To adequately validate the benefits and full set of features of the CyberSANE system, a set of pilot scenarios have been defined. Although CyberSANE will be applicable to various scenarios in a CIIs’ context, these three pilots, covering three sectors (energy, transportation and health) will be the basis of the project. These pilots will help in the formulation of a number of specific use cases as well as the determination of system requirements. These target scenarios will also have a central role in the project fr the assessment and validation of the proposed cyber innovations.
The three pilot scenarios are as follows:
- Solar Energy Production, Storage and Distribution
- Container Cargo Transportation Service
- Real-time patient monitoring and treatment service
Solar Energy Production, Storage and Distribution Service
Lightsource Labs from Ireland provide solar energy production, storage and distribution services. They operate an integrated platform (SIDE/Smartly Integrated Distributed Energy platform) as well as a number of digital services such as helping secure the electrical grid and reducing the cost of electricity. Their SIDE platform constitutes a smart software-hardware solution optimised for Grid-2-Home/Home-2-Grid distributed generation system. To do so, the platform incorporates a bundle of components such as :
- Range of web apps for the end user (SIDE UIs)
Enable users to see real-time power flow between the solar system, battery and the household grid.
- SIDE Gateway
Intermediate device between internal devices (sensors, smart meters, etc.) and the SIDE Platform which created data values from date control and collection.
- SIDE Virtual Power Plant (VPP)
Cloud infrastructure and software platform which operates a smart grid network of distributed assets interconnected securely via the SIDE Gateway.
- SIDE CRM
Bespoke back-office CRM application for the automation of the entire business process.
- SIDE IoT Platform and SIDE Panel
Abstract software framework (SIDE IoT) and Electrical panel (SIDE Panel) designed to accelerate the system installation process as well as eliminate connectivity errors.
- Against back-end SIDE Platform
Gaining unauthenticated remote access to IoT components and other entities to disrupt services and change their date set points or state.
- Against IT and communication systems
Used to process sensed data and transmit them to corresponding IT systems.
Container Cargo Transportation Service
The port of Valencia in Spain is the sixth largest port in Europe in terms of volume of traffic. It is also the top import, export and transshipment port in the Mediterranean. The automation of port terminal and intermodal container handling operations is very important and involves numerous different systems. They operate over three main family of systems:
- Information Technology (IT) systems
Including databases with operational and business information.
- Operational Technology (OT) systems
Supervisory Control And Data Acquisition (SCADA), controls physical processes (e.g. vessel unloading with yard tractors and forklifts with auxiliary equipment).
- Port Community System (PCS)
Supports port services such as management of docking and shipping of vessels.
- Against IT component
Complex threat scenarios with the purpose of disrupting port operations or facilitating illegal activities (smuggling materials, illegal immigrants, destroy major/critical infrastructure, etc.) aimed at obtaining financial, political/military or even ideological gain and benefits. They can also use sequenced attacks to infiltrate further into the cyber infrastructure (e.g. infiltrate port Wi-Fi, listen/modify/inject falsified data into network).
- Against OT networks
Targeting either corporate network or SCADA to gain unauthorised access to systems.
- Against PCS networks
Take advantage of software bugs/flaws if they exist thus interfering with the authorisation process, allowing a vessel carrying illegal or hazardous materials to enter, dock or even bypass port inspection.
Real-time Patient Monitoring and Treatment Service
This pilot scenario involves the remote monitoring and potential emergency treatment of patients in real-time. Inside the Klinikum Nuremberg in Germany, various important IT systems may store and process medical data (e.g. Electronic Health Record (EHR)/Electronic Medical Record (EMR)). To automatically collect and process these data, various medical devices and instruments are connected, through wired or wireless communications, with the EHR/EMR systems. For example, smart insertable cardiac monitoring devices may be connected to automatically inform the doctors with patient data, or they may be used by nurses to note the daily treatment/medication received by a patient. Also, medical instruments such as medical radiation devices can be connected to EHR/EMR IT systems to assist doctors during medical treatment. Other IT equipment may involve secondary services such as access to the internet. Outside the hospital, various medical IoT technologies can also be used to extend the provided medical services. For example, Implantable and Wearable Medical Devices (IMD/ WMD) can be used to monitor patient data and also to remotely treat a patient in emergency situations, such as inject insulin when the sensed data indicates that this is urgent. The IMD/WMD devices may be controlled by home monitoring or programming devices, which communicate with the IMD/WMD using short-range wireless communication protocols, while they communicate with the in-hospital EHR/EMR IT systems using Internet access.
- Hospital side
EHR/EMR IT and file systems are targets for ransomware attacks due to their importance for all medical data and services. Privacy loss is also highly important due to privacy regulations. Internet connected medical devices are an easy entry point for hackers due to their low security, allowing the attacker to access and attack IT systems or extract sensitive data.
- User side
Using vulnerable wireless communications can be used to attack the medical service and even cause physical damage to a patient (e.g. replaying or manipulating commands at the API used by the IMD/WMD devices, inject commands that may change the dosage of an insulin pimp, thus directly affecting the health of the patient).