CMP7240: To conduct a thorough cyber security review of a connected healthcare system

learning outcomes:

1 Critically evaluate current threat landscape for Cyber-Physical Systems and articulate commonalities and differences with contemporary computing systems.

2 Apply learned concepts, methods and techniques to address cybersecurity challenges within a given CPS context.

3 Discuss the impact of the techno-social context in a cybersecurity programme considering regulations, criticality of requirements, the environment, etc.

Task: To conduct a thorough cyber security review of a connected healthcare system

Rationale: To apply knowledge and skills learnt through this module in a real-life scenario.

Description: WM Healthcare is a private hospital which prides itself on the use of cuttingedge technologies to deliver the best care to its patients. In this respect, WM Healthcare is conducting a feasibility study with the view to incorporate connected devices (such as blood glucose monitors, heart rate monitors, pulse oximeters, blood pressure monitors, breath analyzers, and insulin pumps) into its infrastructure. However, with the rising number of attacks and vulnerabilities targeting connected devices and infrastructures in recent year, WM Healthcare is cautious and intends to conduct a thorough review to understand any implications of adopting these technologies. As an expert within Cyber-Physical Systems Security, WM Healthcare need your help to achieve this transformation while preserving security and privacy of their patients.

To aid them, you are required to complete the following:

• Conduct a review of state of the art to identify and understand the threat landscape for connected healthcare infrastructures.

• Develop a high-level architecture for the proposed infrastructure and conduct threat modelling for three critical components.

• Based on the outcome of threat modelling, produce a secure network design along with justification for your design choices. Please also include a discussion of appropriate countermeasures/mitigation strategies to protect against the identified threats which should highlight how these measures can protect against specific threats. You can include countermeasures such as network segmentation, cryptography, vulnerability scanning, and intrusion detection system. 

Additional information:

Element 1 – Threat Landscape and Review

For this element, you are required to conduct a review of state of the art to identify and understand the threat landscape for the scenario provided above. You can consult academic literature such as published articles, conference papers and books etc as well as technical reports and other public sources of data to: identify specific characteristics of connected infrastructures; understand the impact of these characteristics on security requirements for such infrastructures, and assess the scale of cyber threats for the scenario presented above.

Element 2 – Threat Modelling

For this element, you are required to use methods such as STRIDE to conduct threat modelling for the given scenario. You will be expected to develop a high-level technical architecture for the scenario presented above which will include identifying critical components of the proposed system. You will perform threat modelling exercise for three critical components of the system using STRIDE method. Please include your assessment and reasoning to accompany the threats identified.

Element 3 – Secure Design and Countermeasures

In this element, you are required to develop a secure network design along with justification for your design choices. Please also include a discussion of appropriate countermeasures/mitigation strategies to protect against the identified threats which should highlight how these measures can protect against specific threats. You can include countermeasures such as network segmentation, cryptography, vulnerability scanning, and intrusion detection system

Transferable skills:

• Research skills
• Analytical Thinking
• Critical Thinking
• Organisational Skills
• Written Communication
• Time Management
• Problem Solving
• Technical Proficiency
• Professionalism