| 6.4°C Dublin

In a dusty corner of Israel, hackers change cancer records to test defences

Stephen Rae


Hidden dangers: Defence gaps pose a threat to energy and healthcare infrastructure

Hidden dangers: Defence gaps pose a threat to energy and healthcare infrastructure

Hidden dangers: Defence gaps pose a threat to energy and healthcare infrastructure

From transport to banking, energy efficiency and healthcare, the speed at which technology is transforming our lives is truly amazing. It does come at a price - and that is the price of our privacy and security. Tech platforms are hoovering up private information and using it to target us with advertising. More sinister players are also looking for our data - hackers seeking out the service providers we use that have weak cybersecurity defences.

As information technology increasingly becomes operational technology and the Internet of Things becomes the Industrial Internet of Things, it is absolutely critical that manufacturers, healthcare and energy providers have robust cyber defences to withstand hacking from criminal and state actors.

In Ireland, we witnessed a 2017 attack on our energy grid by a state actor testing our vulnerabilities and suspected of trying to take down the electricity supply.

A malicious cyber event on our grid could have a devastating impact on data storage and the operations of big tech firms here.

Ahead of the International Fraud Prevention Conference 2020 in Dublin on March 11, where we will be discussing emerging cyber threats and how to combat them, I visited Beer Sheva. Once a small Bedouin town in the Negev desert dependent on agriculture, now it's Israel's 'cyber city'.

In a nondescript office park on the outskirts lies the home of one of Israel's biggest exports: cyber tech.

Cyber businesses who locate here get 20pc of staff wages back in tax breaks - encouraging the likes of IBM, Dell, PwC and Deutsche Telekom among others to relocate research teams here, with close relations to the nearby university.

Of course, being outside the scope of EU privacy laws may help too, I suspect.

One of the interesting encounters was with Oleg Brodt, the R&D director of cyber at Ben Gurion University.

Brodt described how they seek out youngsters in primary school who have an aptitude for maths and nurture them all the way up to college.

We see how a 17-year-old student hacks into the 3D printer for a drone and inserts a design flaw that ensures after a few minutes of flight the drone drops out of the sky.

More frighteningly, we hear about the threats of cyber attacks on our healthcare systems.

Brodt says in 2018, clinics and hospitals were hit with numerous cyber attacks. "Attackers can alter 3D scans to remove existing or inject non-existing medical conditions," he reveals.

Why? "An attacker may do this to remove a political candidate or leader, sabotage or falsify research, perform murder or terrorism, or hold data ransom for money," he says.

To prove the point, students test hospital security - with the permission of one institution. Their ease of access is frightening.

While medical staff are busy, the students insert a $40 (€36) hacking device into a floor cable and, in seconds, breach the hospital's computer system.

From the waiting room area, they are able to change the CT scan of a patient by 'inserting' a tumour. They also 'remove' a tumour from another scan, making the patient appear cancer-free.

The fake scans are so real that by "using deep learning, an attacker can fool expert radiologists and even state-of-the-art AI, 98pc of the time in the case of lung cancer".

Similarly, hackers can change the blood type records of a patient, which would have catastrophic consequences in the event of a transfusion.

After this sobering display of the risks posed to healthcare records, a short walk brings us to another nondescript building. We are at the Israeli cyber command centre - the National Cyber Directorate.

Teams in several security operation centres attempt to stop hacking into the health, energy, banking, telecoms and transport infrastructures.

The agency operates a '119' hotline where anyone can report a suspected cyber incident - which allowed advance warning of the Wannacry event.

"The most immediate technological challenge confronting Israel is to protect artificial intelligence-based vehicles from being hacked," says Yigal Unna, the directorate's chief.

"Artificial intelligence is the new battlefield that will accompany us in the near future," says Unna. "The immediate challenge before us is artificial intelligence vs artificial intelligence (adversarial AI) - attempts to cause AI-based vehicles to act contrary to their programming in order to cause damage."

He claims the body and other agencies have blocked every single cyber attack on critical infrastructure in 2019.

During the visit, local media reported 700 attempts to hack into systems at Tel Aviv Airport, as hackers tried to disrupt flights of international leaders at Holocaust memorial ceremonies.

Later, the head of the electrical company reported 11,000 attacks every second in 2019 - all foiled by cyber defences.

From an Irish context, what may be most applicable is the free hotline to report suspicious incidents.

The free cyber defence capabilities offered to banking and energy sectors are also relevant, along with the pipeline of technical expertise from colleges.

Certainly, as the home of so much EU data and the European HQ of Big Tech, Ireland's cyber defences should very much be a strategic imperative.

  • Stephen Rae is chairman of the International Fraud Prevention Conference in Dublin on March 11; internationalfraudprevention.com

Indo Business