<  Retour au portail Polytechnique Montréal

Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED)

Mikaela Stéphanie Ngamboe Mvogo, Paul Berthier, Nader Ammari, Katia Dyrda et Jose Manuel Fernandez

Article de revue (2021)

Document en libre accès dans PolyPublie et chez l'éditeur officiel
[img]
Affichage préliminaire
Libre accès au plein texte de ce document
Version officielle de l'éditeur
Conditions d'utilisation: Creative Commons: Attribution (CC BY)
Télécharger (691kB)
Afficher le résumé
Cacher le résumé

Abstract

Cardiac implantable electronic devices (CIED) are vulnerable to radio frequency (RF) cyber-attacks. Besides, CIED communicate with medical equipment whose telemetry capabilities and IP connectivity are creating new entry points that may be used by attackers. Therefore, it remains crucial to perform a cybersecurity risk assessment of CIED and the systems they rely on to determine the gravity of threats, address the riskiest ones on a priority basis, and develop effective risk management plans. In this study, we carry out such risk assessment according to the ISO/IEC 27005 standard and the NIST SP 800-30 guide. We employed a threat-oriented analytical approach and divided the analysis into three parts, an actor-based analysis to determine the impact of the attacks, a scenario-based analysis to measure the probability of occurrence of threats, and a combined analysis to identify the riskiest attack outcomes. The results show that vulnerabilities on the RF interface of CIED represent an acceptable risk, whereas the network and Internet connectivity of the systems they rely on represent an important potential risk. Further analysis reveals that the damages of these cyber-attacks could spread further to affect manufacturers through intellectual property theft or physicians by affecting their reputation.

Mots clés

Cardiac implantable electronic device, CIED, cybersecurity, cyber-attack, attack vector, attack scenario, threat-oriented analysis, risk assessment

Sujet(s): 1900 Génie biomédical > 1901 Technologie biomédicale
2700 Technologie de l'information > 2706 Génie logiciel
9000 Sciences de la santé > 9000 Sciences de la santé
Département: Département de génie informatique et génie logiciel
URL de PolyPublie: https://publications.polymtl.ca/9257/
Titre de la revue: International Journal of Information Security (vol. 20, no 4)
Maison d'édition: Springer Nature
DOI: 10.1007/s10207-020-00522-7
URL officielle: https://doi.org/10.1007/s10207-020-00522-7
Date du dépôt: 24 mars 2022 10:45
Dernière modification: 11 mai 2023 00:57
Citer en APA 7: Ngamboe Mvogo, M. S., Berthier, P., Ammari, N., Dyrda, K., & Fernandez, J. M. (2021). Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED). International Journal of Information Security, 20(4), 621-645. https://doi.org/10.1007/s10207-020-00522-7

Statistiques

Total des téléchargements à partir de PolyPublie

Téléchargements par année

Provenance des téléchargements

Dimensions

Actions réservées au personnel

Afficher document Afficher document