Cyber Security of Critical Healthcare Infrastructure – ICUs 

In Australia, Intensive Care Units (ICUs) have been designated as critical infrastructure in the framework of the Security of Critical Infrastructure Act (SOCI 2018). Practically applicable cyber threat models focusing on protecting the availability of ICU systems do not yet exist and are needed to define and justify targeted investments in defending ICUs as required by SOCI. Two NIIN affiliated partners, the University of Canberra and Flinders University, led by Cisco Research Chairs Professor Frank den Hartog and Professor Trish Williams from the 2 universities respectively, are jointly working to develop a first version of cyber threat models for ICUs. 

By applying benchmarked methodologies from MITRE ATT@CK and OWASP, they have identified 13 immediate threats, varying from ransonware attacks to malware infections of ICU systems, insider threats, and DDoS attacks. In addition, a key valuable insight revealed that ICUs rely on a complex web of interconnected assets – medical devices, information systems, network infrastructure, and cloud services. This interconnectedness increases the attack surface, and could allow vulnerabilities in one area to propagate the impact of an attack to other parts of the connected systems, leading to broader disruptions. 

The next phase of this research will involve an online survey involving cyber experts and healthcare IT experts, to further ascertain the likelihood of the 13 attacks and its impact to ICU systems. Interested cyber and healthcare IT experts can contact the chief investigator, Professor Frank den Hartog to be included in this upcoming phase of the research.