Website: https://scholar.google.com/citations?user=4dhRIU4AAAAJ&hl=en
Cyber Security in Healthcare Systems: A Review of Tools and Attack Mitigation Techniques, 12:00-12:20
Authors: Kousik Barik, Sanjay Misra and Sabarathinam Chockalingam
Presenter: Sanjay Misra, Institute for Energy Technology (IFE), Norway
Abstract: In recent years, healthcare, and finance sectors have experienced a significant increase in cyber-attacks. The healthcare sector, in particular, has been a major target due to its inadequate security measures and the sensitivity of its data. This vulnerability, despite its critical impact on patient services and hospital reputation, has not received the necessary priority in terms of cyber security. The potential consequences, including data breaches, patient safety risks, and reputational damage to the healthcare organization, are severe and should cause immediate concern. This study aims to explore the urgent impact of cyber security on healthcare systems. We employed a Systematic Literature Review (SLR) methodology, and 43 existing studies were analyzed. This study highlights the significance of cyber security in healthcare systems and cyber security tools employed in healthcare. It also outlined the existing cyber-attacks and mitigation strategies in healthcare settings. Further, we outlined the open research gaps in cyber security of healthcare systems, providing a foundation for future research in this area.
Keywords: Cybersecurity, Attack Mitigation, Security Tools, Healthcare
Email: Sanjay.Misra@ife.no
Website: https://ife.no/employee/sanjay-misra/
12:20-13:20
Lunch Break
13:20 –14:20
SESSION 3: Panel Discussion on Autonomy, Resilience, Mental Models, Cybersecurity for Children's Wellbeing
Chair: Habtamu Abie
Panelists: Kai Rannenberg (GUF), Jun Zhao (Oxford University), Karen Renaud (University of Strathclyde), Suzanne Prior (Abertay University), Farzana Quayyum (NTNU)
14:20 –15:20
SESSION 4: Supporting Projects Results Presentations
Chair: Vasileios Gkioulos/ Sokratis Katsikas (TBC)
CybAlliance (International Alliance for Strengthening Cybersecurity and Privacy in Healthcare)
Sandeep Pirbhulal
SFI NORCICS (Norwegian Center for Cybersecurity in Critical Sectors)
Sokratis Katsikas/ Vasileios Gkioulos/Habtamu Abie
EU-CIP (European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection)
Emilia Gugliandolo/Habtamu Abie
15:20 –15:30
Closing Session: Conclusion & Planning
Chair: Sandeep Pirbhulal & Habtamu Abie