Risk Assessment of Cyber Attacks on Telemetry Enabled Cardiac Implantable Electronic Devices (CIED)

04/26/2019
by   Ngamboé Mikaela, et al.
0

Cardiac Implantable Electronic Devices (CIED) are fast becoming a fundamental tool of advanced medical technology and a key instrument in saving lives. Despite their importance, previous studies have shown that CIED are not completely secure against cyber attacks and especially those who are exploiting their Radio Frequency (RF) communication interfaces. Furthermore, the telemetry capabilities and IP connectivity of the external devices interacting with the CIED are creating other entry points that may be used by attackers. In this paper, we carry out a realistic risk analysis of such attacks. This analysis is composed of three parts. First, an actor-based analysis to determine the impact of the attacks. Second, a scenario-based analysis to determine the probability of occurrence of each threat. Finally, a combined analysis to determine which attack outcomes (i.e. attack goals) are riskiest and to identify the vulnerabilities that constitute the highest overall risk exposure. The conducted study showed that the vulnerabilities associated with the RF interface of CIED represent an acceptable risk. In contrast, the network and internet connectivity of external devices represent an important potential risk. The previously described findings suggest that the highest risk is associated with external systems and not the CIED itself.

READ FULL TEXT
research
07/16/2020

Actor-based Risk Analysis for Blockchains in Smart Mobility

Blockchain technology is a crypto-based secure ledger for data storage a...
research
01/17/2018

Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices

Purpose: Used extensively in the diagnosis, treatment, and prevention of...
research
01/15/2018

Attack Potential in Impact and Complexity

Vulnerability exploitation is reportedly one of the main attack vectors ...
research
01/25/2021

Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies

Cyber-physical systems (CPS) are interconnected architectures that emplo...
research
11/15/2018

Plan Interdiction Games

We propose a framework for cyber risk assessment and mitigation which mo...
research
02/17/2020

A New Methodology for Information Security Risk Assessment for Medical Devices and Its Evaluation

As technology advances towards more connected and digital environments, ...
research
06/27/2021

A Systematic Review of Bio-Cyber Interface Technologies and Security Issues for Internet of Bio-Nano Things

Advances in synthetic biology and nanotechnology have contributed to the...

Please sign up or login with your details

Forgot password? Click here to reset