Richard Clarke's worst cybersecurity nightmare

‘If you corrupt a hospital database and switch blood type, you’re going to kill people’
By Tom Sullivan
07:55 AM
Richard Clarke

There are security experts and then there's Richard Clarke. The cybersecurity guru, who served under three American Presidents, is now an internationally recognized speaker, consultant, and best-selling author. 

Clarke, in fact, is slated to deliver the opening keynote at the HIMSS and Healthcare IT News Privacy and Security Forum in Boston. 

Ahead of the 3-day conference, Healthcare IT News spoke with Clarke about what he considers to be the worst-case cyberattack scenario, potential implications of such an event, and what hospitals should be doing to prepare right now. 

Q: What in your opinion would be the cyber nightmare?
A: The cyber nightmare has to be an attack on the power grid that results in prolonged blackouts. It's possible and while it might only be regional in its effects it could be devastating to that region. Large-scale transformers and generators, which are the backbone of the power grid, are made-to-order and are available via just-in-time delivery. They're not warehoused; there's no surplus. So if someone were to blow up a transformer and generator we'd be waiting for months – months – for the replacement.

Q: How likely is such an event, really?
Nothing of that order is likely to happen but neither was 9/11 likely to happen. Likelihood is something I don't think you should take into account when you do risk management. A lot of people believe you should, a lot of risk management books will tell you to consider the extent of the damage times the probability. Well, I don't think you can tell the probability. The real way to think about risk management is to include in your calculus the outlier event.

Q: What are the downstream ramifications of an attack on the power grid?
If you had an attack on the power grid where a lot of transformers and generators are, you'd either have brownouts or blackouts that could last for a long time. And if you think about what works in a blackout, the answer is 'not much.' We all have generators but as we discovered in Hurricane Sandy those backup generators often don't work or they work for only a limited period of time. That essentially reduces the area under attack to a pre-industrial, pre-electrical time in society. People are constantly putting generators in the wrong place.

What we saw with Fukishima is that the generators were at sea level and the sea came up to that level, overtopping the sea walls and when those back-up generators went down there was no way to cool the nuclear cores and, therefore, we had full meltdown. In the case of the World Trade Center attack on 9/11, World Trade Center 7 tower actually had the generator on I think the 10th floor. It was well above ground but so was the fuel. So when shards from falling towers 1 and 2 hit 7 it ignited the large reservoir of fuel and caused that building to collapse. 

Q: What should hospitals be thinking about in regards to some sort of large-scale attack?
There are three things. The first is where you place your generator, where you place your fuel and how you get fuel, including gas and oil, after the first 24 hours. Number two, in day-to-day operations, hospitals need to make sure that medical devices are on a network that is completely air-gapped and disconnected from any network that would be connected to the Internet. We find over and over again that people think a network is air-gapped when it's not. You really have to work at that because if you're on a life-sustaining device, you don't want that device to be addressable, even if it involves two hops to get there. And the third thing, of course, is privacy. PHI, PII of patients and employees. Most hospitals have a rich database of information that is of value to somebody, and we know that because people are constantly trying to harvest it.

Q: As someone who works on a more global basis than just healthcare, what challenges do you see that are unique to healthcare?
Healthcare is just like any other industry – with the exception that they have people on life support and they have people getting blood transfusions. If you corrupt some databases it doesn't really matter but if you corrupt a hospital database and switch blood type, you're going to kill people. That's never happened but it could.

Clarke's keynote, titled Cybersecurity 2015: From Theft to Destruction, is scheduled for Tuesday Dec. 1 at 9:05 a.m. 

The Healthcare IT News Privacy and Security Forum runs from Dec. 1-Dec. 3 at the Westin Boston Waterfront. Register here.

Related articles: 

The rise of ransomware, crafty hackers, and health data destruction

3 tips to prep for a massive cyberattack

Best practices for password security