The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies

Kitty Kioskli; Daniele Dellagiacoma; Theofanis Fotis; Haralambos Mouratidis

doi:10.22667/JOWUA.2022.06.30.147

The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies

Kitty Kioskli, Daniele Dellagiacoma, Theofanis Fotis, Haralambos Mouratidis

Research output: Contribution to journal › Article › peer-review

Abstract

Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients’ data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.

Original language	English
Pages (from-to)	147-182
Number of pages	36
Journal	Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Volume	13
Issue number	2
DOIs	https://doi.org/10.22667/JOWUA.2022.06.30.147
Publication status	Published - 30 Jun 2022

Bibliographical note

Funding Information:
Kitty Kioskli has received a B.Sc. in Social Anthropology from Panteion University, an M.Sc. in Health Psychology from City, University of London, and a Ph.D. in Health Psychology from King’s College London. Her PhD was fully funded under a nationally competitive fellowship from Diabetes UK. Currently, Dr Kioskli is working as a Research Fellow at the University of Essex and as a Project Manager at Gruppo Maggioli. She has also co-founded trustilio B.V. a start-up consultancy providing services in cybersecurity, behaviour-change, business and research innovation where she acts as the CEO. Her research interests lie in the areas of cybersecurity, digital health, behaviour change, psychosocial and human factors. She is the author of a number of high-impact peer-reviewed publications, has presented in several national and international conferences and has received 4 awards in these fields. Meanwhile, she serves as an editorial review board member in a number of high-impact journals. She has also worked as a postdoctoral research fellow at City, University of London and University of Brighton, as a graduate teaching assistant at King’s College London and as a PhD tutor at the Brilliant Club. Finally, Dr Kioskli has served as a researcher in a plethora of European and national R&D projects.

Funding Information:
Haralambos Mouratidis is Professor of Software Systems Engineering and found-ing Director of the Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton. He is Fellow of the Higher Education Academy, and a vis-iting professor at the University of Ionian (Greece). His research interests lie in the intersection of security, privacy, and software engineering. He has pioneered work in developing methodologies, modelling languages, ontologies, tools and platforms to support the analysis, design, and monitoring of security, privacy, risk and trust for large-scale complex software systems. He has applied his theoretical work to practical applications in domains such as critical infrastructures, cloud computing, healthcare, telecommunications, banking, and e-commerce. He has published more than 150 papers (h-index 30) and he has led and/or participated in projects funded by the European Union (FP7, Horizon2020), EPSRC, the Royal Academy of Engineering, the Higher Education Funding Council of England (HEFCE), and the Japanese National Institute of Informatics to name few of the funders. He has also received funding for knowledge exchange and industrial projects from Innovate UK, the European Regional Development Fund, British Telecom, ELC, Powerchex, and FORD. He has strong experience of acting as evaluator for national and international funding bodies including the EPSRC, HEA, the EU, and various national councils and he has acted as invited subject expert for events organised by the EU, NATO and Innovate UK. He is member of working groups at ERCIM, IFIP and national initiatives related to security, privacy and trust.

Funding Information:
The research conducted in this paper was triggered by the authors’ involvement in the project ‘A Dynamic and Self-Organized Artificial Swarm Intelligence Solution for Security and Privacy Threats in Healthcare ICT Infrastructures’ (AI4HEALTHSEC) under grant agreement No 883273. The first author would also like to acknowledge the project ‘Affective based integrated care for better quality of life’ (TeNDER), funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 875325. The authors are grateful for the financial support of these projects that have received funding from the European Union’s Horizon 2020 research and innovation programme. The views expressed in this paper represent only the views of the authors and not of the European Commission or the partners in the above-mentioned projects.

Publisher Copyright:
© 2022, Innovative Information Science and Technology Research Group. All rights reserved.

Keywords

digital health
Living Lab
mitigation actions
privacy
security
supply chain

Access to Document

10.22667/JOWUA.2022.06.30.147Licence: Other

Cite this

@article{071bf522db864295aefb1a008220f6f9,

title = "The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies",

abstract = "Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients{\textquoteright} data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.",

keywords = "digital health, Living Lab, mitigation actions, privacy, security, supply chain",

author = "Kitty Kioskli and Daniele Dellagiacoma and Theofanis Fotis and Haralambos Mouratidis",

note = "Funding Information: Kitty Kioskli has received a B.Sc. in Social Anthropology from Panteion University, an M.Sc. in Health Psychology from City, University of London, and a Ph.D. in Health Psychology from King{\textquoteright}s College London. Her PhD was fully funded under a nationally competitive fellowship from Diabetes UK. Currently, Dr Kioskli is working as a Research Fellow at the University of Essex and as a Project Manager at Gruppo Maggioli. She has also co-founded trustilio B.V. a start-up consultancy providing services in cybersecurity, behaviour-change, business and research innovation where she acts as the CEO. Her research interests lie in the areas of cybersecurity, digital health, behaviour change, psychosocial and human factors. She is the author of a number of high-impact peer-reviewed publications, has presented in several national and international conferences and has received 4 awards in these fields. Meanwhile, she serves as an editorial review board member in a number of high-impact journals. She has also worked as a postdoctoral research fellow at City, University of London and University of Brighton, as a graduate teaching assistant at King{\textquoteright}s College London and as a PhD tutor at the Brilliant Club. Finally, Dr Kioskli has served as a researcher in a plethora of European and national R&D projects. Funding Information: Haralambos Mouratidis is Professor of Software Systems Engineering and found-ing Director of the Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton. He is Fellow of the Higher Education Academy, and a vis-iting professor at the University of Ionian (Greece). His research interests lie in the intersection of security, privacy, and software engineering. He has pioneered work in developing methodologies, modelling languages, ontologies, tools and platforms to support the analysis, design, and monitoring of security, privacy, risk and trust for large-scale complex software systems. He has applied his theoretical work to practical applications in domains such as critical infrastructures, cloud computing, healthcare, telecommunications, banking, and e-commerce. He has published more than 150 papers (h-index 30) and he has led and/or participated in projects funded by the European Union (FP7, Horizon2020), EPSRC, the Royal Academy of Engineering, the Higher Education Funding Council of England (HEFCE), and the Japanese National Institute of Informatics to name few of the funders. He has also received funding for knowledge exchange and industrial projects from Innovate UK, the European Regional Development Fund, British Telecom, ELC, Powerchex, and FORD. He has strong experience of acting as evaluator for national and international funding bodies including the EPSRC, HEA, the EU, and various national councils and he has acted as invited subject expert for events organised by the EU, NATO and Innovate UK. He is member of working groups at ERCIM, IFIP and national initiatives related to security, privacy and trust. Funding Information: The research conducted in this paper was triggered by the authors{\textquoteright} involvement in the project {\textquoteleft}A Dynamic and Self-Organized Artificial Swarm Intelligence Solution for Security and Privacy Threats in Healthcare ICT Infrastructures{\textquoteright} (AI4HEALTHSEC) under grant agreement No 883273. The first author would also like to acknowledge the project {\textquoteleft}Affective based integrated care for better quality of life{\textquoteright} (TeNDER), funded by the European Union{\textquoteright}s Horizon 2020 research and innovation programme under grant agreement No 875325. The authors are grateful for the financial support of these projects that have received funding from the European Union{\textquoteright}s Horizon 2020 research and innovation programme. The views expressed in this paper represent only the views of the authors and not of the European Commission or the partners in the above-mentioned projects. Publisher Copyright: {\textcopyright} 2022, Innovative Information Science and Technology Research Group. All rights reserved.",

year = "2022",

month = jun,

day = "30",

doi = "10.22667/JOWUA.2022.06.30.147",

language = "English",

volume = "13",

pages = "147--182",

number = "2",

}

Kioskli, K, Dellagiacoma, D, Fotis, T & Mouratidis, H 2022, 'The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies', Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, vol. 13, no. 2, pp. 147-182. https://doi.org/10.22667/JOWUA.2022.06.30.147

The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies. / Kioskli, Kitty; Dellagiacoma, Daniele; Fotis, Theofanis et al.
In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, Vol. 13, No. 2, 30.06.2022, p. 147-182.

Research output: Contribution to journal › Article › peer-review

TY - JOUR

T1 - The supply chain of a Living Lab

T2 - Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies

AU - Kioskli, Kitty

AU - Dellagiacoma, Daniele

AU - Fotis, Theofanis

AU - Mouratidis, Haralambos

N1 - Funding Information: Kitty Kioskli has received a B.Sc. in Social Anthropology from Panteion University, an M.Sc. in Health Psychology from City, University of London, and a Ph.D. in Health Psychology from King’s College London. Her PhD was fully funded under a nationally competitive fellowship from Diabetes UK. Currently, Dr Kioskli is working as a Research Fellow at the University of Essex and as a Project Manager at Gruppo Maggioli. She has also co-founded trustilio B.V. a start-up consultancy providing services in cybersecurity, behaviour-change, business and research innovation where she acts as the CEO. Her research interests lie in the areas of cybersecurity, digital health, behaviour change, psychosocial and human factors. She is the author of a number of high-impact peer-reviewed publications, has presented in several national and international conferences and has received 4 awards in these fields. Meanwhile, she serves as an editorial review board member in a number of high-impact journals. She has also worked as a postdoctoral research fellow at City, University of London and University of Brighton, as a graduate teaching assistant at King’s College London and as a PhD tutor at the Brilliant Club. Finally, Dr Kioskli has served as a researcher in a plethora of European and national R&D projects. Funding Information: Haralambos Mouratidis is Professor of Software Systems Engineering and found-ing Director of the Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton. He is Fellow of the Higher Education Academy, and a vis-iting professor at the University of Ionian (Greece). His research interests lie in the intersection of security, privacy, and software engineering. He has pioneered work in developing methodologies, modelling languages, ontologies, tools and platforms to support the analysis, design, and monitoring of security, privacy, risk and trust for large-scale complex software systems. He has applied his theoretical work to practical applications in domains such as critical infrastructures, cloud computing, healthcare, telecommunications, banking, and e-commerce. He has published more than 150 papers (h-index 30) and he has led and/or participated in projects funded by the European Union (FP7, Horizon2020), EPSRC, the Royal Academy of Engineering, the Higher Education Funding Council of England (HEFCE), and the Japanese National Institute of Informatics to name few of the funders. He has also received funding for knowledge exchange and industrial projects from Innovate UK, the European Regional Development Fund, British Telecom, ELC, Powerchex, and FORD. He has strong experience of acting as evaluator for national and international funding bodies including the EPSRC, HEA, the EU, and various national councils and he has acted as invited subject expert for events organised by the EU, NATO and Innovate UK. He is member of working groups at ERCIM, IFIP and national initiatives related to security, privacy and trust. Funding Information: The research conducted in this paper was triggered by the authors’ involvement in the project ‘A Dynamic and Self-Organized Artificial Swarm Intelligence Solution for Security and Privacy Threats in Healthcare ICT Infrastructures’ (AI4HEALTHSEC) under grant agreement No 883273. The first author would also like to acknowledge the project ‘Affective based integrated care for better quality of life’ (TeNDER), funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 875325. The authors are grateful for the financial support of these projects that have received funding from the European Union’s Horizon 2020 research and innovation programme. The views expressed in this paper represent only the views of the authors and not of the European Commission or the partners in the above-mentioned projects. Publisher Copyright: © 2022, Innovative Information Science and Technology Research Group. All rights reserved.

PY - 2022/6/30

Y1 - 2022/6/30

N2 - Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients’ data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.

AB - Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients’ data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.

KW - digital health

KW - Living Lab

KW - mitigation actions

KW - privacy

KW - security

KW - supply chain

UR - http://www.scopus.com/inward/record.url?scp=85134539977&partnerID=8YFLogxK

U2 - 10.22667/JOWUA.2022.06.30.147

DO - 10.22667/JOWUA.2022.06.30.147

M3 - Article

AN - SCOPUS:85134539977

SN - 2093-5374

VL - 13

SP - 147

EP - 182

JO - Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

JF - Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

IS - 2

ER -

The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this