ISW'98 no.42

[42]

Information Survivability Workshop 1998: "Protecting Critical Infrastructures and Critical Applications". Wyndham Safari Resort, Orlando, Florida USA , October 28-30, 1998.

Survivability within a Dependability framework and a virtual enterprise case study from the Health Care sector

Marc Wilikens
Joint Research Centre
of the European Commission
Institute for Systems, Informatics and Safety
21020 Ispra (VA) - Italy
Marc.Wilikens@jrc.it

Alberto Sanna
Scientific Institute H San Raffaele
Laboratory Medicine Dept.
Via Olgettina, 60
20132 Milano - Italy
alberto.sanna@hsr.it

Introduction

The paper will address two of the workshop goals.

It will document new survivability research topics that can contribute to the protection of critical infrastructures and critical applications. As part of the preparatory work for the establishment of a European Dependability Initiative within the EU's Information Society Technologies (IST) programme, a thematic industrial workshop was held on March 18^th, 1998 on the theme: "Dependability of large-scale Infrastructures and Services in the Information Society". The workshop report [1] includes the drivers, dependability challenges and benefits for a European Dependability Initiative from the perspective of large-scale infrastructures and services. In this paper we will highlight the identified challenges, their link to survivability aspects and put the latter in a wider dependability context.
It will summarize real-world critical application systems and their survivability challenges. The paper describes a scenario within the area of survivable information systems. It uses a virtual enterprise case study from the health sector.

European Dependability Initiative

Following an invitation by the European Commission, 50 organisations representing industry, academia and public authorities were consulted to discuss and shape a European Dependability Initiative within the upcoming European Commission's Framework 5, Information Society Technologies (IST) programme. In order to accomplish this task, the Joint Research Centre organised between December 97 and March 98, four workshops, of which one specifically addressed the problems and challenges faced by Industry and entailed by applications of large-scale networked infrastructures and services. The workshop brought together 16 representatives from industry and public organisations covering communications infrastructure and service providers, and from a variety of application areas in commerce, health, energy. These represented sectors of business which are now immersed in the deployment of services and applications provided on top of large-scale global infrastructures such as Internet.
It was recognised that a significant impediment for harnessing the full potential of services arises from problems surrounding trust and confidence in the services. Companies have a strong interest in assuring a minimum level of critical services and for preserving valuable information assets. Consumers have concerns over the correctness of the service, authentication of the service providers and confidentiality. The systems, services and infrastructures underpinning business applications need to be dependable. The main dependability drivers raised at the workshop are:

Technological: global interconnectivity of infrastructures and their systems-of-systems nature, layering of services, inclusion of COTS and legacy systems, importance of uninterrupted information flow and of quality of content.
New threats resulting from globalisation, openness of networks, the increasing business value of information and the widespread availability of intrusion tools.
Legal: Heterogeneity of legal approaches to trust services, liability issues.
Societal/cultural: Changes affecting chains of trust, understanding of benefits and real threats of electronic trading.

Challenges faced by Industry are summarised as needs for:

Global interoperable trust frameworks.
Characterisation of dependability at the various infrastructure and service layers allowing for trading and mediating required service level and quality of content provision.
Management of information security and risk, whilst coping with multiplicity of business models.
System architectures allowing for survivability of critical services, prediction of service level and scalable integration of legacy systems and COTS components.

The conceptual framework presented in the figure presents a multi-layered view of services and puts dependability enabling technologies in general and survivability of critical services in particular in perspective. The services and infrastructure components are organised into layers that expose a succession of technological and business services. This view reaches from the business applications/citizen services layer at the top, to the infrastructure layers at the bottom. On the communications infrastructure level, the move towards converged networks combine voice, data, video onto a single stream. The higher in the layered platform, the more specialised are the business services which are enabled by the lower layers. Therefore, two axes can be identified:

One going bottom-up, of technologies enabling other technologies and ultimately enabling services. For example, cryptography and smart cards are technologies that enable digital signature services.
The second, top-down, links and allocates the business and citizen dependability requirements to dependability characteristics of services and technologies.

It is anticipated that service dependability will evolve in a dynamically traded commodity between the providers and the customers of each service. Meaningful discussions about what service level to trade, mediate and control at what cost is only meaningful when appropriate characterisation of dependability at each layer is in place.

Click image for a full-sized image (opens in a new window if supported).

Survivability aspects in health care systems

The healthcare sector is the largest single service sector, accounting for approximately 500 billion ECU (600 billion $) in the European Union (approximately 9% of the GDP). The healthcare sector is currently undergoing a paradigm shift from an healthcare centred to a patient (citizen) centred care in which emphasis is placed on continuity of services for supporting health promotion and maintenance. It implies a decentralised health care where services are easy accessible to all and are provided through an organisational infrastructure which is transparent to the user. In this context, Internet and IT are playing an increasingly important role in the delivery of services. Information and communications infrastructures implement electronic medical records, support information distribution and sharing between health promotion, primary health care, hospital services, home care and other relevant service mechanisms for patient care and tele-medicine provides remote diagnostics. In addition, infrastructures allow the integration on a wider scale of other business processes involved in health care such as the product manufacturer-distributor-provider in the supply chain (e.g. pharmaceutical industries, insurance and government administrations) giving place to virtual healthcare service systems or virtual enterprises. It is impossible to fully control in a centralised way the "integrated system" in such a virtual enterprise setting due to the enhanced interconnectivity and complexity. In addition, the rapid technological advances in distributed systems and services, largely facilitated by the availability of high-bandwidth digital communication networks, has also severely escalated the complexity of system design, implementation and analysis.
One of the most fundamental changes, currently being introduced, is the move towards a universal electronic patient record. There are many dependability implications associated with this development that are not being given adequate attention.
A process for the elicitation of survivability requirements in a typical health scenario will be adapted from [2]. Requirements for a survivable health care system are driven by the need to maintain high levels of confidentiality, privacy, and patient safety. Future health systems and remote working practices will create the need for high availability of critical information and of critical health care services even if particular nodes or communication links are unavailable through intrusion or accident.

In terms of security there are four major issues for concern:

Many of the distributed health systems being rely solely on firewall technology;
Electronic health records are susceptible to fraud and to abuse of personal integrity;
Health sectors do not have the necessary technical expertise to implement and maintain secure IT systems;
No suitable signature mechanisms have been proposed to counter authentication and repudiation risks.

In terms of availability, the majority of remote health care systems are likely to be critically dependent on predictable and reliable internet communication (systems for dialysis or heart monitoring are obvious examples). High guaranteed levels of availability may also be required for remote conferencing facilities, particularly in the circumstances when these services might be used for operations performed under remote supervision.

In a healthcare process, like any other process, transformations convert inputs into outputs of higher value. Transformations are either physical or transactional, applying respectively to the material flow and information flow. Healthcare value is produced when physical or transactional transformations apply, i.e. when the system interacts with the patient and/or patient related object. In terms of safety, in an information intensive healthcare system, information flow is becoming a critical asset. Patient safety directly depends upon verification processes at the sharp end of the system, where transformations occur involving the patient and/or related objects. These objects can be pure information objects (e.g. records, referral messages, prescriptions), physical objects obtained from the patient (e.g. blood samples, tissue for histopathology) and objects intended to be used for a specific patient (e.g. medications, prosthesis, transplants).

References

[1]:: Dependability of Large-scale infrastructures and services in the Information Society. Report of the Thematic Workshop, held on 18^th March 1998 in Brussels. European Commission report EUR 18070 EN. Also available on: http://ntsta.jrc.it/dsa/Dep-Ini.htm
[2]:: Requirements definition for Survivable network systems. R.C. Linger, N.R. Mead, H.F. Lipson. In Proceedings of the third International Conference on Requirements Engineering, April 6-10, 1998, Colorado Springs. IEEE Computer Society.

Back to the Table of Contents

[42]