A comparative framework for cyber threat modelling: case of healthcare and industrial control systems

Taofeek Mobolarinwa Balogun, Hayretdin Bahsi, Omer F. Keskin, Unal Tatar

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Cyberattacks target organisations and cause property loss, disruption of operation, and for healthcare facilities, even loss of life. With the advent of the internet of things (IoT) devices, the attack surface has extended significantly. Organisations need a cyber threat modelling approach to assess their network from the attackers’ perspective to safeguard their assets better. In this study, a framework was developed to compare cyber threat modelling of various IoT networks by focusing on the capabilities of the threat actors in the light of various factors, such as accessibility, stealth, technical ability, and time. The developed framework is applied to two different networks: SCADA and healthcare IoT infrastructure for demonstration. The results suggest that it is possible to cause a physical impact in IoT-based healthcare systems by using less sophisticated cyberattacks.

Original languageEnglish (US)
Pages (from-to)405-431
Number of pages27
JournalInternational Journal of Critical Infrastructures
Volume19
Issue number5
DOIs
StatePublished - 2023
Externally publishedYes

Keywords

  • attack sophistication
  • attack trees
  • cyberattack
  • healthcare
  • internet of things
  • IoT
  • SCADA
  • threat modelling

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • General Environmental Science
  • General Energy

Fingerprint

Dive into the research topics of 'A comparative framework for cyber threat modelling: case of healthcare and industrial control systems'. Together they form a unique fingerprint.

Cite this