Poster Abstract: Analysis of Cyber-Security Vulnerabilities of Interconnected Medical Devices

2019 ◽  
Author(s):  
Yanchen Xu ◽  
Daniel Tran ◽  
Yuan Tian ◽  
Homa Alemzadeh
Keyword(s):  
Medical Devices ◽  
Cyber Security ◽  
Security Vulnerabilities ◽  
Poster Abstract

Clinical Cybersecurity Training Through Novel High Fidelity Simulations (Preprint)

2018 ◽  
Author(s):  
Christian Dameff ◽  
Jordan Selzer ◽  
Jonathan Fisher ◽  
James Killeen ◽  
Jeffrey Tully
Keyword(s):  
Patient Safety ◽  
Patient Care ◽  
Medical Devices ◽  
Healthcare Systems ◽  
High Fidelity ◽  
Protected Health Information ◽  
Patient Harm ◽  
Security Vulnerabilities ◽  
Clinical Simulations ◽  
Medical Infrastructure

BACKGROUND Cybersecurity risks in healthcare systems have traditionally been measured in data breaches of protected health information but compromised medical devices and critical medical infrastructure raises questions about the risks of disrupted patient care. The increasing prevalence of these connected medical devices and systems implies that these risks are growing. OBJECTIVE This paper details the development and execution of three novel high fidelity clinical simulations designed to teach clinicians to recognize, treat, and prevent patient harm from vulnerable medical devices. METHODS Clinical simulations were developed which incorporated patient care scenarios with hacked medical devices based on previously researched security vulnerabilities. RESULTS Clinician participants universally failed to recognize the etiology of their patient’s pathology as being the result of a compromised device. CONCLUSIONS Simulation can be a useful tool in educating clinicians in this new, critically important patient safety space.

Improving the Security of Storage Systems

2019 ◽  
pp. 796-829
Author(s):  
Wasan Awad ◽  
Hanin Mohammed Abdullah
Keyword(s):  
Cyber Security ◽  
Storage Systems ◽  
Assessment Model ◽  
Security Threats ◽  
Risk Matrix ◽  
Security Risks ◽  
Security Systems ◽  
Security Vulnerabilities ◽  
File Storage ◽  
Local Storage

Developing security systems to protect the storage systems are needed. The main objective of this paper is to study the security of file storage server of an organization. Different kinds of security threats and a number of security techniques used to protect information will be examined. Thus, in this paper, an assessment plan for evaluating cyber security of local storage systems in organizations is proposed. The assessment model is based on the idea of cyber security domains and risk matrix. The proposed assessment model has been implemented on two prestigious and important organizations in the Kingdom of Bahrain. Storage systems of the assessed organizations found to have cyber security risks of different scales. This conclusion gives certainty to the fact that organizations are not capable of following the cyber security evolution and secure their storage systems from cyber security vulnerabilities and breaches. Organizations with local storage systems can improve the cyber security of their storage systems by applying certain techniques.

Exploring Cyber Security Vulnerabilities in the Age of IoT

2018 ◽  
pp. 1609-1623 ◽  
Author(s):  
Shruti Kohli
Keyword(s):  
Cyber Security ◽  
Low Cost ◽  
Cyber Attacks ◽  
Rolling Stock ◽  
Security Vulnerabilities ◽  
Security Breaches ◽  
Closed Networks ◽  
Train Control ◽  
Potential Risks ◽  
Physical Assets

The modernization of rail control systems has resulted in an increasing reliance on digital technology and increased the potential for security breaches and cyber-attacks. Higher-level European Train Control System(ETCS) systems in particular depend on communications technologies to enable greater automation of railway operations, and this has made the protecting the integrity of infrastructure, rolling stock, staff and passengers against cyber-attacks ever more crucial. The growth in Internet of Things (IoT) technology has also increased the potential risks in this area, bringing with it the potential for huge numbers of low-cost sensing devices from smaller manufacturers to be installed and used dynamically in large infrastructure systems; systems that previously relied on closed networks and known asset identifiers for protection against cyber-attacks. This chapter demonstrates that how existing data resources that are readily available to the railways could be rapidly combined and mapped to physical assets. This work contributes for developing secure reusable scalable framework for enhancing cyber security of rail assets

A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

2020 ◽  
Vol 1 (2) ◽  
pp. 1-12
Author(s):  
Ritu Chauhan ◽  
Gatha Tanwar
Keyword(s):  
Cyber Security ◽  
Automated System ◽  
Smart Devices ◽  
Protocol Stack ◽  
Security Vulnerabilities ◽  
Local Networks ◽  
Daily Lives ◽  
Security Issues ◽  
Iot Devices ◽  
The Internet Of Things

The internet of things has brought in innovations in the daily lives of users. The enthusiasm and openness of consumers have fuelled the manufacturers to dish out new devices with more features and better aesthetics. In an attempt to keep up with the competition, the manufacturers are not paying enough attention to cyber security of these smart devices. The gravity of security vulnerabilities is further aggravated due to their connected nature. As a result, a compromised device would not only stop providing the intended service but could also act as a host for malware introduced by an attacker. This study has focused on 10 manufacturers, namely Fitbit, D-Link, Edimax, Ednet, Homematic, Smarter, Osram, Belkin Wemo, Philips Hue, and Withings. The authors studied the security issues which have been raised in the past and the communication protocols used by devices made by these brands. It was found that while security vulnerabilities could be introduced due to lack of attention to details while designing an IoT device, they could also get introduced by the protocol stack and inadequate system configuration. Researchers have iterated that protocols like TCP, UDP, and mDNS have inherent security shortcomings and manufacturers need to be mindful of the fact. Furthermore, if protocols like EAPOL or Zigbee have been used, then the device developers need to be aware of safeguarding the keys and other authentication mechanisms. The authors also analysed the packets captured during setup of 23 devices by the above-mentioned manufacturers. The analysis gave insight into the underlying protocol stack preferred by the manufacturers. In addition, they also used count vectorizer to tokenize the protocols used during device setup and use them to model a multinomial classifier to identify the manufacturers. The intent of this experiment was to determine if a manufacturer could be identified based on the tokenized protocols. The modelled classifier could then be used to drive an algorithm to checklist against possible security vulnerabilities, which are characteristic of the protocols and the manufacturer history. Such an automated system will be instrumental in regular diagnostics of a smart system. The authors then wrapped up this report by suggesting some measures a user can take to protect their local networks and connected devices.

Sign in / Sign up

Export Citation Format

Share Document