Copy
View this email in your browser

Dear reader, 

We are ASCLEPIOSCUREXFeatureCloudPanacea, SAFECARE and SPHINX projects!

We are active on the field of Cybersecurity in Healthcare Sector via the support of the European Commision under the Horizon 2020 Research and Innovation framework programme.

We establish a Synergy to exchange our approaches, methods and information used for the cyber protection of healthcare infrastructures, disseminate the generated knowledge and expand our joint network of cybersecurity oriented projects and institutions to maximise our impact and sustainability potential.

Browse through the Synergy’s second newsletter to discover the milestones of our projects during 2020! 

Best regards,
The Synergy

 

ASCLEPIOS | Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Healthcare

 

Encryption and Cyber Security Solutions

During 2020 the project has progressed on the design and implementation of the ASCLEPIOS encryption services that will offer to healthcare providers a complete set of secure, encryption-based services for cloud-based operations,

These services are:

  1. The ASCLEPIOS searchable encryption protocol enabling searching over encrypted medical data.

  2. The combined Symmetric Searchable Encryption + Attribute-Based Encryption scheme to offer enhanced access control over encrypted medical data.

  3. The ASCLEPIOS functional encryption analytics services that allow healthcare providers to perform statistical computations over encrypted data.

  4. The Emnet tool for the execution of privacy-preserving statistics across multiple care service providers using Multi-Party Computations.

  5. set of log-based analytics that allow data owners and data controllers to assess the efficacy of the defined access control policies and learn potential improvements for protecting data stored on the cloud.

  6. The ASCLEPIOS CEAA  that helps healthcare providers detect abnormal behaviour and leverage extracted knowledge to build threat preventive mechanisms.

Attributed Based Access Control Services
 
Attribute Based Access Control (ABAC) lies at the core of the ASCLEPIOS access services.

The attributes model for the healthcare sector, as well as the required mechanism for the contextualization of data, have been provided by the ASCLEPIOS Models Editor and Interpretation Mechanism. To complete the provided functionality, the ASCLEPIOS Context-Aware Authorization Engine has been delivered, using a combination of ABAC with Attribute-Based-Encryption to augment the authorization functionality in a distributed cloud environment.

The two schemes are complemented by an identity management scheme that abstracts the extraction of authentication info. Hence the ASCLEPIOS Context-Aware Authorization Engine efficiently combines OpenIDConnect signaling for Identity Extraction (user authentication), ABAC Policy Enforcement for accessing allowing/disallowing access to an ABE Server that issues attribute-based encryption/decryption keys

Attestation Mechanisms
 
Remote attestation during communications is an added safety layer that ensures the trustworthiness of the devices and of the data they exchange. Hardware-based attestation in ASCLEPIOS leverages the attestation features offered by Trusted Execution Environments (TEE) that can be found even in most mainstream home laptops and devices.

In June 2020 ASCLEPIOS delivered an interoperability protocol for secure data transfer between ITEEs, featuring a specification and prototype implementation using a protocol verification tool.
 
ASCLEPIOS Demonstrator Cloud Testbed

After conducting the required research to specify and collect the technical requirements of the ASCLEPIOS demonstrator applications, the ASCLEPIOS cloud-based testbed was designed and setup, incorporating resources from the University of Westminster and NSE private clouds, and also from two leading international cloud providers, Amazon AWS and Microsoft Azure.

In order to provide automated deployment and runtime management, deployment will be done in a cloud-native microservices-based infrastructure that is managed by the MiCADO (Microservices-based Cloud Application-level Dynamic Orchestrator) framework, ensuring appropriate support for the development, deployment and benchmarking of the ASCLEPIOS demonstrators.

CUREX | Secure and Private Health Data Exchange

 

Delivery of all CUREX Components

One of the main objectives of CUREX is the delivery of different solutions related to the analysis, identification and management of security risks associated with the data exchange between healthcare organisations. 

  1. The Asset Discovery Tool (ADT) detects all the devices that are connected to a hospital’s network.

  2. The Vulnerability Discovery Manager (VDM) analyses all possible vulnerabilities that can potentially be exploited in the infrastructure.

  3. The Knowledge Extraction Analytics (KEA) tool identifies a set of techniques that harvest the knowledge extracted from health data sources or network monitoring, in order to reveal vulnerabilities and the profile of threats in health systems.

  4. The Threat Intelligence Engine (TIE) provides real-time information about malicious activities detected in the target system.

  5. The Cybersecurity Assessment Tool (CAT) identifies the threats to which healthcare organizations are exposed to and quantifies the risk caused by a wide variety of threats during data exchange.

  6. The Privacy Assessment Tool (PAT) provides healthcare organisations with the appropriate privacy levels in complete alignment with the GDPR directives to protect patients’ personal and sensitive clinical data.

  7. The Optimal Safeguards Tool (OST) devises optimal safeguards subject to a set of parameters associated with the healthcare organisations that exchange data as well as the exact data per se. Τ

  8. The Health Professional Application (HPA) and the Patient Application (PA) are end-user applications of the CUREX platform aiming to help the patients, hospital personnel and all other stakeholders in establishing a secure and GDPR compliant process for health information exchange.
     

Successful Interim Project Review

On July 30, 2020, CUREX passed the mid-term review from the European Commission with flying colours. The CUREX consortium presented the work carried out and the key achievements of the project during the first reporting period and they performed a series of demonstration activities corresponding to each one of the CUREX tools. The reviewers agreed that the project had fully achieved its objectives and milestones for the first reporting period.

After the successful interim review, all deliverables submitted were accepted by the reviewers and are now available online! All public deliverables can be reached here, in order to disseminate the initial outcomes of the project. 

Co-organisation of DeSECSys workshop

CUREX co-organized the 1st Workshop on Dependability and Safety Emerging Cloud and Fog Systems (DeSECSyS) on September 17th 2020, under the framework of ESORICS 2020.

DeSECSys is the second workshop organised by CUREX, this time in collaboration with four H2020 projects (FutureTPMINCOGNITOSECONDO & ASTRID) that came together to set up an interesting virtual event. The goal  was to foster collaborations and discussions among cyber security researchers and practitioners. DeSECSys featured a rich agenda including keynote talks, presentations of research papers in the field and brief overviews of EU-funded research and innovation projects related to cyber security.  More information about the event, is available at CUREX website.

FeatureCloud| Privacy preserving federated machine learning and blockchaining for reduced cyber risks in a world of distributed healthcare

 

Scientific Paper: Privacy-preserving Artificial Intelligence Techniques in Biomedicine

 

FeatureCloud is about the proof of feasibility and implementation of a new security and privacy technique in the medical domain, that is, federated machine learning. Consortium members have summarized the state of the art in privacy-enhancing technology for the processing of biomedical data.


The publication is available via open access in the following link.

Scientific Paper: Information Leaks in Federated Learning

This paper has estimated how well membership inference attacks, for example, determining whether a data sample was used in a machine learning model training process. This translates also to federated learning, for example, whether there is an increased risk to the privacy if honest-but-curious participants can observe a number of exchanged model parameters. Results of this attack analysis fed into the risk analysis and will contribute to the mitigation strategies in Work Package 2, and will influence directly the implementation of the federated learning in Work Package 7 in the FeatureCloud project.

The publication is available via open access in the following link.

PANACEA| Delivering people-centric cybersecurity solutions in healthcare

 

2nd PANACEA End-User and Stakeholder Workshop

The PANACEA Toolkit is healthcare specific to support organisational leaders in assessing and responding to the multi-dimensional risks they are facing in terms of an increasing threat surface. To this end, the Toolkit features four technological tools: A dynamic risk assessment & mitigation tool (DRMP); a secure information sharing tool for the protection of data (SISP); a security-by-design & certification tool (SbDF); a tool for identification & authentication and three organisational tools (IMP-H2M and M2M): Cybersecurity Education and Learning Tool (TECT); a Secure Behaviour Nudging Tool (SbNT) and Resilience Governance tool. 

The project organised its 2nd PANACEA End-User and Stakeholder Workshop in order to engage with end-users and cybersecurity and data protection experts across Europe to stimulate knowledge exchange and accumulate feedback on the tools that are developed. The event took place virtually between 15-17 and 23, 24 September 2020. The complete agenda and the recorded sessions are available in PANACEA's website.

Collaboration with Cyberwatching.eu portal

PANACEA has taken part in two cyberwatching.eu webinars in recent months. The webinar on 23 November 2020 focused on “Cybersecurity Risk Management: How to strengthen resilience and adapt in 2021” in collaboration with ECSO, SGS, Aon, the Digital SME Alliance, and the SECONDO, CYBERSURE, RESISTO, GEIGER, CUREX and PANACEA. Click here to access the entire webinar recording.

The webinar on 10 December 2020 focused on Security and Privacy by Design for Healthcare: New solution from EU H2020 projects to comply with GDPR, Medical Device Regulation and EU Directive 2016/1148 on essential services and the COVID context. PANACEA was joined by SPHINX, DEFEND and PAPAYA based on a clustering activity on Market Readiness Levels coordinated by cyberwatching.eu. Click here to access the entire webinar recording.

The webinars have been an opportunity to continue and expand on synergies on cybersecurity in healthcare while also helping to shape future joint activities.

Contributing to Policy Development on Cybersecurity and Healthcare

Between April and October 2020, PANACEA has contributed to a series of virtual policy-related events. In April, Dr Med Sabina Magalini, FPG and PANACEA coordinator shared insights on frontline experiences with healthcare security in the context of COVID-19, highlighting the growing cyber risks and vulnerabilities in the sector at the Cybersecurity Health Group – 10th TCON.

In September, Dr Med Magalini served as panellist of the 1st Session of the ENISA eHealth Security Conference, which explored the impacts of cyber risks on the safety of patients as a key differentiator to other sectors, drawing on first-hand experiences during COVID-19.

Later that month, Dr Med Magalini joined the expert panel at the CONNECT Autumn School on Digital Health looking into key cybersecurity challenges facing the health sector. As the European Agency for Cybersecurity, ENISA was also a member of the panel along with Directorate CONNECT H to help understand how policy and funding innovative approaches to mitigating risks can ensure cybersecurity becomes a top priority for healthcare delivery.

SAFECARE| Safeguard of Critical Health Infrastructure

 

Definition of cyber-physical scenarios of threat

Reaching this milestone, SAFECARE has identified a set of scenarios, in the light of past history of cyber and physical scenarios, as well as on the Covid19 pandemic and the challenge it introduced to all, but in particular to health infrastructures. The potential of combining physical and cyber threats to exploit more complex attacks was considered, from the point of view of opening the door by exploiting first a cyber breaches or triggered by exploiting a physical breach. The achievement of this milestone was crucial, as the set of 12 scenarios described were used to guide all the technical developments, that are now in the simulation phase, after which a demonstrator in our three pilots will be carried on: Hôpitaux Universitaires de Marseille, Azienda Sanitaria Locale from Turin, Universitair Medische Centra from Amsterdam.

 

SAFECARE has created    a “live database” of Security Incidents in Healthcare Infrastructure during COVID-19 Crisis, and we’ll make sure to reflect this reality in the coming demonstrations.
Further reading: “Cyber-Physical Threat Intelligence for Critical Infrastructures Security” Chapters, chapters 8 to 11.



Specification and Deployment of Physical Security Systems

Physical security solutions have been specified and the prototypes are ready to be deployed on the test platform. Some end-user features including mapping of input devices and visualisation of alarms have been released in the Milestone Systems commercial software, XProtect®. The milestone covers the specification and development of the suspicious behaviour detection system, the intrusion and fire detection system, the data collection system, and the mobile alerting system. We have integrated these systems into the building management system. 

The developed systems can react to incidents raised by the cyber security components, distributed over the data exchange layer and central database in a seamlessly integrated system.

Click here to access the free version of Milestone XProtect

 

Specifications of cyber security solutions delivered


This milestone corresponds to the specifications of SAFECARE cyber security solutions that are ready and delivered. These specifications take into account user requirements that were previously defined. The next step is the implementation of prototypes based on these specifications, and then the prototypes will be tested and demonstrated in operational environment. The SAFECARE cyber security solutions cover cyber-security aspects related to e-Health, IT and Building Management systems in health services and increase prevention and detection capabilities on threats and Advanced Persistent Threats (APT) in health services and infrastructures.
 
Public specifications are available here: https://www.safecare-project.eu/?page_id=15

SPHINX| A Universal Cybersecurity Toolkit for Healthcare Industry

 

1st Iteration of SPHINX Toolkit Components


Following the project's successful Interim Review during July 2020, the Consortium has proceed with public dissemination of the work that has been carried out on the creation of the envisioned SPHINX Toolkit. 

According to their expertise, project partners are leading the development of several components that comprise the SPHINX Toolkit. Each of these components stems from the contributions of partners to relative project Work Packages and is entailed into SPHINX's architecture blocks The final goal is to integrate all the components into a single operative platform, that will provide SPHINX’s cybersecurity solution to healthcare organisations. 

Visit project's website to watch the video demonstrations of each component.

Book Chapter: Innovative Toolkit to Assess and Mitigate Cyber Threats in the Healthcare Sector

Consortium members from EDGE, NTUA and ViLabs have co-authored a chapter dedicated to SPHINX Toolkit in the publication of the Open Access book “Cyber-Physical Threat intelligence”. The book has been a collaborative outcome of a synergy between several European projects that are active on the board sector of cybersecurity for critical infrastructures.

The synergy book has achieved a significant impact with nearly 15,000 downloads and a second volume is already on the pipeline. You can access the publication in the following link: https://nowpublishers.com/article/BookDetails/9781680836868

CYBERAWARE4HEALTH Online Workshop

SPHINX Consortium member DYPE5, the fifth Greek Regional Health Authority, hosted a workshop that was dedicated to IT personnel of Healthcare organisations in order to raise their awareness regarding contemporary cybersecurity matters.

The workshop took place virtually in Wednesday, 16 December 2020 and partners from National Technical University of GreecePDMFC and ViLabs contributed to the event with presentations about information security, risk management, necessary daily actions for a cyber secure routine, firewalls concepts and the Sphinx Toolkit. In addition, Mrs. Dimitra Livery, Network and Information Security expert of ENISA, gave a keynote speech on procurement guidelines for cybersecurity in hospitals and medical centers.

These presentations were delivered in three sessions and are now available for on demand view in project's YouTube channel!

Twitter
Facebook
LinkedIn
YouTube
Website
SPHINX project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 826183.
Copyright © 2020 SPHINX project, All rights reserved.

Our mailing address is:
info@sphinx-project.eu

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.






This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
SPHINX · ECASTICA Business center 6, Vasili Vryonides str. Gala Court Chambers · Limassol 3095 · Cyprus

Email Marketing Powered by Mailchimp