Design science research towards resilient cyber-physical eHealth systems

Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur.

[1]  Babak Akhgar,et al.  Combatting Cybercrime and Cyberterrorism: Challenges, Trends and Priorities , 2016 .

[2]  Anselm L. Strauss,et al.  Basics of qualitative research : techniques and procedures for developing grounded theory , 1998 .

[3]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .

[4]  Matti Tedre,et al.  Science of the Artificial , 2014 .

[5]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[6]  José Luiz Fiadeiro,et al.  Designing for software's social complexity , 2007, Computer.

[7]  S. Chatterjee,et al.  Design Science Research in Information Systems , 2010 .

[8]  Alexander Kott,et al.  Resiliency and Robustness of Complex Systems and Networks , 2014, Adaptive, Dynamic, and Resilient Systems.

[9]  N. Hoffart Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory , 2000 .

[10]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[11]  Martti Lehto,et al.  Cyber Security: Analytics, Technology and Automation , 2015 .

[12]  Security and Resilience in eHealth Security Challenges and Risks , 2015 .

[13]  C. Robson,et al.  Real World Research: A Resource for Social Scientists and Practitioner-Researchers , 1993 .

[14]  Jyri Rajamäki Towards a Design Theory for Resilient (Sociotechnical, Cyber-Physical, Software-intensive and Systems of) Systems , 2016 .

[15]  Alan R. Hevner,et al.  Design Research in Information Systems: Theory and Practice , 2010 .

[16]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[17]  J. Rajamäki,et al.  Cyber Security and Trust Tools for Multi-agency Cooperation between Public Authorities , 2015 .

[18]  Rauno Pirinen,et al.  Critical Infrastructure Protection: Towards a Design Theory for Resilient Software-Intensive Systems , 2015, 2015 European Intelligence and Security Informatics Conference.

[19]  C. Webb The Action Research Dissertation. A Guide for Students and Faculty , 2007 .

[20]  Jyri Rajamäki Cyber Security, Trust-Building, and Trust-Management: As Tools for Multi-agency Cooperation Within the Functions Vital to Society , 2017 .

[21]  Tuija Kuusisto,et al.  Cyber World as a Social System , 2015 .

[22]  Darren D. Medlin Information Age Transformation: Getting to a 21st Century Military , 2008 .

[23]  Fabio Roli,et al.  2020 Cybercrime Economic Costs: No Measure No Solution , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[24]  I. Linkov,et al.  Changing the resilience paradigm , 2014 .

[25]  M. Zoback,et al.  Disaster Resilience: A National Imperative , 2013 .

[26]  Leonie Ruth Simpson,et al.  Security and Privacy in eHealth: Is it possible? , 2013, 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).

[27]  J. M. McConnell,et al.  National Training Standard for Information Systems Security (INFOSEC) Professionals , 1994 .