A limited part of the HSE network was reproduced in an emulated environment and interfaced with a real medical device. The DRMP was used to scan the HSE network to detect topology and vulnerabilities as the data used by DRMP to reconstruct attack paths and compute the risks. Data on the user’s access to business-related applications was collected to compute attack paths related to human vulnerabilities ad resulting risks. DRMP was thus triggered to propose mitigation actions, which were implemented by PANACEA team members on the emulation environment.
DRMP supports security operators through mitigation actions aimed at reducing the current level of risk by minimising the impact on the business processes running over the ICT infrastructure. The tool automatically computes an estimation of the risk and, with proper configuration, can analyse the risks to the business and propose the most efficient mitigation actions with the best budget necessary to reduce it.
"Being easy to use is a key factor in its implementation in hospital environments. It has clear and obvious applications in preparing for and planning in the pre-attack phase. While it might not prevent the attack like the one we had on 14th May 2021, it would have detected the vulnerabilities and shown which mitigation measures should have been implemented. With such mitigation measures in place, the DRMP can be used in iterative mode for continuous improvements. Clearly, it cannot detect that an attack is in progress, but it was not designed for this purpose. It would also reduce the length of the recovery phase and help prioritise recovery much as it does in the vulnerability analysis. As the system is being re-built, it can be used as an iterative process to check that the re-build has not introduced new vulnerabilities." Project Manager for COVID-19 Planning at South South-West Hospital Group (SSWHG) of HSE