SECANT

SECurity And privacy protectioN in Internet of Things devices

Home SECANT

In Brief

The SECANT platform enhances the capabilities of organisations’ stakeholders, implementing (a) collaborative threat intelligence collection, analysis and sharing; (b) innovative risk analysis specifically designed for interconnected nodes of an industrial ecosystem; (c) cutting-edge trust and accountability mechanisms for data protection and (d) security awareness training for more informed security choices. The proposed solution’s effectiveness and versatility will be validated in four realistic pilot use case scenarios applied in the healthcare ecosystem. Ultimately, SECANT contributes decisively towards improving the readiness and resilience of the organisations against the crippling modern cyber-threats, increasing the privacy, data protection and accountability across the entire interconnected ICT ecosystem, and reducing the costs for security training in the European market.

Project Information
H2020-EU.3.7.4., H2020-EU.3.7.
Funded Under
101019645
Grant agreement ID
NTT Data Spain SLU
Coordinated by
1 September 2021
Start date
31 August 2024
End date
€ 6.567.958,75
Overall budget

Objectives

Objective #1

To identify the user, technical and business requirements and design the architecture of a dynamic and highly flexible risk assessment platform for organizations.

Objective #2

To design and implement a dynamic, evidence-based, sophisticated security and privacy risk assessment framework that can deal with the cascading effects of cyber-attacks and with propagated vulnerabilities in interconnected complex ICT systems, services, and applications.

Objective #3

To design and implement a collaborative toolkit that allows the organization stakeholders and European CERTs/CSIRTs create and exchange dynamic vulnerability databases, as well as taxonomies for cyber-attacks targeting ICT systems, technologies, applications and services.

Objective #4

To design and implement a tailored data protection and multi-level accountability framework, relying on a distributed ledger system, that can establish trust, integrity and protect sensitive data.

Objective #5

To design and develop user interfacing applications and security training platforms with cyber range capabilities that can enable all stakeholders of the organizations’ ecosystem to make smarter security decisions with training and simulated social engineering.

Objective #6

To demonstrate and validate the integrated SECANT Platform across four realistic pilot demonstrators.

Objective #7

To ensure wide communication and scientific dissemination of the SECANT results to the research, academic, and professional community, efficient exploitation and business planning of the SECANT concepts and solutions to the market, and contribution of specific project results to relevant standardization bodies.

Challenge #1

New models of remote delivery, especially in complex ICT infrastructures such as healthcare, increase the potential impact of cyber security breaches to a level that has not been experienced before. Compromising the confidentiality, integrity or availability of the information exchanged, to implement platforms that permit people to work from home, means that attack surface is considerably broadened and adversaries can disclose sensitive information, affect the integrity or correctness of the transmitted data, or even stop processes and services from taking place.

Challenge #2

Modern ICT systems rely heavily on Internet of Things devices which act as sensors, used for monitoring and diagnostics. Wearable devices are also very popular as they offer convenience through their smaller factor and a wide range of services constantly expanding. As they are connected to networks, wearables are also used to monitor the health of patients through their integrated sensors. The exceptionally large volumes of data generated by IoT devices are impractical to monitor continuously for signs of compromise

2c
Challenge #3

A lot of organizations and especially those relying on complex ICT infrastructures are often regarded as poor in terms of their cyber security practices because people processing private and sensitive data, fall victims of malicious parties, exposing entry points to ICT infrastructures well protected from outsiders. The level of security awareness is still disproportionately low compared to the criticality and potential of a security breach in critical sectors.

Use Case #1: Protecting the connected ambulance of the future
Aim: To validate SECANT’s ability to improve transportation safety and ensure zero-error delivery of patients transported using time-constraint Emergency Medical Services (EMS), as presented in Figure 1-7.
 
Scenario to be demonstrated: Today’s connectivity promises to revolutionize time-constraint emergency medical services by harnessing logistic information to improve transportation safety and ensure zero-error patient delivery. Juan from Barcelona was infected with COVID-19 while being in Romania and is in a critical condition. He has to be transported to the hospital immediately. Information about the health status of Juan has been accurately and truthfully communicated to the hospitals’ EMS provider, who decides what is the right transportation route for the ambulance to reach the hospital. However, what he and the hospital have not taken into account is that a malware campaign, initiated by a highly skilled group of cybercriminals, has infected the communication systems of the EMS provider. Aiming for highly disruptive results to the ambulance services, the malware is able to manipulate logistic information, the name of the patient and the address, thus leading to a completely wrong routing plan, which directs the ambulance to the wrong place. After resorting to offline methods and local knowledge, the ambulance arrives at the correct destination, but with significant delay, having missed the “golden hour”, where the chances of recovery for Juan are the highest.
Use Case #2: Cyber security for connected medical devices and mobile applications
Aim: To validate SECANT’s efficiency to deal with cascading effects of cyber threats and with propagated vulnerabilities in connected healthcare infrastructures, as well as in remote healthcare settings.
 
Scenario to be demonstrated: Scenario to be demonstrated: This pilot use case involves the installation of the SECANT platform in the servers of KI’s LIME (Learning, Informatics, Management and Ethics) Department, which is one of Europe’s premier medical research institutes with strong collaboration with other hospitals and medical institutes in Northern Europe. KI’s LIME Department provides access to mobile applications and systems that are hosted in the LIME servers, and which are tasked with collecting information and medical data from different groups of patients of the Danderyd Hospital in Stockholm for research purposes. More specifically, the first one is a mobile health research system that enriches the follow up information coming from various medical devices regarding patients diagnosed with cancer in order to support methodological and clinical studies on patient reported outcomes such as Quality of Life (QoL), well-being, symptoms and satisfaction with care in different diagnoses and settings.
Use Case #3: Health data protection in the healthcare supply chain
Aim: To validate SECANT’s efficiency to deal with cascading effects of cyber threats and with propagated vulnerabilities in connected healthcare infrastructures, as well as in remote healthcare settings.
 
Scenario to be demonstrated: Scenario to be demonstrated: This pilot use case involves the installation of the SECANT platform in the servers of KI’s LIME (Learning, Informatics, Management and Ethics) Department, which is one of Europe’s premier medical research institutes with strong collaboration with other hospitals and medical institutes in Northern Europe. KI’s LIME Department provides access to mobile applications and systems that are hosted in the LIME servers, and which are tasked with collecting information and medical data from different groups of patients of the Danderyd Hospital in Stockholm for research purposes. More specifically, the first one is a mobile health research system that enriches the follow up information coming from various medical devices regarding patients diagnosed with cancer in order to support methodological and clinical studies on patient reported outcomes such as Quality of Life (QoL), well-being, symptoms and satisfaction with care in different diagnoses and settings.
Use Case #4: Cyber Security Training
Aim:To validate the capabilities of SECANT’s cyber security training modules and critical infrastructure cyber range.
 
Scenario to be demonstrated: Scenario to be demonstrated: As depicted in Figure 1-10 The PUC will test and evaluate extensively the Cyber Security Training Module of the SECANT platform with three different categories of people in THALES, having different backgrounds and expertise in cyber security, namely (i) security experts, (ii) other professionals and (iii) clients. For non-technical experts, the evaluation will relate to their perception of user friendliness and ease of use of the interface of the “Security Awareness Training Platform” and on the explanations to understand the basics of cyber-security to be tested via situational exercises on the Cyber Range platform. For technical experts, multiple complex situations targeting complex ICT systems will be recreated on the Cyber Range (including the actual IT infrastructure under test, the possible threats and attack vectors as well as the SECANT Dashboard, App and Chatbot).