A security analysis in a life science environment : a case study

Sammanfattning: The cyber-threat against life-science is much larger today than just a couple of years back. Companies within the field have valuable information from example R& Din pharmaceuticals, biotech, personal data of vulnerable patients or medical devices and that is something attackers are very much aware of. Lab equipment have generally been disconnected from the internet to protect their data even more but the benefits a company would gain in diagnostics and support could outweigh it. In this paper a fictional environment with lab instruments, control units and databases is set up based on a real system used by Company X. A security analysis for the system is conducted with the goal to identify and analyse potential threats and risks. This was done by first study relevant literature along with meetings with representatives from Company X. The security analysis is made with a threat model called Yacraf which includes six different phases, the process was easy to follow and resulted in potential ways how an attacker could gain access to the system. The results also show different protection scenarios for these attacks and how Company X could implement preventive measures in advance. If Company X where to implement such a remote control system a first step would be to educate the employees to recognize common cyber-threats and only set up the remote connection when needed.