EFLM Task Force Preparation of Labs for Emergencies (TF-PLE) recommendations for reinforcing cyber-security and managing cyber-attacks in medical laboratories.

The healthcare systems are a prime target for cyber-attacks due to the sensitive nature of the information combined with the essential need for continuity of care. Medical laboratories are particularly vulnerable to cyber-attacks for a number of reasons, including the high level of information technology (IT), computerization and digitization. Based on reliable and widespread evidence that medical laboratories may be inadequately prepared for cyber-terrorism, a panel of experts of the Task Force Preparation of Labs for Emergencies (TF-PLE) of the European Federation of Clinical Chemistry and Laboratory Medicine (EFLM) has recognized the need to provide some general guidance that could help medical laboratories to be less vulnerable and better prepared for the dramatic circumstance of a disruptive cyber-attack, issuing a number of consensus recommendations, which are summarized and described in this opinion paper.

Behind the mask: a critical perspective on the ethical, moral, and legal implications of AI in ophthalmology.

PURPOSE: This narrative review aims to provide an overview of the dangers, controversial aspects, and implications of artificial intelligence (AI) use in ophthalmology and other medical-related fields. METHODS: We conducted a decade-long comprehensive search (January 2013-May 2023) of both academic and grey literature, focusing on the application of AI in ophthalmology and healthcare. This search included key web-based academic databases, non-traditional sources, and targeted searches of specific organizations and institutions. We reviewed and selected documents for relevance to AI, healthcare, ethics, and guidelines, aiming for a critical analysis of ethical, moral, and legal implications of AI in healthcare. RESULTS: Six main issues were identified, analyzed, and discussed. These include bias and clinical safety, cybersecurity, health data and AI algorithm ownership, the "black-box" problem, medical liability, and the risk of widening inequality in healthcare. CONCLUSION: Solutions to address these issues include collecting high-quality data of the target population, incorporating stronger security measures, using explainable AI algorithms and ensemble methods, and making AI-based solutions accessible to everyone. With careful oversight and regulation, AI-based systems can be used to supplement physician decision-making and improve patient care and outcomes.

The Utilization of Blockchain for Data Security for the Chronic Pain Physician.

PURPOSE OF REVIEW: The COVID-19 pandemic accelerated the surge in medical data utilization, notably impacting chronic pain management given its enormous economist cost. While the collection and use of data enhances research and care quality, data exchange risks compromising integrity and privacy, exemplified by the Change Healthcare cyberattack. Here, we review the potential of blockchain for the utilization for cybersecurity in the healthcare system with an emphasis on the field of chronic pain. RECENT FINDINGS: Blockchain technology emerges as a potential solution, offering decentralized, secure, and immutable data management. Blockchain ensures transparency, integrity, and data privacy, which is crucial in healthcare. Smart contracts may offer automated, secure management of implantable neuromodulation devices such as spinal cord stimulators and intrathecal pumps. Blockchain's potential in pharmaceutical supply chain integrity is exemplified in preliminary efforts ensuring that the medication retrieved by the patient is indeed the intended medication. Despite limitations such as speed of transactions, blockchain presents innovative avenues for healthcare security and quality improvement, necessitating further development for widespread implementation. Blockchain's applicability is not only applicable to chronic pain management, but can be used in medicine as a whole.

Insights From a Clinically Orientated Workshop on Health Care Cybersecurity and Medical Technology: Observational Study and Thematic Analysis.

BACKGROUND: Health care professionals receive little training on the digital technologies that their patients rely on. Consequently, practitioners may face significant barriers when providing care to patients experiencing digitally mediated harms (eg, medical device failures and cybersecurity exploits). Here, we explore the impact of technological failures in clinical terms. OBJECTIVE: Our study explored the key challenges faced by frontline health care workers during digital events, identified gaps in clinical training and guidance, and proposes a set of recommendations for improving digital clinical practice. METHODS: A qualitative study involving a 1-day workshop of 52 participants, internationally attended, with multistakeholder participation. Participants engaged in table-top exercises and group discussions focused on medical scenarios complicated by technology (eg, malfunctioning ventilators and malicious hacks on health care apps). Extensive notes from 5 scribes were retrospectively analyzed and a thematic analysis was performed to extract and synthesize data. RESULTS: Clinicians reported novel forms of harm related to technology (eg, geofencing in domestic violence and errors related to interconnected fetal monitoring systems) and barriers impeding adverse event reporting (eg, time constraints and postmortem device disposal). Challenges to providing effective patient care included a lack of clinical suspicion of device failures, unfamiliarity with equipment, and an absence of digitally tailored clinical protocols. Participants agreed that cyberattacks should be classified as major incidents, with the repurposing of existing crisis resources. Treatment of patients was determined by the role technology played in clinical management, such that those reliant on potentially compromised laboratory or radiological facilities were prioritized. CONCLUSIONS: Here, we have framed digital events through a clinical lens, described in terms of their end-point impact on the patient. In doing so, we have developed a series of recommendations for ensuring responses to digital events are tailored to clinical needs and center patient care.

Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review.

BACKGROUND: Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. OBJECTIVE: From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). METHODS: An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: "(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)." Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. RESULTS: In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. CONCLUSIONS: This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner.

The need for cybersecurity self-evaluation in healthcare.

The Australian healthcare sector is a complex mix of government departments, associations, providers, professionals, and consumers. Cybersecurity attacks, which have recently increased, challenge the sector in many ways; however, the best approaches for the sector to manage the threat are unclear. This study will report on a semi-structured focus group conducted with five representatives from the Australian healthcare and computer security sectors. An analysis of this focus group transcript yielded four themes: 1) the challenge of securing the Australian healthcare landscape; 2) the financial challenges of cybersecurity in healthcare; 3) balancing privacy and transparency; 4) education and regulation. The results indicate the need for sector-specific tools to empower the healthcare sector to mitigate cybersecurity threats, most notably using a self-evaluation tool so stakeholders can proactively prepare for incidents. Despite the vast amount of research into cybersecurity, little has been conducted on proactive cybersecurity approaches where security weaknesses are identified weaknesses before they occur.

You cannot spell risk without "I-S": The disclosure of information systems risks by Fortune 1000 firms.

Cybersecurity events can cause business disruptions, health and safety repercussions, financial costs, and negative publicity for large firms, and executives rank cybersecurity as a top operational concern. Although cybersecurity may be the most publicized information systems (IS) risk, large firms face a range of IS risks. Over the past three decades, researchers developed frameworks to categorize and evaluate IS risks. However, there have been few updates to these frameworks despite numerous technological advances, and we are not aware of any research that uses empirical data to map actual IS risks cited by large firms to these frameworks. To address this gap, we coded and analyzed text data from Item 1A (Risk Factors) of the fiscal year 2020 Securities and Exchange Commission Forms 10-K for all Fortune 1000 firms. We build on prior research to develop a framework that places 25 IS risks into four quadrants and 10 categories, and we record the number and type of IS risks cited by each firm. The risk of cyberattack is cited by virtually all Fortune 1000 firms, and the risk of software/hardware failure is cited by 90% of Fortune 1000 firms. Risks associated with data privacy law compliance are cited by 70% of Fortune 1000 firms, and risks associated with internet/telecommunications/power outage, human error, and natural disasters/terrorism are cited by 60% of Fortune 1000 firms. We perform additional analysis to identify differences in risk citation based on industry and financial measures.

Machine learning and user interface for cyber risk management of water infrastructure.

With the continuous modernization of water plants, the risk of cyberattacks on them potentially endangers public health and the economic efficiency of water treatment and distribution. This article signifies the importance of developing improved techniques to support cyber risk management for critical water infrastructure, given an evolving threat environment. In particular, we propose a method that uniquely combines machine learning, the theory of belief functions, operational performance metrics, and dynamic visualization to provide the required granularity for attack inference, localization, and impact estimation. We illustrate how the focus on visual domain-aware anomaly exploration leads to performance improvement, more precise anomaly localization, and effective risk prioritization. Proposed elements of the method can be used independently, supporting the exploration of various anomaly detection methods. It thus can facilitate the effective management of operational risk by providing rich context information and bridging the interpretation gap.

Automotive Cybersecurity: A Survey on Frameworks, Standards, and Testing and Monitoring Technologies.

Modern vehicles are increasingly interconnected through various communication channels, which requires secure access for authorized users, the protection of driver assistance and autonomous driving system data, and the assurance of data integrity against misuse or manipulation. While these advancements offer numerous benefits, recent years have exposed many intrusion incidents, revealing vulnerabilities and weaknesses in current systems. To sustain and enhance the performance, quality, and reliability of vehicle systems, software engineers face significant challenges, including in diverse communication channels, software integration, complex testing, compatibility, core reusability, safety and reliability assurance, data privacy, and software security. Addressing cybersecurity risks presents a substantial challenge in finding practical solutions to these issues. This study aims to analyze the current state of research regarding automotive cybersecurity, with a particular focus on four main themes: frameworks and technologies, standards and regulations, monitoring and vulnerability management, and testing and validation. This paper highlights key findings, identifies existing research gaps, and proposes directions for future research that will be useful for both researchers and practitioners.

Malware Identification Method in Industrial Control Systems Based on Opcode2vec and CVAE-GAN.

Industrial Control Systems (ICSs) have faced a significant increase in malware threats since their integration with the Internet. However, existing machine learning-based malware identification methods are not specifically optimized for ICS environments, resulting in suboptimal identification performance. In this work, we propose an innovative method explicitly tailored for ICSs to enhance the performance of malware classifiers within these systems. Our method integrates the opcode2vec method based on preprocessed features with a conditional variational autoencoder-generative adversarial network, enabling classifiers based on Convolutional Neural Networks to identify malware more effectively and with some degree of increased stability and robustness. Extensive experiments validate the efficacy of our method, demonstrating the improved performance of malware classifiers in ICSs. Our method achieved an accuracy of 97.30%, precision of 92.34%, recall of 97.44%, and F1-score of 94.82%, which are the highest reported values in the experiment.

Identifying Tampered Radio-Frequency Transmissions in LoRa Networks Using Machine Learning.

Long-range networks, renowned for their long-range, low-power communication capabilities, form the backbone of many Internet of Things systems, enabling efficient and reliable data transmission. However, detecting tampered frequency signals poses a considerable challenge due to the vulnerability of LoRa devices to radio-frequency interference and signal manipulation, which can undermine both data integrity and security. This paper presents an innovative method for identifying tampered radio frequency transmissions by employing five sophisticated anomaly detection algorithms-Local Outlier Factor, Isolation Forest, Variational Autoencoder, traditional Autoencoder, and Principal Component Analysis within the framework of a LoRa-based Internet of Things network structure. The novelty of this work lies in applying image-based tampered frequency techniques with these algorithms, offering a new perspective on securing LoRa transmissions. We generated a dataset of over 26,000 images derived from real-world experiments with both normal and manipulated frequency signals by splitting video recordings of LoRa transmissions into frames to thoroughly assess the performance of each algorithm. Our results demonstrate that Local Outlier Factor achieved the highest accuracy of 97.78%, followed by Variational Autoencoder, traditional Autoencoder and Principal Component Analysis at 97.27%, and Isolation Forest at 84.49%. These findings highlight the effectiveness of these methods in detecting tampered frequencies, underscoring their potential for enhancing the reliability and security of LoRa networks.

Efficient Cyberattack Detection Methods in Industrial Control Systems.

The article deals with the issue of detecting cyberattacks on control algorithms running in a real Programmable Logic Controller (PLC) and controlling a real laboratory control plant. The vulnerability of the widely used Proportional-Integral-Derivative (PID) controller is investigated. Four effective, easy-to-implement, and relatively robust methods for detecting attacks on the control signal, output variable, and parameters of the PID controller are researched. The first method verifies whether the value of the control signal sent to the control plant in the previous step is the actual value generated by the controller. The second method relies on detecting sudden, unusual changes in output variables, taking into account the inertial nature of dynamic plants. In the third method, a copy of the controller parameters is used to detect an attack on the controller's parameters implemented in the PLC. The fourth method uses the golden run in attack detection.

Enhancing Maritime Cybersecurity through Operational Technology Sensor Data Fusion: A Comprehensive Survey and Analysis.

Cybersecurity is becoming an increasingly important aspect in ensuring maritime data protection and operational continuity. Ships, ports, surveillance and navigation systems, industrial technology, cargo, and logistics systems all contribute to a complex maritime environment with a significant cyberattack surface. To that aim, a wide range of cyberattacks in the maritime domain are possible, with the potential to infect vulnerable information and communication systems, compromising safety and security. The use of navigation and surveillance systems, which are considered as part of the maritime OT sensors, can improve maritime cyber situational awareness. This survey critically investigates whether the fusion of OT data, which are used to provide maritime situational awareness, may also improve the ability to detect cyberincidents in real time or near-real time. It includes a thorough analysis of the relevant literature, emphasizing RF but also other sensors, and data fusion approaches that can help improve maritime cybersecurity.

Enhancing the Internet of Medical Things (IoMT) Security with Meta-Learning: A Performance-Driven Approach for Ensemble Intrusion Detection Systems.

This paper investigates the application of ensemble learning techniques, specifically meta-learning, in intrusion detection systems (IDS) for the Internet of Medical Things (IoMT). It underscores the existing challenges posed by the heterogeneous and dynamic nature of IoMT environments, which necessitate adaptive, robust security solutions. By harnessing meta-learning alongside various ensemble strategies such as stacking and bagging, the paper aims to refine IDS mechanisms to effectively counter evolving cyber threats. The study proposes a performance-driven weighted meta-learning technique for dynamic assignment of voting weights to classifiers based on accuracy, loss, and confidence levels. This approach significantly enhances the intrusion detection capabilities for the IoMT by dynamically optimizing ensemble IDS models. Extensive experiments demonstrate the proposed model's superior performance in terms of accuracy, detection rate, F1 score, and false positive rate compared to existing models, particularly when analyzing various sizes of input features. The findings highlight the potential of integrating meta-learning in ensemble-based IDS to enhance the security and integrity of IoMT networks, suggesting avenues for future research to further advance IDS performance in protecting sensitive medical data and IoT infrastructures.

Proactive Threat Hunting in Critical Infrastructure Protection through Hybrid Machine Learning Algorithm Application.

Cyber-security challenges are growing globally and are specifically targeting critical infrastructure. Conventional countermeasure practices are insufficient to provide proactive threat hunting. In this study, random forest (RF), support vector machine (SVM), multi-layer perceptron (MLP), AdaBoost, and hybrid models were applied for proactive threat hunting. By automating detection, the hybrid machine learning-based method improves threat hunting and frees up time to concentrate on high-risk warnings. These models are implemented on approach devices, access, and principal servers. The efficacy of several models, including hybrid approaches, is assessed. The findings of these studies are that the AdaBoost model provides the highest efficiency, with a 0.98 ROC area and 95.7% accuracy, detecting 146 threats with 29 false positives. Similarly, the random forest model achieved a 0.98 area under the ROC curve and a 95% overall accuracy, accurately identifying 132 threats and reducing false positives to 31. The hybrid model exhibited promise with a 0.89 ROC area and 94.9% accuracy, though it requires further refinement to lower its false positive rate. This research emphasizes the role of machine learning in improving cyber-security, particularly for critical infrastructure. Advanced ML techniques enhance threat detection and response times, and their continuous learning ability ensures adaptability to new threats.

Security Evaluation of Companion Android Applications in IoT: The Case of Smart Security Devices.

Smart security devices, such as smart locks, smart cameras, and smart intruder alarms are increasingly popular with users due to the enhanced convenience and new features that they offer. A significant part of this convenience is provided by the device's companion smartphone app. Information on whether secure and ethical development practices have been used in the creation of these applications is unavailable to the end user. As this work shows, this means that users are impacted both by potential third-party attackers that aim to compromise their device, and more subtle threats introduced by developers, who may track their use of their devices and illegally collect data that violate users' privacy. Our results suggest that users of every application tested are susceptible to at least one potential commonly found vulnerability regardless of whether their device is offered by a known brand name or a lesser-known manufacturer. We present an overview of the most common vulnerabilities found in the scanned code and discuss the shortcomings of state-of-the-art automated scanners when looking at less structured programming languages such as C and C++. Finally, we also discuss potential methods for mitigation, and provide recommendations for developers to follow with respect to secure coding practices.

Green Intrusion Detection Systems: A Comprehensive Review and Directions.

Intrusion detection systems have proliferated with varying capabilities for data generation and learning towards detecting abnormal behavior. The goal of green intrusion detection systems is to design intrusion detection systems for energy efficiency, taking into account the resource constraints of embedded devices and analyzing energy-performance-security trade-offs. Towards this goal, we provide a comprehensive survey of existing green intrusion detection systems and analyze their effectiveness in terms of performance, overhead, and energy consumption for a wide variety of low-power embedded systems such as the Internet of Things (IoT) and cyber physical systems. Finally, we provide future directions that can be leveraged by existing systems towards building a secure and greener environment.

Firmware Updates over the Air via LoRa: Unicast and Broadcast Combination for Boosting Update Speed.

The capacity to update firmware is a vital component in the lifecycle of Internet of Things (IoT) devices, even those with restricted hardware resources. This paper explores the best way to wirelessly (Over The Air, OTA) update low-end IoT nodes with difficult access, combining the use of unicast and broadcast communications. The devices under consideration correspond to a recent industrial IoT project that focuses on the installation of intelligent lighting systems within ATEX (potentially explosive atmospheres) zones, connected via LoRa to a gateway. As energy consumption is not limited in this use case, the main figure of merit is the total time required for updating a project. Therefore, the objective is to deliver all the fragments of the firmware to each and all the nodes in a safe way, in the least amount of time. Three different methods, combining unicast and broadcast transmissions in different ways, are explored analytically, with the aim of obtaining the expected update time. The methods are also tested via extensive simulations, modifying different parameters such as the size of the scenario, the number of bytes of each firmware chunk, the number of nodes, and the number of initial broadcast rounds. The simulations show that the update time of a project can be significant, considering the limitations posed by regulations, in terms of the percentage of airtime consumption. However, significant time reductions can be achieved by using the proper method: in some cases, when the number of nodes is high, the update time can be reduced by two orders of magnitude if the correct method is chosen. Moreover, one of the proposed methods is implemented using actual hardware. This real implementation is used to perform firmware update experiments in a lab environment. Overall, the article illustrates the advantage of broadcast approaches in this kind of technology, in which the transmission rate is constant despite the distance between the gateway and the node. However, the advantage of these broadcast methods with respect to the unicast one could be mitigated if the nodes do not run exactly the same firmware version, since the control of the broadcast update would be more difficult and the total update time would increase.

Novel Machine Learning Approach for DDoS Cloud Detection: Bayesian-Based CNN and Data Fusion Enhancements.

Cloud computing has revolutionized the information technology landscape, offering businesses the flexibility to adapt to diverse business models without the need for costly on-site servers and network infrastructure. A recent survey reveals that 95% of enterprises have already embraced cloud technology, with 79% of their workloads migrating to cloud environments. However, the deployment of cloud technology introduces significant cybersecurity risks, including network security vulnerabilities, data access control challenges, and the ever-looming threat of cyber-attacks such as Distributed Denial of Service (DDoS) attacks, which pose substantial risks to both cloud and network security. While Intrusion Detection Systems (IDS) have traditionally been employed for DDoS attack detection, prior studies have been constrained by various limitations. In response to these challenges, we present an innovative machine learning approach for DDoS cloud detection, known as the Bayesian-based Convolutional Neural Network (BaysCNN) model. Leveraging the CICDDoS2019 dataset, which encompasses 88 features, we employ Principal Component Analysis (PCA) for dimensionality reduction. Our BaysCNN model comprises 19 layers of analysis, forming the basis for training and validation. Our experimental findings conclusively demonstrate that the BaysCNN model significantly enhances the accuracy of DDoS cloud detection, achieving an impressive average accuracy rate of 99.66% across 13 multi-class attacks. To further elevate the model's performance, we introduce the Data Fusion BaysFusCNN approach, encompassing 27 layers. By leveraging Bayesian methods to estimate uncertainties and integrating features from multiple sources, this approach attains an even higher average accuracy of 99.79% across the same 13 multi-class attacks. Our proposed methodology not only offers valuable insights for the development of robust machine learning-based intrusion detection systems but also enhances the reliability and scalability of IDS in cloud computing environments. This empowers organizations to proactively mitigate security risks and fortify their defenses against malicious cyber-attacks.

Bluetooth Device Identification Using RF Fingerprinting and Jensen-Shannon Divergence.

The proliferation of radio frequency (RF) devices in contemporary society, especially in the fields of smart homes, Internet of Things (IoT) gadgets, and smartphones, underscores the urgent need for robust identification methods to strengthen cybersecurity. This paper delves into the realms of RF fingerprint (RFF) based on applying the Jensen-Shannon divergence (JSD) to the statistical distribution of noise in RF signals to identify Bluetooth devices. Thus, through a detailed case study, Bluetooth RF noise taken at 5 Gsps from different devices is explored. A noise model is considered to extract a unique, universal, permanent, permanent, collectable, and robust statistical RFF that identifies each Bluetooth device. Then, the different JSD noise signals provided by Bluetooth devices are contrasted with the statistical RFF of all devices and a membership resolution is declared. The study shows that this way of identifying Bluetooth devices based on RFF allows one to discern between devices of the same make and model, achieving 99.5% identification effectiveness. By leveraging statistical RFFs extracted from noise in RF signals emitted by devices, this research not only contributes to the advancement of the field of implicit device authentication systems based on wireless communication but also provides valuable insights into the practical implementation of RF identification techniques, which could be useful in forensic processes.