Zero Vulnerability Computing (ZVC):A new paradigm in enhancing
cybersecurity of medical devices
Acronym: ZVC4MD
Horizon Europe Call (21st April 202): Enhancing cybersecurity of connected medical devices
TOPIC ID: HORIZON-HLTH-2022-IND-13-01 (Total grant 20 Million, 6 Million / project)
| # | Participant organization (acronym) | Type | Country | Expertise |
|---|---|---|---|---|
| P01 | AUTH: Aristotle University Thessaloniki - Department of Informatics | UNI | Greece | Coordination / administration, medical faculty, hospital |
| P02 | Blockchain 5.0 O.Ü. (BC5) | SME | EE | Cybersecurity-by-design, software architecture, decentralization, PODs |
| P03 | University of Thessaly (UTH) Department of Informatics and Telecommunications |
UNI | EL | Pervasive computing, Pervasive data science, Distributed Systems, Edge intelligence, IoT and ML/DL |
| P04 | Eurecat Technology Centre (EUT) | RES | ES | Medical Devices, IoT, Data and process management, AI |
| P05 | Ethniko Kentro Erevnas Kai Technologikis Anaptyxis (CERTH) | RES | EL | AI-based cybersecurity, IoT middleware, Apps in Health, User acceptance/human factors in research |
| P06 | University of Piraeus Research Center, Dept of Informatics (UPRC) | UNI | EL | Security architectures, malware analysis, threat analysis, IoT security, applied crypto |
| P07 | SBA Research Gemeinnutzige GmbH (SBA) | RES | AT | Cybersecurity, Penetration Testing, Data privacy, Machine Learning (ML), ML Security & Privacy |
| P08 | Université de Lorrain, Laboratoire Lorrain Recherche en Informatique (UL) | UNI | FR | Architectural & Algorithmic integration of ML Tools, POD Management & Analytics |
| P09 | University of Murcia (UM) | SME | ES | IoT/IoMT, cybersecurity, intelligent systems |
| P10 | Autonio Foundation Ltd. (AFL) | NPO | UK | AI, ML/DL, IPFS, P2P networking |
| P11 | Institute of Electronics & Computer Science (EDI) | RES | LV | Wearables, ML/DL, IoT, embedded systems, signal processing, Custom HWWearables, ML/DL, IoT, embedded systems, signal processing, Custom HW |
| P12 | F6S Network Ireland Ltd (F6S) | SME | IR | Communication, exploitation & dissemination. |
| P13 | UTB: Universitatea Transilvania Din Brasov | UNI | ROMANIA | AI/ML encryption, HRV analysis |
| P14 | ISS: Innovation Sprint Sprl | SME | BELGIUM | eHealth, IoMT, MedTech acceleration |
| P15 | FPG: Fondazione Policlinico Gemelli | UNI | ITALY | Hospital, patient care, clinical trials, medical device |
Abstract
Of the €5.6 Trillion that cybercrime annually costs the global economy, medical devices are increasingly contributing a major chunk. This is essentially because fool-proof cybersecurity of personal data in a connected device is practically impossible. To advance patient care, medical devices are becoming increasingly connected and interoperable. Although interconnectivity may provide great benefits, connected devices also present considerable cybersecurity risks. Device vulnerabilities, whether exploited maliciously or triggered unintentionally, may not only affect device performance but also the availability and integrity of the device and its data. These effects also may result in patient and/or user harms, such as illness, injury, or death, and negatively affect hospital operations. Computer malware has the potential to jeopardize a patient's treatment and privacy. With the rise of cyber-threats and their financial impact on the healthcare industry, cybersecurity plays a key role in keeping the sensitive data safe. Thus, it is imperative that medical device stakeholders embrace their shared responsibility for medical device cybersecurity.
We are challenging the state of cybersecurity and disrupting the status quo with Zero Vulnerability Computing (ZVC), a technology that was recently tested and validated in a tiny minimalist IoT device under a H2020 grant. The ZVC architecture builds on two major components, the first is Supra OS (SOS) that denies all 3rd party permissions and privileges to all non-native applications, and the second is In-Computer Offline Storage (ICOS) that creates in-computer offline storage (ICOS) within the connected device itself or its base station.
Medical devices, because of their focused use cases and limited need for 3rd party apps, are best suited for implementing ZVC design. The implementation of this ambitious goal will be supported through a well-defined & complementary consortium with strong background in cybersecurity that involves 6 participants from the EU-funded Cybersecurity Competence Network projects (CyberSec4Europe, CONCORDIA, SPARTA & ECHO) along with at least 4 medical device experts with living labs, and other participants with strong background in cryptography, IoT/IoMT hardware, AI, & Web 3.0. ZVC4MD will test & validate ZVC in at least 3 connected medical device use case scenarios.
