SPHINX Functional Requirements and Guidelines: PART I

SPHINX pilot implementing partners have worked jointly with technical partners that are leading the SPHINX Toolkit creation to identify functional requirements and guidelines as the basic facilities that the system shall offer to end-users.

These specific functionalities are set to be necessarily incorporated into the system in the form of input to be given to the system, the operation performed, and the output expected. For the SPHINX System, relevant functional requirements and guidelines are the following.

SPHINX shall support advanced cybersecurity capabilities.

The SPHINX Platform shall detect intrusions, attacks, misuse or infections (in second and minute timeframes), transform raw data and records of activity or changes into real actionable intelligence (insights the user can act upon), propose rapid, accurate, consistent and reliable courses of action considering the nature of a breach, its effects and the consequences of the suggested actions (enhanced decision support) and respond immediately to contain infections, avert data losses and prevent onward intrusion.

  • IT Domain: IT Hardware Infrastructure, Networking, Applications
  • Cyber Security Management Cycle: Protect, Detect, Respond

SPHINX shall enable interactions with existing cybersecurity tools.

The SPHINX Platform shall enable seamless interaction with cybersecurity detection, monitoring and reaction tools (e.g., firewall, antivirus software, email monitoring software, blockers of unauthorised Internet sites, log analysers) already in use by healthcare organisations, considering the existing IT ecosystem and contributing to advance the overall level of security and to reduce the users’ workload. In greater detail, SPHINX Platform shall support commonly deployed security devices by allowing the integration and consumption of their audit and transaction logs.

  • IT Domain: Applications
  • Cyber Security Management Cycle: Detect, Respond

SPHINX shall focus on preventing human errors.

The SPHINX Platform shall aim to prevent human errors, as much as malicious actions. It will map the login user names to certain security levels and actions. SPHINX shall contribute to educate and train the healthcare organisations’ employees on best cybersecurity practice and shall implement automated functions to assist in preventing phishing, poor password practices, mis delivery and the sharing of access to devices and systems with unauthorised parties. The SPHINX automated functions shall also contribute to reduce users’ security fatigue (the condition when users feel so burdened by following cybersecurity procedures that they stop trying).

  • IT Domain: Applications, Security/Privacy
  • Cyber Security Management Cycle: Protect

SPHINX shall be designed to support business continuity.

The SPHINX Platform shall be designed to significantly contribute to business continuity aspects, implementing security measures that streamline a timely and effective response and prevent the loss of data, compromised information and unplanned downtime, while advancing the overall healthcare organisations’ system resilience. It should provide alternative solutions and work path to follow in the case of a security incident. It should consider ongoing attacks on priority assets and their pivoting potential to other devices and networks, providing a holistic risk view for situational awareness.

  • IT Domain: IT Hardware Infrastructure, Applications, Security/Privacy
  • Cyber Security Management Cycle: Protect, Respond, Recover

SPHINX shall identify new, modern and advanced cyber threats.

The SPHINX Platform shall have the capability to continuously monitor the cyber ecosystem and to identify new, modern and advanced cyber threats in order to facilitate the protection of the healthcare organisations’ assets, as well as the detection and response to cyber incidents. It should be able to be trained to detect anomalies inside the healthcare networks by recourse to user and device profiling.

  • IT Domain: IT Hardware Infrastructure, Networking, Applications
  • Cyber Security Management Cycle: Identify

SPHINX shall interact with existing and well-known cyber threat intelligence repositories.

The SPHINX Platform shall integrate relevant information provided by third-parties’ highly-regarded security and threat intelligence repositories to support security assessment functions and to better inform the decision-making process of healthcare organisations’ IT administrators and operators.

  • IT Domain: Applications
  • Cyber Security Management Cycle: Identify

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.8 that is publicly available here.