Model-based Management of Cyber Resiliency for Healthcare Systems

  • Myrsini Athinaiou

Student thesis: Doctoral Thesis


Ad hoc cyber resiliency can introduce delays and further vulnerabilities resulting in increased threats, impacts and costs. Within the healthcare context, these delays can cause physical harm to patients. Research has shown that a priori evaluation of cyber resiliency plans can reduce or avoid such delays. However, the absence of an approved catalogue of cyber resiliency requirements and the lack of semantic interoperability among the available cyber resiliency standards and frameworks leave healthcare infrastructures puzzled. This study aims to determine how current domain knowledge can assist healthcare systems to be more cyber resilient by design.Building on existing cyber resiliency work, it asks how a socio-technical a priory analysis approach could help healthcare systems become more cyber resilient by design. In this context, cyber resiliency is defined as the ability to analyse resiliency capabilities at a cyber security requirements level, to maintain a set of security constraints by reducing the impact and likelihood of adverse occurrences that violate security constraints.

Based on a literature review and specification of stakeholders as individuals or/and organisations affected by the proposed treatment, we designed a domain model that semantically aligns concepts and their relations. In this way, we were able to describe the entities of the problem domain space. To manage these entities, we needed to search for ways to measure them. Using the existing literature and combining it with the metrics of relevance to how we defined cyber resiliency, utilising the Goal, Question, Metrics (GQM) approach, we enhanced the attributes of the domain model with resiliency metrics.

To examine if the existing cyber security languages express cyber resiliency concerns, we used a case study to apply them and compare them. That resulted in association tables among their semantic and syntactic capabilities. It also allowed us to identify Secure Tropos as a modelling language that had the most expressivity. Hence, we extended Secure Tropos to cover the cyber resiliency domain entities as expressed in the domain model. To allow stakeholders to use our methodology, we designed a process based on observed patterns in the literature. We also tried ourselves in small case studies to identify a meaningful analysis path. This endeavour led us to the design of a relevant process using SPEM 2.0. Furthermore, to support the reasoning using the modelled metrics, we designed algorithms that automated some aspects of cyber resiliency analysis. We developed a software tool to demonstrate and test the above components of our approach that we named Built-In resilieNcy Analysis (BINA).

To evaluate our treatment (BINA), we used two case studies from the health care domain. In this way, we were able to demonstrate the applicability and benefits of applying the BINA approach. Then we interviewed Chief Technology
/Information Officers working for medical device manufacturers and hospitals and Software Engineers with more than 15 years of experience. The interviews involved a brief presentation of the BINA approach, which they implemented in a small case study. Subsequently, they filled in a questionnaire that asked for their feedback regarding the modelling language, the process, the automation and the tool. We also had the opportunity to apply BINA to an actual case study in an ongoing Brighton and Hove living lab project. This allowed us to analyse the cyber resiliency of a healthcare system under development. The combination of the different evaluation methods contributed to the reduction of biases and threats against validity.

Date of AwardJan 2022
Original languageEnglish
Awarding Institution
  • University of Brighton
SupervisorHaralambos Mouratidis (Supervisor), Michalis Pavlidis (Supervisor) & Theo Fotis (Supervisor)

Cite this