The supply chain of a Living Lab:
Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies

Kitty Kioskli^1,2,3+, Daniele Dellagiacoma⁴, Theofanis Fotis⁴, and Haralambos Mouratidis¹

¹University of Essex, School of Computer Science and Electronic Engineering, Institute of Analytics and Data Science (IADS), Essex, United Kingdom

²Gruppo Maggioli, Research and Development Lab, Athens, Greece

³trustilio B.V., Amsterdam, Netherlands

⁴University of Brighton, School of Sport & Health Sciences, Centre for Secure, Intelligent and Usable Systems (CSIUS), Brighton, United Kingdom

Abstract

Worldwide, vulnerabilities and weak security strategies are exploited everyday by adversaries in healthcare organizations. Healthcare is targeted because these crimes are high-reward and low-risk. The attacks differ every time, from hacking medical devices, such as sensors, to stealing patients' data from electronic health records databases. The effects of these attacks are both short and long term lived, depending on the incidence handling process that each sector is adopting. The Covid-19 pandemic has exposed, in full, that healthcare systems are vulnerable and vastly unprotected while representing a threat to global public health. An important part of the healthcare ecosystem, for the development and validation of innovative tools and methodologies, is the Living Labs which are community-based and adopt co-creation as their primary approach. Because of the many stakeholders involved in the processes of the Living Labs, cybersecurity ought to be in their center. Besides the proven great importance of the Living Labs as part of healthcare, there is no research on security and privacy issues around them. The main purpose of this paper is to explore the supply chain of a Living Lab and identify its security and privacy challenges alongside with its vulnerabilities. The SecTro tool has been used to provide a thorough analysis which follows the Privacy-by-Design approach. The originality and novelty of our work are shown from: (i) moving one step further from desk studies by including requirements from citizens and professionals; (ii) being integrated into an effort from various researchers to supply a holistic approach to Data Privacy Governance; (iii) the first time which a paper is considering and analysing the supply chain of the Living Labs.

Keywords: Living Lab, digital health, supply chain, security, privacy, mitigation actions

+: Corresponding author: Kitty Kioskli
University of Essex, School of Computer Science and Electronic Engineering, Institute of Analytics and Data Science (IADS), Essex, United Kingdom, Email: kitty.kioskli@essex.ac.uk

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)
Vol. 13, No. 2, pp. 147-182, June 2022 [pdf]

Received: November 25, 2021; Accepted: May 18, 2022; Published: June 30, 2022

DOI: 10.22667/JOWUA.2022.06.30.147