Two EU projects, ENTRUST and SECANT, have recently partnered to raise awareness about cybersecurity in the healthcare sector. This article includes insights from Dimitris Karras, the technical coordinator of ENTRUST (UBITECH), and Arnolnt Spyros, Dimitrios Kavallieros, Stefanos Vrochidis, Theodora Tsikrika - scientific and technical coordinators of SECANT (CERTH).
One of ENTRUST's use cases is "Wearables for health monitoring." Can you provide a practical example of this scenario, detailing the security threats involved and how ENTRUST plans to address them?
Dimitris Karras: The “Wearables for health monitoring” use case of ENTRUST by Sentio Labs entails the development of precision biomarkers and digital therapeutics to facilitate the provision of healthcare services pertaining to the Mental Health of patients, thus facilitating the enhancement of their emotional intelligence and the development of appropriate coping mechanisms and behavioral techniques.
The core component of this use case demonstrator is the Feel Emotion Sensor (FES), which is a wearable device with the capability to collect various types of medical evidence from the patient, such as sweat, heartbeat, and skin temperature, which may be sent to the backend for further processing and can be used by a physician for medical diagnosis purposes.
One security threat that may arise in this scenario is, in case the Bluetooth channel connecting the wristband to the backend or even the wristband itself is compromised, this may impact the integrity of the data, thus leading to a potentially inaccurate medical diagnosis. In this regard, all mechanisms of ENTRUST focused on trust establishment guarantee not only the integrity of the communicated data, but also the resilience of the wearable device against cyberattacks, memory-related exploitations, or compromised data during transit.
SECANT includes "Cyber Security Training" as one of its use cases. Why is cybersecurity training crucial in the healthcare sector, and what will this training encompass?
Arnolnt Spyros, Dimitrios Kavallieros, Stefanos Vrochidis, Theodora Tsikrika: Cybersecurity training is crucial in the healthcare sector due to the sensitive nature of patient data and the increasing frequency of cyberattacks targeting healthcare organisations. Healthcare providers handle vast amounts of personal and medical information, making them prime targets for malicious users seeking to exploit vulnerabilities for malicious intent. Effective cybersecurity training helps staff recognise and respond to potential threats, such as phishing attacks, ransomware, and data breaches, thereby safeguarding patient privacy and ensuring the integrity of medical records.
SECANT provides a Cyber Range for cybersecurity experts to facilitate training and promote the use of the SECANT platform through practical, hands-on exercises. With regard to the training of medical staff, SECANT incorporates two essential features. Initially, users can access cybersecurity training materials from a dedicated component through its interface, offering a seamless and user-friendly learning experience. Following this, users can engage with the Chatbot to evaluate their cybersecurity awareness. The Chatbot will pose a series of questions to determine their knowledge of cybersecurity best practices and identify potential vulnerabilities.
By equipping healthcare professionals with the knowledge and skills to protect against cyber threats, organisations can mitigate risks, maintain trust with patients, and ensure the continuity of critical healthcare services.
ENTRUST introduces dynamic trust assessment as a new factor in evaluating a device’s operational quality, while SECANT provides a comprehensive framework for assessing cybersecurity risks by addressing both human and technical factors. What are the key technical differences and similarities between these two projects?
Dimitris Karras: In recent years, there has been a tendency for safety-critical services in various application and industrial domains – including the medical domain – to shift towards zero-trust architectures. Towards this direction, the core focus of ENTRUST is the design and development of a trust assessment framework, to ensure and maintain the trustworthiness level of the entire service graph chain.
The driving factors behind this framework are twofold:
To identify, monitor, and extract the evidence based on which the evidence (such as evidence that stems from operational measurement, device traces, and network-related traces) based on which trust properties can be assessed and the trust level can be calculated.
Trust decisions can be made based on the Actual Trust Level (ATL) of a device against its Required Trust Level (RTL).
Note that the latter is an unresolved challenge, as there is not currently a universally accepted method for the identification and adjustment of the value of the RTL. Specifically, as the RTL is directly related to the most prominent threats against which we want to assess the level of trust of a device, its calculation is a prerequisite for the development of mechanisms that monitor and establish a risk graph capturing not only the vulnerabilities per device but also how these vulnerabilities may impact the entire system, using one device as an entry point. This is essentially one of the core functionalities provided by SECANT.
Therefore, the core functionalities provided by ENTRUST and SECANT can be combined to materialize the dynamic trust assessment. ENTRUST can build upon and expand the vulnerability analysis and risk establishment of SECANT, to tackle the issue of RTL calculation and enable dynamic trust assessment. Thus, by coupling the vulnerability analysis techniques of SECANT with the trust assessment methodologies of ENTRUST, we capture the need for „Never Trust, Always Verify“, which is a core principle of the zero-trust concept.
Arnolnt Spyros, Dimitrios Kavallieros, Stefanos Vrochidis, Theodora Tsikrika: The Trust Assessment Framework of ENTRUST provides techniques for extracting (during runtime) the types of security claims that need to be produced by devices as measures of evidence on their trustworthiness. This framework can be complemented with the Risk Assessment module of SECANT. In particular, once the Trust Assessment Framework of ENTRUST identifies any discrepancies concerning the trust of a device, it could trigger the Risk Assessment process of SECANT. The Risk Assessment would provide comprehensive insights of the possible ongoing attack.
SECANT supports both technical and human vulnerability assessment, thus enabling a holistic approach towards the assessment at the technical and user levels of the medical organisation. The Trust Assessment Framework of ENTRUST can further enhance the proactive capabilities SECANT framework by monitoring the trust of the devices at run-time.
The Certification and Runtime Auditing Framework of ENTRUST could leverage the enriched CTI that is generated and shared by SECANT. Specifically, the enriched CTI could facilitate the identification of more misbehaviours in devices and provide possible mitigations based on the MUD and Protection Profile.
Similarities | Differences |
Device monitoring | SECANT provides both devices as well as network monitoring. |
Graph-based risk assessment | SECANT supports both technical and human vulnerability assessment. |
Leveraging Verifiable Credentials | SECANT provides functionalities that enable the training of technical (e.g., cybersecurity experts) as well as non-technical users (e.g., medical staff such as doctors and nurses). |
Use of blockchain technology | SECANT utilises Cyber Threat Intelligence (CTI) towards enhancing the risk assessment process. Furthermore, SECANT enriches the gathered CTI and shares it with interested stakeholders. |
SECANT enables secure data access between hospitals upon informed user (i.e., patient) consent. |
Zero Trust Architecture (ZTA) is a cybersecurity model based on the principle of "never trust, always verify." How can healthcare organizations transition to a Zero Trust model, and what benefits does it offer for protecting sensitive patient data?
Dimitris Karras: We previously discussed how dynamic trust assessment within the zero-trust concept. Specifically, dynamic trust assessment methodologies are core functionalities that are necessary to be able to guarantee the resilience of the devices which need to be deployed unattended for a large period of time. This is often the case in the healthcare security domain, which follows the trend of the computing continuum. This means that we are witnessing a shift of computing capabilities from the cloud to the edge, i.e., the deployed devices themselves. This continuum, as a paradigm, seeks to combine the available hardware and software to support the efficient deployment and operation of mixed-criticality services, which are essential for healthcare provision.
Therefore, to be able to reap the benefits of this paradigm shift and the availability of the relevant resources, we need to be capable of capturing and monitoring the operational assurance of each device and infrastructure element, which may exhibit a diverse (yet dynamic) trust state. Thus, a question arises: How can we achieve runtime assurance for healthcare service workloads over multidomain service graph chains (i.e., hospitals or other healthcare provision organizations) under the zero-trust approach? Answering this question enables us to guarantee the data quality that is extracted by the devices. This is of paramount importance in the medical domain, as the data quality is directly related with the decision-making process and impacts the quality of the provided healthcare services.
Arnolnt Spyros, Dimitrios Kavallieros, Stefanos Vrochidis, Theodora Tsikrika: Transitioning to a Zero Trust model in healthcare organisations involves a strategic shift from traditional perimeter-based security to a more robust, identity-centric approach. This transition begins with a thorough assessment of the current security infrastructure, identifying all assets, users, and data flows within the organisation. Healthcare organisations must implement strong identity and access management (IAM) systems, ensuring that every user and device is authenticated and authorized before accessing sensitive resources. Multi-factor authentication (MFA) and least privilege access principles are critical components of this model, minimising the risk of unauthorised access. Additionally, continuous monitoring and real-time analytics are essential to detect and respond to potential threats promptly. By segmenting the network and applying strict access controls, healthcare organisations can limit the lateral movement of attackers, thereby enhancing overall security.
The benefits of adopting a Zero Trust model in healthcare are substantial, particularly in protecting sensitive patient data. This approach significantly reduces the attack surface, making it more difficult for cybercriminals to exploit vulnerabilities. By ensuring that only authenticated and authorised users can access patient data, healthcare organisations can prevent data breaches and unauthorised disclosures. The continuous monitoring and real-time threat detection capabilities inherent in a Zero Trust model enable rapid response to security incidents, minimising potential damage. Furthermore, the granular access controls and network segmentation help maintain the integrity and confidentiality of patient information, fostering trust between patients and healthcare providers. Ultimately, a Zero Trust model not only enhances security but also supports compliance with regulatory requirements such as HIPAA, ensuring that patient data is handled with the highest level of care and protection.
More information on the two projects:
ENTRUST website: https://www.entrust-he.eu/ │Channels: LinkedIn, X
SECANT website: https://secant-project.eu/ │Channels: Linkedin, X