The rise of artificial intelligence as well as increasingly sophisticated cloud technologies and computing capabilities are creating an extra challenge for cybersecurity in general. AI can be used both to strengthen the cybersecurity of systems and to launch new cyberattacks that are more effective than ever before. Benoit Grunemwald is a cybersecurity expert at Eset, one of the leading providers of IT security software and services in Europe. He shared his insights into the double use of AI when it comes to cybersecurity, with a focus on healthcare. Here’s Part II of this interview.
MedicalExpo e-magazine: Can you tell us more about the link between AI and the cloud?
Benoit Grunemwald: To use AI, you need the cloud in the broadest sense of the word to store a huge amount of information on which to train your models. AI does not exist by magic, it relies on concrete elements that are the data sets on which the algorithms are trained. These data sets and algorithms are necessarily stored on machines that must be protected to avoid various biases.
The protection of the AI environment by solutions like ours, with a lot of human beings behind it and not just technical solutions, is very important.
For the protection of the AI environment, you can use public or private clouds. Public clouds mean that you buy a cloud from a third party, such as Amazon, Google or Microsoft Azure. Private clouds mean that you do it yourself: you buy computers and servers, you stack them, you power them, you put them in data centers and you have your own cloud.
If the cloud is not well secured, it can lead to unauthorized access to the models that could introduce bias. That’s why in our company, the most protected places are really the places where there is the core of the technology, but it’s also extended to the AI so the data sets.
What would these biases consist of?
Benoit Grunemwald: Imagine you are a cybercriminal and you want to pass malware. Is it better to develop 15,000 pieces of malware and fight against the attacked AI, or to try to get into the data set of the attacked site and change a micro-segment in it so that the attacked AI lets through a whole bunch of malware? The answer seems clear to me.
Is it a kind of Trojan Horse?
Benoit Grunemwald: Absolutely: go to the origin, enter the data set of a site to infiltrate false information in order to deceive the “enemy.” This is part of the AI manipulation techniques that we see in facial recognition or in image-based object recognition, where the AI is very sophisticated but it only takes changing one small parameter so that the AI can no longer tell the difference between a cat and a dog.
This can lead to very differentiating elements, which is why the human being is always necessary behind the AI because there are biases and only the human being can spot and correct them.
Especially in the field of healthcare, confidentiality and integrity are crucial, because if you conduct a study and someone maliciously accesses it and modifies the results, and therefore its integrity, you can end up with a drug, for example, that is wrongly put on the market or, on the contrary, that is not put on the market even though it would work.
Do hospitals have their own secure private cloud?
Benoit Grunemwald: It depends on the governance set up by the hospital. Some hospitals prefer to have their own cloud and manage everything from A to Z. Others prefer to rely on cloud providers and delegate some of the security and hardware as well. The hospital then becomes a user. It’s really a question of governance and risk management. If the hospital decides to internalize security and risk management, it must have the right engineers to make it work.
At Eset, we use both public cloud and private cloud. Most users with a little bit of structure have this two-tiered approach. On the public cloud, we put the less important data and the data for which we need more computing resources. Because the huge capacity clouds are able to provide you with a very large amount of computing power in a very fast and timely manner like Google does. But the very core of our activity that we want to protect the most, we will put on the private cloud. This requires rigor and work in management.
Are there more risks with a public or private cloud?
Benoit Grunemwald: The risks are different. If you have a public cloud, you have to check the accesses and data that you transmit to the outside and make sure that they are deleted afterwards. If you externalize patient data, you also have to anonymize it first.
On the other hand, if you have your private cloud, you have to manage all the security of the infrastructure. So the risks are different, the skills and resources are different. There is no ready-made answer to define whether you should use one or the other.
Have the big clouds of Google or Amazon already been hacked massively?
Benoit Grunemwald: The answer is yes but the question is: whose fault was it? One piece of cybersecurity advice is this: when you have a public cloud, be very vigilant about access. We’ve seen major data leaks because the buckets were left with their default configuration, which was a bit too permissive. So the fault was not with the cloud provider but with the user.
So yes, there have been attacks on this type of cloud but it is difficult to generalize.
Is healthcare sufficiently cyber-protected today?
Benoit Grunemwald: To answer this question, I would divide the activity of health establishments in a general way into several parts: emergencies, office automation, MRI and everything that is related to university and research. We often talk about large attacks on hospitals, but we must not forget that there is a very large overlap between hospitals and research, and therefore between universities and teaching.
So we should not only focus our attention on the tip of the iceberg and on the attack on hospitals but also on all the stakeholders in the healthcare environment, which include the traditional operation of healthcare, university research, suppliers, etc. In research, the motives for cyber attacks can be state-sponsored, financially-motivated and related to industrial secrecy in contexts of tension such as Coronavirus.
