To main content

Dynamic Cyber Risk Assessment for Connected Medical Devices: the NEMECYS Approach

Abstract

Connected Medical Devices (CMDs) face many critical cybersecurity challenges. Cybersecurity risk assessment is the industry de facto standard process to assess and mitigate potential cybersecurity risks. However, current cybersecurity risk assessments in the CMD domain are typically static, and many situations are highly dynamic involving changing circumstances of patient care priorities or new vulnerabilities detected at runtime. Thus, there is a clear need to support dynamic, runtime cybersecurity risk assessment where new events are reflected automatically in risk levels, and appropriate controls are recommended for unacceptable risks to return the residual risk to an acceptable level. In the EU project NEMECYS, we are developing an approach to dynamic cyber risk assessment for CMDs. The objective of this paper is to provide a high-level introduction to the NEMECYS project, and then explain in more detail our proposed dynamic cyber risk assessment approach for CMDs.
Read the publication

Category

Academic chapter

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Sustainable Communication Technologies
  • SINTEF Digital / Software Engineering, Safety and Security
  • University of Southampton

Year

2024

Publisher

CEUR Workshop Proceedings

Book

Joint Proceedings of RCIS 2024 Workshops and Research Projects Track co-located with the 18th International Conferecence on Research Challenges in Information Science (RCIS 2024)

ISBN

9783031594649

View this publication at Norwegian Research Information Repository