Abstract
The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
This is, for example, what regulations impose in Italy.
As this is a very complex topic, involving several issues, including geopolitical and strategical doctrines, we will not deal with it in detail.
Such as implemented in Italy, for example.
Such as implemented in London Tube, for example.
With a special relevance assumed by the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
No scientific reference is provided, as we write a few days after, but press documented the events, for example inhttps://eu.usatoday.com/story/news/politics/2020/12/18/russian-cyber-attack-worst-may-yet-come-solarwinds-hacking/3956223001/ .
The circular letter may be found (in Italian) on Ministero della Salute web portal,http://www.salute.gov.it/portale/nuovocoronavirus/dettaglioNotizieNuovoCoronavirus.jsp?lingua=italiano&id=5117 .
For other applications of CPN to these topics, see for example [4].
References
Ahmed N, Michelin RA, Xue W, Ruj S, Malaney R, Kanhere SS, Seneviratne A, Hu W, Janicke H, Jha SK (2020) A survey of covid-19 contact tracing apps. IEEE Access 8:134577–134601
Alaba FA, Othman M, Hashem IAT, Alotaibi F (2017) Internet of things security: a survey. J Netw Comput Appl 88:10–28
Bobbio A, Cerotti D, Gribaudo M, Iacono M, Manini D (2016) Markovian Agent Models: A Dynamic Population of Interdependent Markovian Agents. Springer International Publishing, Cham, pp 185–203
Chang E, Moselle KA, Richardson A (2020) Covidsimvl –transmission trees, superspreaders and contact tracing in agent based models of covid-19. https://www.medrxiv.org/content/10.1101/2020.12.21.20248673v1
Cho H, Ippolito D, Yu YW (2020) Contact tracing mobile apps for covid-19: privacy considerations and related trade-offs. https://arxiv.org/abs/2003.11511
Dong Y, Yao YD (2020) Iot platform for covid-19 prevention and control: a survey. https://arxiv.org/abs/2010.08056
Eilersen A, Sneppen K (2020) Cost-benefit of limited isolation and testing in covid-19 mitigation. Sci Rep 10(1):1–7
Flaxman S, Mishra S, Gandy A, Unwin HJT, Mellan TA, Coupland H, Whittaker C, Zhu H, Berah T, Eaton JW et al (2020) Estimating the effects of non-pharmaceutical interventions on covid-19 in Europe. Nature 584(7820):257–261
Gribaudo M, Iacono M, Manini D (2021) COVID-19 spatial diffusion: a Markovian Agent-based model. Mathematics. https://doi.org/10.3390/math9050485
Gurdasani D, Ziauddeen H (2020) On the fallibility of simulation models in informing pandemic responses. The Lancet Global Health 8(6):e776–e777
Haider S, Levis AH (2008) Modeling time-varying uncertain situations using dynamic influence nets. Int J Approx Reason 49(2):488–502. https://doi.org/10.1016/j.ijar.2008.04.007
Hellewell J, Abbott S, Gimma A, Bosse NI, Jarvis CI, Russell TW, Munday JD, Kucharski AJ, Edmunds WJ, Sun F et al (2020) Feasibility of controlling covid-19 outbreaks by isolation of cases and contacts. The Lancet Global Health
Interpol (2019) Cybercrime: Covid-19 impact. https://www.interpol.int/content/download/15526/file/COVID-19%20Cybercrime%20Analysis%20Report-%20August%202020.pdf
Jensen K, Kristensen LM (2009) Coloured petri nets: modelling and validation of concurrent systems, 1st edn. Springer Publishing Company, Incorporated
Kamal M, Aljohani A, Alanazi E (2020) Iot meets covid-19: status, challenges, and opportunities. https://arxiv.org/abs/2007.12268
Lai S, Zhou NRL, Prosper O, Luo W, Floyd J, Wesolowski A, Santillana M, Zhang C, Du X, Yu H, Tatem A (2020) Effect of non-pharmaceutical interventions to contain covid-19 in china. Nature 585(7825):410–413
Lallie HS, Shepherd LA, Nurse JR, Erola A, Epiphaniou G, Maple C, Bellekens X (2020) Cyber security in the age of covid-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic
Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51
Marsan MA, Balbo G, Conte G, Donatelli S, Franceschinis G (1994) Modelling with Generalized Stochastic Petri Nets, 1st edn. Wiley, USA
McFadden F, Arnold R (2010) Supply chain risk mitigation for it electronics. In: Supply chain risk mitigation for IT electronics, pp 49–55
Mossong J, Hens N, Jit M, Beutels P, Auranen K, Mikolajczyk R, Massari M, Salmaso S, Tomba GS, Wallinga J et al (2008) Social contacts and mixing patterns relevant to the spread of infectious diseases. PLoS Med 5(3):e74
Muheidat F, Tawalbeh M, Quwaider M, Saldamli G et al (2020) Predicting and preventing cyber attacks during covid-19 time using data analysis and proposed secure iot layered model. In: 2020 Fourth International Conference on Multimedia Computing. Networking and Applications (MCNA), IEEE, pp 113–118
Mulder T (2019) Health apps, their privacy policies and the gdpr. Eur J Law Technol
Psychoula I, Chen L, Amft O (2020) Privacy risk awareness in wearables and the internet of things. IEEE Pervas Comput 19(3):60–66. https://doi.org/10.1109/MPRV.2020.2997616
Saheb T, Izadi L (2019) Paradigm of iot big data analytics in the healthcare industry: a review of scientific literature and mapping of research trends. Telemat Inform 41:70–85
Singer PW, Friedman A (2014) Cybersecurity and cyberwar: what everyone needs to know. Oxford University Press, USA, New York
Ukil A, Bandyoapdhyay S, Puri C, Pal A (2016) Iot healthcare analytics: the importance of anomaly detection. In: 2016 IEEE 30th international conference on advanced information networking and applications (AINA), IEEE, pp 994–997
Wu M, Song Z, Moon YB (2019) Detecting cyber-physical attacks in cybermanufacturing systems with machine learning methods. J Intell Manuf 30(3):1111–1123
Acknowledgments
One of the authors (A.B.) has been supported by the Università del Piemonte Orientale, Italy. This work has been partially funded by the internal competitive funding program “VALERE: VAnviteLli pEr la RicErca” of Università degli Studi della Campania “Luigi Vanvitelli” and by project “Attrazione e Mobilità dei Ricercatori” Italian PON Programme (PON_AIM 2018 num. AIM1878214-2).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bobbio, A., Campanile, L., Gribaudo, M. et al. A cyber warfare perspective on risks related to health IoT devices and contact tracing. Neural Comput & Applic 35, 13823–13837 (2023). https://doi.org/10.1007/s00521-021-06720-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-021-06720-1