A Comparative Cybersecurity Study of Medical and Industrial Services

Abstract

The research was motivated by the heightened global uncertainty, particularly due to the war in Europe since February 2022. The escalating regulatory requirements and cyber security (CS) legislation underscore the growing importance of CS awareness and preparedness. The digital transformation, including the electrification of businesses and the integration of AI systems, has expanded cyber-attack surfaces, necessitating enhanced resilience, system robustness, and responsiveness from organizations. The study aims to capture a comprehensive picture of the cyber climate, including external forces, actors, and adversaries, while assessing current cybercrime impacts and operational risks. It involved a literature review to summarize and analyse medical and industrial utility standards within the CS domain, identifying areas of cyber risk. The research also explored AI regulations and guidance materials addressing CS threats, highlighting their benefits in anomaly detection. The analysis of business impacts from CS threats revealed the necessity for employing structural risk analysis models to ensure coherence and comprehensive coverage. Utilizing standard and reference models, the study employed UML in template system modelling and CS threat scenario analysis. Cyber-attack roasted scenarios emphasized the critical need for in-depth analysis of essential systems to pre-empt adversaries, illustrating the potential for severe impacts. A comprehensive CS strategy is identified as a national priority.

Keywords: AI Act, CER, CRA, GDPR, MITRE ATT&CK, NIS2, NIST, OT, STRIDE