George Stergiopoulos scite author profile

The Internet of Medical Things (IoMT) couples IoT technologies with healthcare services in order to support real-time, remote patient monitoring and treatment. However, the interconnectivity of critical medical devices with other systems in various network layers creates new opportunities for remote adversaries. Since most of the communication protocols have not been specifically designed for the needs of connected medical devices, there is a need to classify the available IoT communication technologies in terms of security. In this paper we classify IoT communication protocols, with respect to their application in IoMT. Then we describe the main characteristics of IoT communication protocols used at the perception, network and application layer of medical devices. We examine the inherent security characteristics and limitations of IoMT-specific communication protocols. Based on realistic attacks we identify available mitigation controls that may be applied to secure IoMT communications, as well as existing research and implementation gaps.

show abstract

Risk mitigation strategies for critical infrastructures based on graph centrality analysis

Stergiopoulos

Kotzanikolaou

Theocharidou

et al. 2015

International Journal of Critical Infrastructure Protection

View full text Add to dashboard Cite

a b s t r a c tDependency risk graphs have been proposed as a tool for analyzing cascading failures due to critical infrastructure dependency chains. However, dependency chain analysis is not by itself adequate to develop an efficient risk mitigation strategy -one that specifies which critical infrastructures should have high priority for applying mitigation controls in order to achieve an optimal reduction in the overall risk. This paper extends previous dependency risk analysis research to implement efficient risk mitigation. This is accomplished by exploring the relation between dependency risk paths and graph centrality characteristics. Graph centrality metrics are applied to design and evaluate the effectiveness of alternative risk mitigation strategies. The experimental evaluations are based on random graphs that simulate common critical infrastructure dependency characteristics as identified by recent empirical studies. The experimental results are used to specify an algorithm that prioritizes critical infrastructure nodes for applying controls in order to achieve efficient risk mitigation.

show abstract

Cyber-Attacks on the Oil & Gas Sector: A Survey on Incident Assessment and Attack Patterns

Stergiopoulos

Gritzalis

Limnaios³

2020

IEEE Access

View full text Add to dashboard Cite

During the past two decades, oil and gas operational and information technology systems have experienced constant digital growth, closely followed by an increasing number of cyber-attacks on the newly interconnected systems. Adversaries exploit vulnerable accessible device or malware attacks networked services, in an attempt to gain access to critical systems and machinery that are interconnected over networks. Given the importance of the oil and gas sector on the global economy and the diversity of critical systems often being controlled over remote locations, it is highly important to understand and mitigate such attacks. In this paper, we survey cyber-attacks on all three domains of the oil and gas sector (upstream, midstream, downstream) starting from the early 90s up until 2020. For each domain, we document and analyze verified attacks based on real-world reports and published demo attacks on systems. We map and catalogue the attack types used in each case, in order to understand common and subliminal attack paths against oil and gas critical operations. Our aim is threefold, i.e., first, to assess documented attacks using standardized impact assessment techniques and highlight potential consequences of cyber-attacks on this sector, second, to build a vulnerability taxonomy based on technical knowledge gathered by all such incidents and connect each vulnerability with oil and gas systems and respective attack paths, and third, to map the documented knowledge and taxonomies with MITRE's international knowledge base of Adversary Tactics and Techniques, so as to provide a general guide for analyzing and protecting against cyber-attacks at oil and gas infrastructures.

show abstract

Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative Appraisal

et al. 2021

View full text Add to dashboard Cite

The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices form part of a distributed and trustless environment and naturally support functionalities that favor reliability and usability instead of security. In this work we present a survey of risk assessment and mitigation methodologies for IoMT. For conducting the survey, we assess two streams of literature. First, we systematically review and classify the current scientific research in IoMT risk assessment methodologies. Second, we review existing standards/best practices for IoMT security assessment and mitigation in order to i) provide a comparative assessment of these standards/best practices on the basis of predefined criteria (scope and/or coverage, maturity level, and relevant risk methodology applied) and ii) identify common themes for IoMT security controls. Based on the analysis, we provide various IoMT research and implementation gaps along with a road map of fruitful areas for future research. The paper could be of significant value to security assessment researchers and policymakers/stakeholders in the health care industry.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.