The technological advancements of the past few decades have established a range of new devices to people’s lives, with a lot of them satisfying the heightened thirst for making our planet smart. COVID-19 pandemic and the need for social distancing have also maximized the need for communication channels between different Information and Communications Technology (ICT) infrastructures, where Artificial Intelligence, Industrial Control Systems (ICS) and Internet of Things (IoT) play an important role. The IoT term can encompass any form of device that is connected to the Internet, but mostly refers to sensors and other devices which autonomously communicate with each other to share information. Such changes, however, are far more sophisticated than we can imagine and with them came new waves of cyber-attacks, raising security and privacy issues. A report from F5 labs found a 280% growth in attacks on IoT devices, while Symantec’s report for the year 2016-2017 showed a 600% growth of IoT cyber-attacks. The healthcare sector, where sensitive information is processed every moment and the race for contact tracing applications has promoted the need for privacy, relies heavily on interconnected IoT solutions.
This is a constantly increasing data-driven ecosystem populated by Internet-connected devices, shared medical databases and networks, and it is precisely this interconnected nature and the high criticality of the sector that makes attractive and profitable to cyberattacks, which range from general-purpose and often indiscriminate ransomware bringing down whole hospitals’ networks to highly targeted attacks utilizing advanced backdoor malware. The causes for security incidents are equally diverse, and include from negligent users, insiders and compromised customer networks to poorly secured medical devices (mostly legacy) and AI-assisted diagnosis systems. The limited security awareness in the sector and the decentralized nature of the complex ICT infrastructures amplify the situation. Indeed, the prevalence of connected devices creates a fertile ground for cascading cyber-attacks. Only in June 2020, 92 security incidents resulted in 7 billion records being breached, with many of them coming from healthcare infrastructures. Orangeworm, first identified in 2015, made its appearance again with a backdoor targeting the healthcare ecosystem, which upon initial infection propagates within the network and gains access to sensitive information. It affected hospitals, pharmaceutical companies, and medical equipment manufacturers, and even X-ray and Magnetic Resonance Imaging (MRI) machines. As the number of connected IoT devices worldwide is expected to reach 75.44 billion by 2025, the global security community calls for an increased focus on securing them, especially those involved in the healthcare ecosystem, establishing trust among all the involved entities to avoid damages estimated at nearly 6 billion Euro per year.

In such a complex cyber risk environment where IoT devices are more necessary than ever to help the European and global population exit the COVID-19 crisis, SECANT argues that traditional platform-specific and attack-specific countermeasures developed in the industry need to be complemented by holistically strengthening the understanding of risks, at both human and technical level. The human factor, which is by default weakest link, requires intensive cybersecurity education, something that has been expressed repeatedly for over more than a decade [10]. On the technical point, the risks need to be understood and codified in ways that can be monitored and prevented not within the boundaries of a single organization in isolation, but across the complete spectrum of interacting IoT devices. SECANT proposal tackles both aspects head-on by placing an automated threat detection platform addressed to CERTs/CSIRTs that is capable of identifying threats and attacks, while promoting the situational security awareness as a priority within the complex ICT infrastructures, such as the healthcare ecosystem.