Executive summary

This document identifies the benefits of the ASMIS, and the probable difficulties may arise, getting the patient to use the ASMIS, also any potential cyber threats to the system. This report gives an overview of the technology & threat modelling technique used, type of security testing and scalability testing requires to find any potential vulnerability and recommendations to mitigate those issues.

This report includes UML diagrams for the information flow and STRIDE threat modelling techniques to identify any potential cyber threats and recommended cybersecurity technology and best practices to mitigate potential problems.

The report also introduces a background to threat-modelling techniques that are available. Also, a background to the UML diagrams and what is the use of UML.

Background to the UML (Unified Modeling Language) diagrams

The primary purpose of UML is to describe a standard method to design systems in a visual way. It is very similar to the plans used in other engineering fields. UML is a visual language and not a programming language. UML diagrams help to describe the behaviour and structure of the system.

In 1997, OMG (The Object Management Group) implemented the UML as the standard. Since then, it has been managed by OMG. The ISO (International Organisation for Standardisation) issued UML as an approved standard in 2005 (Bell, 2003).

Do we need UML? Complicated applications require teamwork and planning from multiple teams, so a straightforward and summarising method is needed to link between them. The management does not need to or do not understand the code. UML link the object-oriented design and analysis together. When the team can visualise processes, user interactions, and the skeleton of the system, that’s all saves considerable time.

Background of Threat Modelling

Network attacks are a sensitive issue in Cybersecurity. When attackers try to undermine security and send malicious software such as botnets, Trojan horse viruses to access valuable data, various types of methods and tools are used to keep the business running normally. Every day, the situation gets worse and worse because of the emergence of new types of malware attacking the network. It is essential to understand the process before and after these attacks occur in order to deliver better security for the system. Knowing the attack model can provide a deeper understanding of network vulnerabilities; it can be used to defend the network from all types of attacks.

In the world of Cybersecurity, it is difficult to foresee potential attacks without knowing the vulnerability of the network. Therefore, it is imperative to evaluate the network to identify the list of likely vulnerabilities, which will provide an intuitive way to protect the network. Similarly, dealing with ongoing attacks can bring significant risks to the network and valuable data, requiring immediate action. Proper use of attack modelling techniques can provide advance plans that can be quickly implemented during an ongoing attack (Al-Mohannadi et al., 2016).

There are many threat modelling techniques (Table 1). Collective they can be used to create a more robust, more comprehensive view of possible threats. Not all methods are comprehensive, and there is no recommended approach to threat modelling. Some methods specifically address risk or privacy issues. The organisation should decide which method will work best for them depending on the project need.

This report highlighted one types of threat modelling techniques to understand vulnerabilities and adversary’s behaviour. The goal is to use threat modelling techniques to deal with cyber-attacks effectively. The method explained is called STRIDE.

STRIDE Invented in 1999 and implemented by Microsoft in 2002, and it is currently the most mature threat-modelling method. STRIDE applies a broad set of known threats based on its name, which is a mnemonic, as shown in the following table (Shevchenko, 2018).

Benefits of the ASMIS

With the new focus on patients care, health care is changing. The start of this change means that patients are increasingly aware of the delivery and design of healthcare. As the starting point for most non-emergency medical services, medical appointment systems are undergoing significant development to assist the active participation of patients. By using the Internet as a communications tool, patients can better choose the way they communicate with the medical centre. Patients get options to their preferred time to schedule an appointment, have opportunities to select the chosen consultant, even to have access to the individuals' medical record, thus gaining improved access to the healthcare system (Zhao, Peng et al., 2017).

After implementing a web-based scheduling system, most practices have positive changes in particular indicators, such as reduced non-attendance, reduced employee labour, reduced waiting time, increased satisfaction.

Compared with the conventional queuing system, the web-based appointment booking system can considerably improve patient registration satisfaction and effectively decrease the total delay.

Potential problems

Cost, compliance, security and integrity are the main reasons that prevent medical centres from switching to the web-based scheduling system. Also, some patients will be reluctant to adopt web-based scheduling system, who are mainly affected by their experience of using computers. Being unfamiliar with online process, a lack of ability to use a computer and not trusting the Internet are the other reasons for not using the online appointment system.

In order to mitigate some of the problems and have the best user experience, also considering the future growth of the system, it is necessary to design & implement the systems and IT infrastructure correctly. Several key factors need analysing, scalability of the system, government compliance for storing private data. Infrastructure design with the correct network hardware and analyse potential cyber threats to protect cyber-attack.

Cyber threats to the systems

Healthcare industry is becoming the biggest target of malicious actors, and the risk of medical equipment and web-based systems connected to the Internet in hospitals is increasing. Although most medical institutions are committed to protecting patient data privacy, no matter what measures they take, some of them are still far behind in adopting cybersecurity and keeping up with the times. The healthcare industry has many important data about patients, including their medical records, and these need to be protected.

“Department of Health & Social Care securing cyber resilience in health and care progress report suggested the WannaCry attack cost the NHS £92 million” (Department of Health & Social Care, 2020).

Government compliance

The medical centre needs to meet the Cyber Essentials Plus Standard (Department of Health & Social Care, 2020). Cyber Essentials is a UK government-backed scheme designed to help organisations assess and mitigate risks from common cybersecurity threats to their IT systems. The Cyber Essentials scheme is a cybersecurity standard that identifies security controls for an organisation to have in place within their IT systems. They are the digital equivalent of a thief trying the front door to see if it is unlocked. Meeting CE compliance is to prevent these attacks. Cyber Essentials scheme is a requirement for all UK government suppliers handling any personal data (United Kingdom Cyber Essentials PLUS - Microsoft Compliance, 2020; About Cyber Essentials, 2020).

Scalability analysis

As the clinic has been experiencing a high volume of calls, and medical centre needs to plan to be able to respond to the rate of growth of the community population. Scalability and the load impact performance testing are recommended. In order to determine the system to continue functioning with an acceptable performance during peak time. Scalability testing tests the performance and ascertain the maximum capacity when more resources will be required. Load testing helps to simulate those users to assess the system performance and know if the ASIMS meets the goals.

Performance plays a crucial part in the user experience with the system. It is often ranked by the response time to visualise or communicate with some information. The main factors that affect the user experience response time are Frontend website and Backend database.

Frontend performance concentrates on browser metrics like webpage loading time, rendering time, interactive time, among others.

Backend performance, on the other hand, concentrates essentially on the response time from the server and the number of errors returned.

Having a web-based system comes with its own flavours of cyber threats. One of them is DoS/DDoS. It is a challenging attack to protect; one of the ways this happens is when multiple devices send a large number of packets to the website at the same time, eventually overloading the site and crashing the site down.

Faster disk read-write will mitigate the performance of the backend servers, and dedicated Internet leased line with higher bandwidth and load balancers will solve the issue for the performance of the Frontend server and will mitigate Denial of Service attack.

Network Infrastructure diagram

The primary network overview diagram in Figure 1 shows that this is a three-segment design, External, DMZ and Internal network.

We can further look into a UML sequence diagram in Figure 5, how OTP will work. When the credential is entered during the login process and send to the server, the server generates an OTP and stores that as temporary and sends returns access token and generated OTP. Once the OTP is entered and that sends the OTP access token to server then validates and give access and clears the OTP.

Following the recommendation in this report with the correct setup of ACLs, permission, auditing, and logs can tackle all aspects of STRIDE method.

Information disclosure is a part of confidentiality. Providing information to an unauthorised person or publishing patient list to a web site is a breach of confidentiality.

The security system should be built in a non-repudiation mechanism so that the data source and the data itself can be trusted.

In order to prevent the unwanted input data, it is recommended to verify all the input data before uploading it into the database.

It is difficult to stop an attempted security threat, but one can implement logs and audits to capture and track these user behaviours. If it is done right, you can match these harmful attempts to the source of the vulnerability.

Reference:

Al-Mohannadi H, Mirza Q, Namanya A et al (2016) Cyber-Attack Modeling Analysis Techniques: An Overview. In: Proceedings of the 4th International Conference on Future Internet of Things and Cloud Workshops. 22-24 Aug 2016, Vienna, Austria.

Barracuda.com. 2020. What Is An Intrusion Prevention System? | Barracuda Networks. [online] Available at: https://www.barracuda.com/glossary/intrusion-prevention-system [Accessed 22 November 2020].

Bell, D. (2003) An Introduction To The Unified Modeling Language. [online] IBM Developer. Available at: https://developer.ibm.com/articles/an-introduction-to-uml/ [Accessed 8 November 2020].

Department of Health & Social Care, (2020) Securing Cyber Resilience In Health And Care: Progress Update October 2018. London: gov.uk, p.14-15.

Docs.microsoft.com. 2020. United Kingdom Cyber Essentials PLUS - Microsoft Compliance. [online] Available at: https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-cyber-essentials-plus-uk?view=o365-worldwide [Accessed 22 November 2020].

Ncsc.gov.uk. (2020). About Cyber Essentials. [online] Available at: https://www.ncsc.gov.uk/cyberessentials/overview [Accessed 21 November 2020].

Shevchenko, N., (2018) Threat Modeling: 12 Available Methods. [Blog] Software Engineering Institute, Available at: https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html [Accessed 19 November 2020].

Shostack, A., 2014. Threat Modeling With STRIDE. [online] Users.encs.concordia.ca. Available at: https://users.encs.concordia.ca/~clark/courses/1601-6150/scribe/L04c.pdf [Accessed 23 November 2020].

Zhao, P., Yoo, I., Lavoie, J., Lavoie, B. J., & Simoes, E. (2017) Web-Based Medical Appointment Systems: A Systematic Review. Journal of medical Internet research, 19(4), e134. https://doi.org/10.2196/jmir.6747