TY - GEN
T1 - The danger of missing instructions
T2 - 3rd IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018
AU - Lamp, Josephine
AU - Rubio-Medrano, Carlos E.
AU - Zhao, Ziming
AU - Ahn, Gail-Joon
N1 - Funding Information:
This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780 and by a grant from the Center for Cybersecurity and Digital Forensics at Arizona State University. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of United States Government or any agency thereof.
Publisher Copyright:
© 2018 ACM.
PY - 2018
Y1 - 2018
N2 - The proliferation of networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS) that promise more coordinated and high quality of care for patients. Unsurprisingly, the cybersecurity of MCPS is of high concern, as they are life-critical systems that, if compromised, may result in dire consequences to the patient. A variety of security requirements have been developed over the past 10 years as a result of governmental acts such as HITECH in order to better secure and protect healthcare environments. However, it is unclear how applicable these re-quirements may be to MCPS infrastructures. As a result, this case study analyzes current healthcare security requirements and their applicability to MCPS using an approach that leverages ontological representations and automated requirement traversal techniques. Using such a methodology, we find that 70% of applicable requirements/risks for MCPS components are missing from the security documentation, including serious items such as Authentication, Data Encryption, DoS attacks, and Legacy Vulnerabilities. We also validate our results within real-world instances and find that almost half of the relevant requirements are not implemented within existing MCPS architectures.
AB - The proliferation of networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS) that promise more coordinated and high quality of care for patients. Unsurprisingly, the cybersecurity of MCPS is of high concern, as they are life-critical systems that, if compromised, may result in dire consequences to the patient. A variety of security requirements have been developed over the past 10 years as a result of governmental acts such as HITECH in order to better secure and protect healthcare environments. However, it is unclear how applicable these re-quirements may be to MCPS infrastructures. As a result, this case study analyzes current healthcare security requirements and their applicability to MCPS using an approach that leverages ontological representations and automated requirement traversal techniques. Using such a methodology, we find that 70% of applicable requirements/risks for MCPS components are missing from the security documentation, including serious items such as Authentication, Data Encryption, DoS attacks, and Legacy Vulnerabilities. We also validate our results within real-world instances and find that almost half of the relevant requirements are not implemented within existing MCPS architectures.
KW - MCPS
KW - Medical Cyber Physical Systems
KW - Ontology
KW - Requirements Analysis
KW - Security Requirements
UR - http://www.scopus.com/inward/record.url?scp=85063261733&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063261733&partnerID=8YFLogxK
U2 - 10.1145/3278576.3278602
DO - 10.1145/3278576.3278602
M3 - Conference contribution
AN - SCOPUS:85063261733
T3 - Proceedings - 2018 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018
SP - 94
EP - 99
BT - Proceedings - 2018 IEEE/ACM International Conference on Connected Health
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 26 September 2018 through 28 September 2018
ER -