ICU threat model

Who:  University of Canberra and Flinders University

What: Intensive Care Units (ICUs) are the only health sector infrastructure designated as “critical infrastructure asset” in the context of the Security of Critical Infrastructure (SOCI) Act. Current understanding does not go much further than suspecting that ICUs will be subject to cascading failures caused by attacks to other parts of a hospital. Without such knowledge, targeted investments in defending ICUs, as required by SOCI, are hard to define and justify. The aim is to identify ways to defend ICUs from cyber-attacks by applying the MITRE Att@ck framework to the ICU use case.