From this moment on, Industry 4.0 has been appearing with different interpretations, although there is a unified definition. Industry 4.0 is an umbrella that encompasses nine technologies that help in the transformation of industrial production and process automation.

These technologies are:

• Big Data and Data Analysis
• Simulation
• Internet of Things (IoT)
• Augmented Reality
• Cloud Computing
• Additive Manufacturing
• Autonomous robotics
• Cybersecurity
• Integration systems

These technologies also have their direct application in the healthcare sector, thus giving rise to Health 4.0.

Health 4.0 differs from Industry 4.0 in the type of interaction. While the main interaction in the industrial domain is between humans/machines and machines, the main interaction in the healthcare domain is between humans and humans.

The reason why the healthcare sector is being engulfed by all these technologies is its evolution towards an increasingly personalized and patient-centric healthcare system. Examples of the nine technologies can be seen today in Health 4.0.

Some of them are 3D printing of tissues and implants derived from additive manufacturing, the Da Vinci robot as an example of autonomous robotics or the Internet of Medical Things (IoMT) as a derivation of IoT. On the other hand, there are applications that are the result of the synergy of several of these technologies.

Now, let’s talk about cybersecurity, which is the technology we are interested in. In this case, in the healthcare sector. We have already talked about data breaches and their problematic in another article, derived from the fact that the data used are very sensitive and a large number of users need to access them. However, it is necessary to reiterate their importance.

The healthcare sector is one of the most attacked sectors and where an interruption of its service would be most critical. During the Q3 quarter (July, August and September) it was the fourth most attacked sector. During the month of October we saw a case where a cyber attack paralyzed three large hospitals in Barcelona by suffering a ransomware. On the other hand, medical devices, characteristic of this sector, are not always updated or well secured. Failures in the systems of these devices do not always have to affect a hospital environment, such as vulnerabilities discovered in infusion pumps, but also people who use health care devices, such as insulin pumps.

It is therefore clear that cybersecurity in the healthcare sector is essential, even more so when the continuous development of emerging technologies helps millions of devices to interconnect in both large and small networks and exchange information with each other. The unsecured exposure of these devices leads to an increase in cyber-attacks on technologies that could be vulnerable. IoT devices that acquire data and communicate with the cloud are often the target of cyberattacks. On the other hand, Denial of Service attacks, botnets or phishing attacks are often related to the use of Big Data.

Finally, the risk of suffering possible incidents must be mitigated, for which there are different actions in healthcare systems. Some of the most important ones are listed below.

• Cybersecurity training for technical and healthcare personnel.
• Use of standards, protocols and regulations to improve cybersecurity in the healthcare sector. Some of the most important regulations in the healthcare sector are ISO 13485, ISO 27799 and RGPD, among others.
• Development and implementation of internal regulations for the proper use and installation of new devices, among others.
• Visibility and penetration tests in healthcare facilities or medical devices, to detect access points or abuses in device technologies.

References

• [1] Kagermann, H., Wahlster, W., Helbig, J.: Securing the future of German manufacturing industry: recommendations for implementing the strategic initiative INDUSTRIE 4.0. Final Report of the Industrie 4.0 Working Group (April), pp. 1–84 (2013)

La entrada Health 4.0: the importance of cybersecurity in the healthcare area aparece primero en Security Art Work.

Real examples show how there are more and more cyber-attacks targeting companies in the maritime sector. It is therefore essential to develop cybersecurity strategies based on system protection, attack detection and incident response capabilities. Cybersecurity must be considered from the design stage, thinking beyond functionality and considering it as a process that must be incorporated into the day-to-day operations of all companies.

Given the variety of industry best practice standards or mandatory regulations that have emerged on cybersecurity in the maritime sector, IACS, a non-governmental, technical-based organization of eleven major marine classification societies, has established new unified requirements (UR E26 and E27) on the cyber resilience of ships that will apply to ships contracted for construction on or after January 1, 2024. Cybersecurity will move from being an added value to a market requirement.

Humanity is facing new challenges that require, more than ever, a new comprehensive vision. As a result, all organizations, and society in general, are to a greater or lesser extent immersed in a process of digital transformation. This transformation is based on the incorporation of technology in all the organization’s business processes and hyperconnectivity. There has been a convergence between Information Systems (IT), Operation Systems (OT) and Consumer Technologies (CT), giving rise to an interconnected ecosystem in which the impact of one node can have direct implications for the entire chain.

From a cybersecurity standpoint, this systemic world leads to a high-risk scenario. As our business processes become more dependent on technology, the impact of a potential cyber-attack increases.

The hyperconnectivity of the systems that form the technological base on which we develop our business processes greatly expands the attack surface and, consequently, the probability of a cyber incident occurring.

According to the Allianz Global Corporate & Specialty Risk Barometer for the year 2023 (Allianz Risk Barometer: Identifying the major business risks for 2023), cyber incidents are the greatest danger for companies worldwide. This threat has been considered by 34% of the 2,712 risk management experts consulted in more than 94 countries and territories. It is worth noting that, a decade ago, cyber risk ranked fifteenth, with only 6% of responses. Awareness of the cyber threat has grown rapidly in recent years, driven by the increasing dependence of companies on their data and IT systems, as well as a number of incidents that have occurred.

It is noteworthy that the second greatest danger is business interruption, also with 34% consideration. It is worth noting that the same report includes a survey of 917 experts, which indicates that cyber incidents are considered by 45% of respondents as the most feared cause of business interruption.

So it can be concluded that directly and indirectly, 50% of respondents consider cyber incidents as the greatest danger to their company.

Evolution in the logistics sector

The logistics sector has evolved by introducing new technologies, which have made it possible to move from traditional logistics based on the lack of coordination between the different parties, with low-complexity cargo flows. That is to say, concrete and defined communication flows, and a rigid system where constant or periodic supplies predominate.

In today’s logistics industry, there is an increasing demand to optimize the supply chain. Physical transport time is invariant, so delivery schedules and routes, storage or transport methods must be optimized. In addition, there is an increasing and increasingly distributed demand. This has resulted in an evolution of the logistics sector towards more complex deployments with new environments and techniques, based on an increase in the number and frequency of communications, the introduction of centralized control systems and the introduction of new technologies that blur the border between IT and OT. With these advances comes a new concept, fleet management. It is about the administration of a group of elements of the same organization.

The shipbuilding sector: a strategic field in a global economy

As the pandemic has shown, there is a strong interdependence between producers and consumers, who can now be found anywhere in the world. They are connected, to a large extent, by maritime transport. Today, maritime transport is a fundamental pillar of the global economy.

The number of tons transported by ship globally has increased by a factor of 2.5 in the last 25 years (UNCTAD Handbook of Statistics 2022 – Maritime transport). The maritime transport sector involves a wide range of players, including shipbuilders or shipyards, shipping companies, shipping agents, ports themselves and the national and international bodies in charge of its regulation. In addition, it is deeply interconnected with other elements of logistics chains, such as rail and road transport of goods.

The case of ships: a large-scale intelligent system

Linked to the maritime sector, the shipping sector has traditionally worked with isolated elements, and with specific communications from control centers to monitor the position and route of transports. Nowadays, the interconnectivity of the elements has increased, so there are constant communications with the outside world, including communications between transports. Vehicles are now capable of receiving and interpreting information about other transports at the same time.

A vessel is a complex system where multiple systems interact: customer services, personnel from different departments, maintenance, cargo management, bridge control, etc. But it also requires continuous monitoring of the status of the systems and needs regular wireless communications with control centers at considerable distances (there is a wide range of technologies for remote communications).

Cybersecurity in the naval sector

The most common cybersecurity-related problems encountered in the naval sector are related to the long life cycle of systems, the lack of reference standards, reliance on network isolation and physical security, as well as a lack of awareness of aspects such as the convergence of IT and OT technologies, the weakness of current protection systems, the motivation of potential attackers or the existing risks.

It is increasingly common to see cyber-attacks in critical sectors, such as the maritime sector. Everyone remembers the cyberattack suffered in 2017 by the shipping company A.P. Moller Maersk, which forced the company to paralyze its operations for weeks and had an economic cost of between $250 million and $300 million.[1]

But this incident is not an isolated case. In 2018, the shipping company COSCO suffered an attack that affected its operations in the United States; in April 2020, the shipping company MSC saw its Geneva headquarters compromised; in September 2020 CMA CGM announced that a cyberattack had affected its peripheral servers; in 2021 the IT infrastructure of OMI was subject to a cyberattack and even in 2023, DNV, a ship certification company, suffered an attack that has affected 1,000 ships that depend on its technology[2].

What all these attacks had in common was that they were malware cyberattacks, and in all cases through ransomware. The shipping industry is one of the sectors most affected by cyberattacks, either as a direct target or as a possible collateral damage.

Cybersecurity strategy

At a global level, common strategies should be defined that outline guidelines to identify vulnerabilities, weaknesses and opportunities for improvement in all areas. The purpose of these standards would be to ensure that cyber assets are adequately protected, in such a way as to guarantee their reliability in the face of possible attacks or simply security incidents in the field of cybersecurity.

For the development of a standard, it must be taken into account that the industrial sector is very heterogeneous, so there are no general solutions. In addition, the pace at which changes in the industrial sector are assimilated must be taken into account in order to avoid setting unrealistic horizons.

The growing concern for cybersecurity in the shipping sector is causing international public and private organizations to promote the creation of standards in this area. Thus, the IMO (International Maritime Organization), the United Nations specialized agency responsible for setting standards for safety, security and environmental performance in international shipping, creates the circular MSC FAL 1-Cir.3 and recommendation MSC.428.  

The MSC Circular MSC FAL1-Cir.3 provides high-level guidance on cybersecurity risk management recommendations. This circular describes an initial list of systems to be reviewed, sets out a method for analyzing them and provides a list of best practice guides and standards relating to information security, such as ISO/IEC 27001 or the NIST framework 1.0.

IMO recommendation MSC.438 ratifies that ships must include in their ISM (International Safety Management) manual a cyber-attack resilience plan, and encourages the authorities of each country to review its implementation in the next revision as of January 1, 2021.

Following this, new standards are emerging, such as the Code of Practice Cyber Security for Ships[3] developed by the UK Department for Transport or the cybersecurity certifications developed by companies such as DNV (Cyber Secure class notation – DNV-GL)[4] or Lloyd’s (ShipRight procedures) [5] . The latter certifications are based on international reference frameworks of recognized prestige, such as the IEC-62443 standard, which addresses cybersecurity in industrial automation and control systems.

Given the variety of cybersecurity standards that have emerged, the International Association of Classification Societies (IACS), a non-governmental, technical-based organization comprised of eleven marine classification societies covering more than 90% of the world’s cargo ships, has adopted two new unified requirements (URs) on cyber resilience of ships:

• UR E26 aims to ensure the secure integration of operational technology (OT) and information technology (IT) equipment into the ship’s network during the design, construction, commissioning and operational life of the ship. This UR addresses the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response and recovery. [6]

• UR E27 aims to ensure that the integrity of the system is assured and reinforced by third party equipment providers. This UR establishes requirements for the cyber resilience of shipboard systems and equipment, and provides additional requirements relating to the interface between users and shipboard computer systems, as well as design and product development requirements for new devices prior to their deployment on board ships. It should be noted that the requirements established by this UR are based on the requirements of Part 3-3 of the IEC 62443-3-3 standard (System security requirements and security levels). [7]

Entry into force

These URs will apply to new ships contracted for construction as of January 1, 2024.

The entry into force of these new requirements will imply a greater effort for operators, shipowners, shipyards and suppliers, since cybersecurity will have to be incorporated into the design, construction and operation of ships.

Incorporating cybersecurity in the early design phases of a ship will be critical, as it will allow for better ship protection results, and will significantly reduce costs as it will be easier to implement cybersecurity-related measures.

Cybersecurity in the naval sector has gone from being an added value to a market requirement.

References

[1] https://www.diariodelpuerto.com/es/15404881030567640

[2] https://www.dnv.com/news/cyber-attack-on-shipmanager-servers-update-237931

[3] Code of Practice Cyber Security for Ships – Department of Transport of United Kingdom https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/642598/cyber-security-code-of-practice-for-ships.pdf

[4] Cyber Secure class notation – DNV-GL https://www.dnvgl.com/services/cyber-secure-class-notation-124600

[5] ShipRight procedures – https://www.lr.org/en/shipright-procedures/#accordion-digitalships

[6] UR E26 – https://iacs.org.uk/download/14104

[7] UR E27 – https://iacs.org.uk/download/14105

La entrada New cybersecurity requirements in shipbuilding: implications in the engineering process and designs of new vessels aparece primero en Security Art Work.

If you still don’t know ChatGPT, you should know that it is a tool developed by OpenAI specialised in dialogue. It is a chatbot. In other words, you enter a text input and ChatGPT generates a coherent text that responds to what you have written.

Well, ChatGPT can also be used in health. But what do we mean by “in health”? “In health” means that it can be applied in any area that affects people’s wellbeing, whether it is to develop new software to improve the health management of a hospital or to ask questions about our welfare from home.

Several projects have been developed using AI with focus on health. Some of them implement the same ChatGPT models and others are based on proprietary technology, all of them taking into account the communication with the patient.

Triage of AI patients

Triage is a process that sorts and classifies patients according to type of urgency, which is essential when demand and clinical needs exceed resources. There are several projects where AI is used for efficient triage in health centres and hospitals.

One such example is the React Project at the Hospital Universitario Virgen del Rocío, where an advanced optimisation algorithm and hospital information systems take into account factors such as frequentation, variability, distribution of hours and severity levels. In this way, resources, work shifts and waiting time management are organised.

Another example is the company Mediktor, founded in Barcelona in 2011. The company has developed a triage and pre-diagnosis tool using artificial intelligence that is being implemented in more and more healthcare systems such as insurance companies and hospitals, among others.

Predicting dementia and Alzheimer’s with GPT-3

Another example of ia implementation in this field is the study conducted by researchers at Drexel University where they demonstrated that OpenAI’s GPT-3 programme can identify spontaneous speech cues with 80% accuracy in predicting the early stages of dementia and Alzheimer’s disease. This study demonstrates that there is great potential to develop artificial intelligence-driven tools for early diagnosis of dementia and to provide personalised interventions tailored directly to individual needs.

Clinical plan generation

The latest project presented is Glass AI, a tool under development for the glass platform that uses AI to produce a diagnosis or clinical plan from a text input about a patient’s clinical problem. This tool is not intended for the general public but for doctors and healthcare staff trained to interpret the output as it may be incomplete, incorrect or biased. It would therefore be a very useful support tool for qualified clinical staff.

ChatGPT in our lives

The reality is that ChatGPT is already part of our lives almost as an indispensable tool. So how can it help us today to make health decisions in our day-to-day lives? Because ChatGPT uses deep learning to interact with patients and provide them with personalised health information, we can ask questions about our wellbeing or even symptoms we are suffering from.

This technology has great potential to improve the efficiency and quality of healthcare. We have made some examples to show how ChatGPT can inform us about what to do in certain situations. The advantages of ChatGPT are the speed of response and the fact that it is not necessary to travel to a health centre to get an answer. A great help for the health system to decongest its services and to be able to offer good clinical care.

In the first case, we tell them that we have burnt our hand on the oven tray and whether we need to go to hospital. And one of the first things ChatGPT tells us is to assess the burn, i.e. whether it is minor or severe. If it is severe, it advises us to seek medical attention as soon as possible. However, if it is minor, it gives us several tips on how to reduce the pain and heal the burn correctly. In addition, ChatGPT always emphasises that the figure of the health worker is the one who can give you the best advice.

In this second case, we tell him that the results of a blood test have shown high cholesterol and we ask him how we can reduce it. ChatGPT offers general measures to control cholesterol and information on the right diet and exercise to maintain good health, but again emphasising the role of the doctor.

These examples demonstrate how ChatGPT can be used to provide personalised, accurate and detailed information to patients on health and disease issues, which can improve patient understanding and ultimately improve the quality and efficiency of healthcare, avoiding the overcrowding of healthcare facilities.

ChatGPT in healthcare cybersecurity

Another of the multiple applications that ChatGPT can have is in the field of cybersecurity. In this article, we are going to focus on cybersecurity applied to the healthcare sector.

Let’s say, for example, that an organisation with a PACS (Picture Archiving and Communication System) does not have any security measures in place, but wants to start protecting its information. As the company does not yet have any knowledge of cybersecurity in this area, you could start by asking ChatGPT what you should do to protect a PACS. The answer generated by the tool provides general recommendations on how to secure it.

In our case we use Orthanc, an open source tool. As we want more specific measures, we asked him to be more specific with our software and how to protect it.

ChatGPT answers us in a general way again, but we are looking for more concrete guidelines. So we ask again.

One of the measures that catches our attention is to limit remote access. We go deeper into how to do this by asking ChatGPT the procedure for this. And he answers us how to limit the access of the different modalities (medical imaging machines).

We check that these are indeed the right steps, by putting them into practice in our Orthanc. To do this, we follow the instructions provided by ChatGPT, by first opening the configuration file “orthanc.json” and going to the “DicomModalities” section. So we go for that file when we realise the first obstacle. We don’t know where this file is located, so we ask ChatGPT.

In our case we use Linux, so we looked to see if it is indeed in the path “/etc/orthanc/orthanc.json”. And, yes, it is!

Before modifying the file, we check if a ultrasound (US, Ultrasound) medical image we have is sent correctly. The way to check this is that no error is displayed.

Now we are going to edit the file and restart the Orthanc service, as previously indicated by ChatGPT. We add the fragment mentioned in point 3, allowing only the sending of CT and MRI images, so the image we sent previously should not be accepted.

Next, we launch the same command as before with the ultrasound scan and we see that this connection is rejected. This limits the remote connection to only the modalities that we want, in this case CT and MRI scans.

On the other hand, you can ask what other actions can be performed to limit access via the “orthanc.json” file. It will list several of the entries that can be modified and what each of them is for.

It should be considered that ChatGPT instructions are not always correct and may contain bugs or be subject to old versions and changed procedures, but it is still a very fast help tool. It is also important to be aware of the data that is sent to ChatGPT and to ensure that it is not sensitive or confidential information.

CHATGPT CONTROVERSY

We have seen the applications of ChatGPT in health and the advantages it offers. But it is normal to doubt whether these technologies will replace people in the future. A recent news item claims that ChatGPT’s answers to medical questions are more accurate than those of doctors, but to what extent is this true or will it continue to be true? We should not forget that ChatGPT is still a learning model, i.e. it has learned to tell what the correct answers are and has more knowledge capacity than a person. Moreover, currently, the information collected by ChatGPT is up to date until September 2021, so this information may become obsolete over time if it is not updated. However, and most important, ChatGPT is not human. The model lacks ethical guidance and clinical judgement. It lacks empathy, and people often prefer human contact when dealing with their problems.

For these reasons, ChatGPT is a very useful tool but it should be used as a support tool and not as a replacement. In other words, a tool that helps healthcare staff to manage repetitive tasks or to make a first approximation in the absence of a professional review.

CONCLUSION

In conclusion, ChatGPT is a promising technology that has the potential to significantly improve the efficiency and quality of healthcare, especially in health promotion and disease prevention, as well as health education. As the technology continues to evolve, we are likely to see further integration of ChatGPT in this field in the future, but always as a support tool and not as a replacement for our healthcare professionals.

REFERENCES

• https://www.rocheplus.es/innovacion/investigacion-ciencia/ChatGPT.html
• https://journals.plos.org/digitalhealth/article?id=10.1371/journal.pdig.0000168
• https://www.mediktor.com/es
• https://www.clinicbarcelona.org/noticias/el-hospital-clinic-firma-un-acuerdo-con-mediktor-para-validar-su-aplicacion-que-permite-desarrollar-un-triaje-mas-eficiente
• https://gpt3demo.com/apps/glass-ai-health
• HealthITAnalytics: “Adventist Health Leverages AI-Powered Chatbot for Diabetes Care”: https://healthitanalytics.com/news/adventist-health-leverages-ai-powered-chatbot-for-diabetes-care
• https://www.mdpi.com/2227-9032/11/6/887
• https://www.insider.com/chatgpt-passes-medical-exam-diagnoses-rare-condition-2023-4

La entrada Application of ChatGPT in healthcare aparece primero en Security Art Work.

We, as workers in consulting firms and specifically in the GRC area, analyze the repercussion and impact that the arrival of AI may have in our professional field.

Will AI put an end to our jobs? This is a question that after the media boom that the irruption of ChatGPT has meant in our lives we ask ourselves without being able to avoid it, therefore, I have proposed to carry out an analysis to understand if AI could replace the work we develop at our clients, so below I allow myself to add my point of view on different aspects and/or reasons why, in my opinion, I understand that it is unlikely that AI can replace or at least take over the work developed in the GRC areas of technology consultancies:

Regulatory complexity

Regulations and laws related to risk management and compliance can become extremely complex. AI can help in automating certain tasks related to the work performed by GRC areas, but interpreting regulations and making decisions in complex situations often requires human judgment and expert knowledge of the business context and sometimes even human, and no less important budgetary and financial aspects. Consulting firms play a crucial role in providing expert guidance on how to comply with regulations and adapt to regulatory changes based on clients’ needs.

An example of this complexity can be transferred to the execution of a project based on the ISO 27001 standard. This standard requires organizations to perform a risk assessment to identify and evaluate the risks faced by information within the organization. This assessment must take into account the information assets, threats to the assets, existing vulnerabilities and the potential impact in the event of a security breach. Once the risk assessment is done, the organization must select the appropriate security controls to mitigate the identified risks and this is where AI cannot come in due to the complexity that arises because risk assessment and control selection are not standard, predefined processes. Each organization has its own specific characteristics, information assets, threats and vulnerabilities. This implies that risk assessment and control selection must be tailored to the particular needs and contexts of each organization, such as the technology budget that the company can or wants to assume.

In this scenario, experienced ISO 27001 consultants play a key role in providing expert advice, guiding the risk assessment process and providing recommendations on the most appropriate security controls to ensure compliance with the standard and protect the organization’s information.

Business and cultural context

It is not just about regulatory compliance, but also about understanding the business and cultural context in which an organization operates. This involves considering industry-specific factors, a company’s internal policies, best practices and the specific risks it faces. AI can help with data analysis and provide valuable insights, but fully understanding the business context and making strategic decisions requires human expertise and knowledge.

For example, consider a company in the financial sector that is subject to specific regulations to prevent money laundering. While AI can help in detecting suspicious transactions or unusual patterns, understanding the company’s specific risk profile, business model, industry specifics and best practices requires expert knowledge and a holistic assessment that goes beyond automated analyses. Consulting firms can offer a combination of industry expertise, regulatory knowledge, but most importantly an understanding of the business environment to help organizations develop customized risk management and compliance strategies.

Confidentiality and ethics

Working in an information security consulting firm and specifically in the GRC area involves working with confidential and sensitive information such as financial data, personal information and trade secrets. Consulting firms are committed to safeguarding confidentiality and applying ethical practices in the handling of client data. Confidentiality and ethics are paramount in these areas, and consulting firms have protocols and security measures in place to protect their clients’ information. While AI can be useful in certain automatable tasks, it is important to ensure that ethical and security standards are met when using this information in GRC-related projects.

For example, in the field of cybersecurity, a consulting firm can help an organization to assess its vulnerabilities and strengths, but also to design information security policies and implement appropriate protection measures. The application of AI in this context should be able to meet rigorous ethical and security standards to prevent the leakage or misuse of confidential information, a circumstance that does not occur today.

Interpersonal relationships, communication and innovative thinking

Working in consulting and specifically in a GRC area involves interactions with various stakeholders, such as regulators, customers, suppliers and employees. Effective communication and relationship management are crucial in these interactions. Effective communication, negotiation and conflict resolution are critical skills, and while AI has advanced in natural language processing and can assist in some interactions, it still faces challenges in fully understanding the context and subtext in human communication, and in this regard, it will be many years before AI reaches a “consciousness” that can take on these skills. Consulting firms and their employees do bring those interpersonal skills and relationship management experience to provide a more complete and above all practical approach in these situations.

Although AI may be able to generate predictable results and follow established patterns, creativity and innovative thinking are distinctly human attributes. The ability to solve complex problems, find out-of-the-box solutions, and generate new and original ideas are skills that have yet to be fully replicated in machines. These skills are fundamental to driving innovation and progress in all areas of society.

For example, in a situation where an organization is facing a regulatory investigation, the consultant can provide advice on how to respond, interact with regulators and address the issues identified. While AI can automate certain aspects of communication, such as analyzing language in emails or legal documents, it is not yet capable of fully understanding the context, subtext and emotions involved in human interactions. This is where the interpersonal skills and experience of consultants are invaluable in helping organizations navigate complex and sensitive situations.

That said, while AI can be a valuable tool in the GRC field, there are limitations to its ability to completely replace the GRC areas of consultancies. The complexity of regulations, the need to understand the business context, the confidentiality of information and the interpersonal skills required make consultancies, in my opinion, indispensable to provide specialized advice, tailored to the specific needs of organizations.

Human judgment, context interpretation, ethics, creativity, interpersonal skills and empathy are aspects that consultants (human beings after all) contribute and that I believe cannot be replaced by AI.

In conclusion, and without wanting to demonize AI, I understand that the combination of human intelligence and AI can lead to more complete and balanced results in various fields and specifically in GRC, so that an approach focused on the needs of the client can be encouraged, therefore, neither GRC can ignore that AI is already here, nor has AI arrived to replace the areas of Governance, Risk and Compliance.

La entrada AI vs. GRC: How AI can affect GRC areas of technology consultancies aparece primero en Security Art Work.

Cyber security is an important issue today. As the number of devices connected to the Internet continues to grow and more and more personal and business information is stored online, cyber security has become a major concern for businesses, governments and citizens.

Related to this, the emergence of quantum computing, with its ability to solve problems previously thought impossible with conventional systems, poses a major challenge for today’s computer security. This article examines its fundamentals and how it relates to quantum computing, as well as the potential threats and solutions being considered to meet these new challenges.

Quantum Computing: Fundamentals

Before discussing the implications of quantum computing for cybersecurity, it is important to understand how it works physically. Quantum computing is a different approach to traditional computing because it works thanks to the principles of quantum mechanics. Quantum mechanics is the theory that explains the behavior of elementary particles and how they interact with each other. It is based on the principle of quantum superposition, which states that quantum particles (such as electrons and photons) can be in several states at the same time. Instead of using bits to represent information, quantum computers use qubits that can be in multiple states at the same time.

For example, a qubit can be in a zero state or a one state, or a superposition of both states at the same time. If it has two qubits, it can have four possible states at the same time. The more qubits a quantum computer has, the more states it can process simultaneously. The superposition of qubits gives quantum computers computational power, because instead of processing information sequentially like classical computers, they can process multiple states simultaneously. This provides important advantages when solving complex problems such as factoring large numbers.

Implications of Quantum Computing for IT Security

The advent of quantum computing poses great challenges to computer security as we know it today. Many of the algorithms currently used in information security and cryptography are based on the difficulty of solving complex mathematical problems, such as factoring large numbers. This is exactly the type of problem that quantum computers can solve more efficiently.

For example, Shor’s algorithm, developed by mathematician Peter Shor in 1994, can quickly decompose large numbers into their prime factors, which would allow a quantum computer to break RSA cryptography, an encryption algorithm used in many security systems, including in financial and government services.

In addition, quantum computers could also be used to break other encryption systems, such as public key algorithms based on elliptic curve cryptography and lattice cryptography. This could allow attackers to access sensitive information, such as passwords, banking information, and other personal and business data.

In short, the advent of quantum computing could make many current computer security systems obsolete, meaning that new and more advanced solutions will be needed to protect information in the future.

Solutions for IT Security in the Quantum Era

In view of the threat posed by quantum computing to computer security, some solutions are proposed to meet these new challenges. Some of the most interesting ones are described below:

A. Quantum cryptography

One of the most promising solutions for computer security in the quantum era is quantum cryptography, which uses the principles of quantum mechanics to ensure information security. In quantum cryptography, qubits are used to encode information in a quantum state, such as the polarization of a photon. Due to the Heisenberg uncertainty principle, any attempt to measure the quantum state alters the original quantum state, which implies that any attempt to eavesdrop on the information will leave a trace and be detected. This makes quantum cryptography immune to data interception, making it ideal for the transmission of highly confidential information.

Quantum cryptography can also be used for key distribution. In public key cryptography, an algorithm is used to generate public and private keys. The public key is used to encrypt the information, while the private key is used to decrypt it. Traditional public key cryptographic algorithms are vulnerable to quantum computers while cryptography uses a key distribution process that is theoretically completely secure.

In this process, polarized photons are sent through an insecure channel; the receiver uses a filter to measure the polarization of the photons and generates a secret key based on the results, so any attempt to eavesdrop on the information will leave a trace and be detected. The secret key is then used to encrypt and decrypt the information using symmetric encryption.

However, quantum cryptography is an expensive and complex solution, as it requires highly specialized infrastructures and the use of specific hardware. Therefore, its implementation in everyday life is still far from being a reality.

B. Development of new encryption algorithms

Another solution is the development of new encryption algorithms that are resistant to quantum computing. Scientists are working on new encryption algorithms that do not rely on factoring large numbers or other problems that can be easily solved by quantum computing.

Some of these new encryption algorithms are based on post-quantum cryptography, which is studied to be resistant to quantum attacks. These algorithms are being actively investigated and may be a viable long-term solution for computer security in the quantum era.

C. Quantum intrusion detection

Another new security method is quantum intrusion detection, which uses the principles of quantum physics to detect intrusions into a system. This is based on the idea that any attempt to eavesdrop on a quantum system will leave a trace and be detected.

In quantum intrusion detection, a quantum system is used to represent the state of an information system. Any attempt to eavesdrop or modify the system will leave a trace and be detected and would allow early detection of intrusions and rapid response to threats.

Conclusion

Quantum computing represents a new era in technology that has the potential to revolutionize the way we process and manage information. However, it also represents a major challenge for IT security, as many of today’s encryption and security systems could be vulnerable to quantum attacks.

It is important that IT security experts are prepared to face this threat and develop new and more advanced solutions to protect information in the future. However, this is not only the responsibility of experts, but of all technology users. We must all be aware of the importance of information security and collaborate together to ensure adequate protection in the quantum era and beyond.

La entrada Cybersecurity in the quantum computing era aparece primero en Security Art Work.

Below is the report for the quarter, which includes the main trends of the period, along with analysis of the most sophisticated threats and the most important geopolitical events.

The intelligence gathering and analysis carried out by the Lab52 cyberintelligence team has led to a series of conclusions and generated intelligence for S2 Grupo’s security services.

La entrada Cyber Threat Intelligence Report – Trends Q4 2022 aparece primero en Security Art Work.

Some people may be wondering what the metaverse is, or even that it goes unnoticed in their daily lives.

Avoiding technicalities, and in order to provide a simple explanation, we can say that the purpose of the metaverse is “the creation of an immersive digital world“.

That is, a world through which users, using convergent technology such as virtual reality glasses, haptic garments, etc. can perform the same activities they do in real life (going to the movies, meeting friends, studying, working, shopping, …) and that, in turn, what happens in this digital world has repercussions in their lives. For example, it could be the case of making a purchase of a product through this digital world and it arrives at your home as if you had ordered it “in the real world”.

Although the metaverse seems somewhat novel, it is a term that appeared in the 1992 play Snow Crash, where people could interact in a virtual world through avatars. This concept was also seen years later in the video game Second Life or, more recently, in the Decentreland platform where you can even buy virtual plots of land as if it were a reality.

However, although we are seeing great advances through virtual reality, we still cannot definitively state that we are facing an alternative digital world, although all this is yet to come and will affect us to a greater or lesser extent, just as the Internet or social networks did, for example.

Once we know at a high level the purpose of the metaverse, we can foresee that its use and application will bring with it numerous changes, both social and legal, and among others, the continuous creation of data will be a challenge to be addressed.

Therefore, based on the premise that the metaverse will generate an enormous amount of data, we must ask ourselves whether the General Data Protection Regulation (GDPR) will cover such an extensive model derived from the generation of data in a technological environment such as the one in question.

On the other hand, we must emphasize that the digital world of the metaverse is based on an intelligent infrastructure composed, among others, of structural, dynamic, ghost and orphan data, which are processed through Artificial Intelligence systems and associated with specific and individual users. But what do we mean by this type of data?

First, structural data is the set of data that contributes to the basic functioning of the metaverse. Within this set of data, we could differentiate between functional structural data, which does not contain personal data, and conformal structural data, which is used to provide personalized experiences and offers to the user, and therefore draws on the user’s personal data.

However, the most privacy-relevant data are ghost data and orphan data.

Ghost data is a kind of what we know as metadata. That is, data, for example, associated with social media posts and linked to the content generated by the user himself.

While metadata is transparent to the user, ghost data is characterized, as its name suggests, by not being visible and by displaying information that is unique, exclusive and complementary to the information contained in the main file. On this type of data, the author of the content has no control or ability to exercise the rights currently held by those interested in personal data protection.

Last but not least, we highlight orphan data, which will become relevant in the light of the development of this new technological paradigm called metaverse. These data are those found in cache memory systems and subsystems and will make it possible to temporarily unify all segregated information and identify all the preferences of a user, which poses a potential risk to the privacy of the interested party.

In summary, we could highlight that the technologies needed to intrude into a metaverse will capture a multitude of data, for example particularly sensitive data such as biometric data, the processing of which is already included in the GDPR.

But not only will this type of data be processed, but users will generate a high volume of data that can be used for different purposes, in which case, how will consent for the processing of such data be managed? Especially when such data is necessary for the metaverse to function properly, as is the case with technical cookies. In other words, in these cases, consent would be undermined and users would face the risk, as would the companies involved in this world, of collecting data without the user having control over it, although this does not exempt them from ensuring compliance with personal data protection right from the design and by default.

Therefore, based on the above, it would not be superfluous to review the concept of data and differentiate or particularize the existing types of data, in order to be in line with the current situation and ensure respect for data privacy with a user-centered approach.

La entrada Does the metaverse put personal data protection regulations in check? aparece primero en Security Art Work.

The use of Amazon Simple Storage Service S3 is becoming more and more widespread, being used in a multitude of use cases: sensitive data repositories, security log storage, integration with backup tools…, so we must pay special attention to the way we configure our buckets and how we expose them to the Internet.

In this post we will talk about 10 good security practices that will allow us to manage our S3 buckets correctly.

Let’s get started.

1 – Block public access to S3 buckets across the organization

By default, the buckets are private and can only be used by the users of our account, provided that they have set the correct permissions.

Additionally, the buckets have an “S3 Block Public Access” option that prevents the buckets from being considered public. This option can be enabled or disabled for each bucket in your AWS Account. To prevent a user from deactivating this option, we can create an SCP policy in our organization so that no AWS Account member of the organization can do so.

2 – Verify that no wildcards are used in the allow policy principals

All security policies must be governed by the principle of least privilege. To do this, we will avoid the use of wildcards “*” when setting permissions, and every time we want to set a permission to a bucket, we will specify which “principal” should access that resource. It can be a range of IP addresses, an AWS Account, a VPC… but a wildcardwill never be used.

3 – Verify that no wildcards are used in the allow policy actions

Following the principle of least privilege we will check that the allow policies are correctly described with the actions that the identity to which we grant access must execute. For example, we will use S3:GetObject or S3:PutObject but avoid using S3:* where all actions are allowed.

4 – Enable GuardDuty to detect suspicious activity in S3 buckets

The GuardDuty service monitors our buckets in real time for possible security incidents. It allows us to detect requests from unusual sources, strange patterns of API calls trying to discover misconfigured buckets…

GuardDuty generates alerts to notify the security team and thus automate a solution to security incidents.

5 – Use Amazon Macie to detect sensitive content

Macie uses artificial intelligence to detect sensitive content among our buckets. By activating Macie at the organization level, we can obtain a centralized console where we can evaluate our data and be alerted in case it is public, not encrypted or shared outside our organization.

6 – Encrypt your data

It is vitally important that our data is encrypted at rest. Amazon S3 provides four methods to encrypt our data:

• SSE-S3 makes use of cryptographic keys managed by Amazon.
• SSE-KMS uses the KMS service to encrypt/decrypt our data, which allows us to set permissions on who can use the encryption keys, log every action performed and use our own keys or those of Amazon.
• SSE-C, with which we must store and manage our own keys.
• Finally, we can use client-side encryption to encrypt and decrypt our data ourselves before uploading or downloading it to S3.

7- Protect your data from accidental deletion

Amazon provides 99.99999999999% durability of our objects in case of standard storage, which is stored in at least 3 different availability zones.

This does not prevent an accidental deletion from causing your data to disappear, and we have different options to prevent this:

• Object versioning: allows us to add a deletion mark but not to permanently delete or overwrite the object. It will allow us to quickly recover each previous version of the object.
• MFA delete requires adding a second authentication method in case of final deletion of a version.
• S3 Object lock activates the WORM (write-once-read-many) model, so that the object will be write-protected, making it impossible to delete or overwrite it.

8 – Enable S3 Access Logs

AWS S3 integrates with Cloudtrail. Every S3 API call can be logged and integrated with CloudWatch for future analysis. Cloudtrail can be enabled globally for the entire organization, so it is recommended that our critical buckets have this integration enabled.

9 – Make a backup of your S3 data

Keep at least one backup of your critical data in more than one destination.

AWS provides Cross Region Replication CRR functionality where we can completely replicate a bucket to another region. In case of deletion of an object in the source bucket, we will keep the object in the destination bucket.

10 – Monitor S3 using Security Hub

Security Hub provides us with a global console where we can view the status of our AWS accounts.

We can upload a set of compliance rules to help us ensure that our resources comply with a set of configurations based on best practices. The S3 service benefits from them by allowing us to evaluate whether our buckets have active deny public access, encryption at rest, encryption in transit…

Conclusions

As we have seen, with these tips we can build a robust security strategy in our buckets, keeping the information protected and controlled against unauthorized access, encrypting our data, logging every activity that takes place in them and having a backup in case of disasters.

AWS provides us with a large number of possibilities and tools to help us do this, so we must know all the possibilities they provide us with and how to configure them correctly.

La entrada 10 tips for securing data hosted on Amazon S3 aparece primero en Security Art Work.

Data breaches are one of the main cybersecurity issues in the healthcare sector. Figure 1 shows how the amount of health record data leakage has been increasing, highlighting a large change between 2018 and 2019, a date coinciding with the start of the COVID-19 pandemic.

And how can blockchain help decrease the number of data breaches? Although the blockchain is known for the famous Bitcoin and its use in the cryptocurrency arena, it is evolving for use in different systems, such as healthcare. In this article I am not going to focus on how this technology works, but how it would be applied in healthcare.

Why blockchain in healthcare?

Blockchain offers several features that have caught the attention of the healthcare sector. Blockchain technology is expected to improve the management of medical records, accelerate clinical and biomedical research, and advance the recording of biomedical and healthcare data. These expectations are based on the key aspects of blockchain technology, such as decentralized management, immutable audit trail, data origin, robustness, and improved security and privacy.

Application of blockchain in healthcare

The use of blockchain technology would impact many aspects. One of them is healthcare data management. Healthcare data management, which includes storage, access control and data exchange, is a very important concern in the sector. This is a difficult task due to its sensitive nature and the resulting trust issues. However, proper management of healthcare data improves healthcare outcomes by enabling a holistic view of patients, personalized treatments and effective communication.

The healthcare system is a disconnected system and is to blame for several inefficiencies in healthcare, apart from being a major obstacle to research. Healthcare professionals often do not have access to complete patient data, hindering subsequent diagnostic and treatment steps; and researchers struggle to find the desired data for their studies, slowing down healthcare research.

Blockchain can enable the efficient exchange of healthcare data, while ensuring data integrity and protecting patient privacy. A secure, efficient, cost-effective and interoperable Health Information Exchange (HIE) is often built with its proper use in conjunction with other technologies. In addition, blockchain adoption can drive the movement to a patient-centric healthcare model where patients control their health data.

Limitations of blockchain in healthcare

Like any new technology this one has its own limitations and challenges. The challenges are transparency and confidentiality, as everyone can see all the information in a blockchain network. To solve this and taking into account that the number of transactions in healthcare is huge, a revolution of blockchain technology is needed. Moreover, the threat of an attack is a theoretical but possible risk and a solution for this should be suggested.

Future of blockchain in healthcare

Blockchain technology is constantly improving and is not complete, with several potential challenges that need to be solved for its adoption in biomedical and healthcare applications. The applications of blockchain technology are numerous, especially in the medical industry. This technology is likely to take medical science to the next level in the future by reducing the costs of control, configuration and having a central data server.

In addition, the patient will have complete autonomy over his or her data and will decide with whom to share it. The successful implementation of blockchain technology in clinical healthcare would undoubtedly open up new avenues of research for the advancement of biomedicine. Moreover, on the other hand, in precision medicine applications, the acquisition, storage and secure and scalable sharing of this clinical data would help develop possible strategies for the diagnosis and treatment of diseases.

Finally, and despite the immense potential of blockchain technology and the great societal interest in it, its impact on healthcare is still taking shape. However, the field is evolving rapidly, so a significant positive impact of blockchain on medicine and healthcare is anticipated in the future.

References

• [1] A. S. Rajawat, P. Bedi, S. B. Goyal, R. N. Shaw, A. Ghosh, and S. Aggarwal, “AI and Blockchain for Healthcare Data Security in Smart Cities,” in AI and IoT for Smart City Applications, vol. 1002, V. Piuri, R. N. Shaw, A. Ghosh, and R. Islam, Eds. Singapore: Springer Nature Singapore, 2022, pp. 185-198. doi: 10.1007/978-981-16-7498-3_12.
• [2] A. Tandon, A. Dhir, A. K. M. M. N. Islam, and M. Mäntymäki, “Blockchain in healthcare: A systematic literature review, synthesizing framework and future research agenda,” Computers in Industry, vol. 122, p. 103290, Nov. 2020, doi: 10.1016/j.compind.2020.103290.
• [3] K. Ahmad, “Blockchain Technology and its Implementations in Medical and Healthcare Field,” International Journal of Engineering Research, vol. 9, no. 09, p. 6.
• [4] “Healthcare Data Breach Statistics,” HIPAA Journal. https://www.hipaajournal.com/healthcare-data-breach-statistics/ (accessed June 20, 2022).

La entrada Blockchain to secure healthcare environments aparece primero en Security Art Work.

In previous articles of this series (see part I and part II) we described the problem of detecting malicious domains and proposed a way to address this problem by combining various statistical and Machine Learning techniques and algorithms.

The set of variables from which these domains will be characterized for their subsequent analysis by the aforementioned Machine Learning algorithms was also described. In this last installment, the experiments carried out and the results obtained are described.

The tests have been carried out against a total of 78,661 domains extracted from the a priori legitimate traffic of an organization, from which 45 lexical features belonging to the categories described above have been calculated.

Parameters

Each of the algorithms discussed above was tuned using a single parameter:

• Isolation Forest algorithm has been adjusted by the value of the parameter “contamination”. This parameter indicates the maximum proportion of outliers in the data set; that is, the higher the value of this parameter, the more data will be detected as outliers.
• In the case of the One-class SVM algorithm, the adjustment parameter is “nu”, whose value can be between 0 and 1. This parameter indicates an upper limit of the fraction of training errors (maximum proportion of outliers expected in the data) and a lower limit of the fraction of support vectors (minimum proportion of points in the decision boundary). In this way, this parameter allows to adjust the trade-off between overfitting and generalization of the model.

The following 5 malicious domains related to phishing campaigns and malware downloading have been introduced in the dataset, together with all the other data. These are the examples used in this paper to determine the efficiency of ML algorithms in detecting malicious domains.

• ukraine-solidarity[.]com
• istgmxdejdnxuyla[.]ru
• correo-servico[.]com
• hayatevesigar-10gbnetkazan[.]com
• 5748666262l4[.]xyz

The tests have been performed with the following values for the parameters:

Results and detections

With the above parameters, the more than 78,000 domains studied are reduced to 359 by at least one of the two unsupervised models, without applying any weighting on them. Of the 5 malicious domains chosen to evaluate the reliability, 3 of them are detected, being:

As discussed above, with PCA, the principal components necessary to explain 95% of the variance are extracted. In this case, a total of 15 principal components are extracted, which are going to be the features that the ML algorithms are going to use to detect the anomalous domains.

Figure 5 shows the 2D representation of the first two components (PC1, PC2), where different groupings of data can be observed according to their lexical characteristics. In it, the domains that are considered legitimate are shown in green and those that are marked as anomalous are shown in red. The fact that a domain moves away from a group indicates that it contains characteristics different from those of that group. Thus, the more a domain deviates from the other domains in the dataset, the more likely it is to be detected as anomalous.

It should be noted that, although some of the domains classified as anomalous do not appear to depart from the rest in this two-dimensional representation, there are 13 additional dimensions that the algorithms take into account, therefore, in some of them these domains must be significantly separated from the rest.

To reduce the number of anomalous domains to review, the list of the 10000 most common Alexa domains is used. Of the initial 359 anomalous domains, 21 belong to this list, leaving a total of 338 anomalous domains.

Figure 6 shows the same representation, but highlighting with different colors the malicious domains added a posteriori in this database, both those detected as anomalous by the models and those not detected.

Conclusions

This series of articles shows an example of how to employ ML algorithms to detect anomalies, thus drastically reducing the amount of information to be reviewed by analysts and also contributing to the automation of the hunting and detection process.

The algorithms have greatly reduced the data pool (338/78,000 = 0.0043; i.e., the set of domains to be reviewed has been reduced by approximately 99.6%). The ML algorithms used in this example were able to identify 3 of the 5 malicious domains entered in the test database.

The malicious domains not detected as anomalous were ukraine-solidarity[.]com and correos-servico[.]com. If these domains are analyzed, it is clear that the probable cause for this is that the lexical characteristics of both are very similar to those of commonly legitimate domains.

Although they have not been described in this article for the sake of not being too long, multiple tests have been carried out with different values of the “Contamination” and “nu” parameters of the algorithms. The results of these tests showed that both algorithms are very sensitive to these parameters. In order to significantly reduce the amount of initial information to be manually reviewed by the analysts without losing classification accuracy, it is desirable to use low values for these parameters. However, this can lead to a large number of false negatives, failing to correctly detect a large number of malicious domains. The correct setting of these parameters has to be carried out carefully.

One possible way to deal with this problem may be the correlation of different detection methods, both traditional rule-based and those using AI or ML algorithms.

La entrada Hunting with Artificial Intelligence: Detection of malicious domains (III) aparece primero en Security Art Work.