#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 17°C Saturday 18 September 2021
Advertisement

Defence Forces deployed 'ethical hackers' to fight back against massive HSE cyber attack

The CIS Corps deployed experts trained to think like cyber criminals to tackle the threat.

Image: Shutterstock/Sergey Nivens

THE DEFENCE FORCES deployed the skills of so-called ‘ethical hackers’ in their bid to fight back against the HSE cyber attack of May this year. 

Ethical hackers are trained to effectively think like a cyber criminal and highlight flaws in a system’s structure. They’re typically tasked with highlighting weaknesses that need to be addressed in IT systems. 

Captain Steve Keane, an Officer in the Computer Response Team (CRT) of the Defence Forces Communications and Information Services Corps (CIS), has revealed for the first time the detailed work of the unit during the HSE crisis, which is still not yet fully resolved. 

In a podcast by the Defence Forces, Keane revealed how his unit were contacted immediately by the HSE and how they set about trying to find the hackers and analyse the virus.

“We had personnel who were analysing the malware – what does it do?” he said.

“They were also hunting for the threat actor, the adversary, on the network. [We were asking] is the person there? Is there a level of persistence where the network is brought back up and is there something nasty hiding in the corner and undoes all the work?”

Keane said that there were also military experts involved in testing a decryptor – a programme designed to retrieve infected data on HSE computers. 

He said that his team were working on the project with the health service “up until extremely recently”.

According to the latest update from the HSE, 82% of systems are now decrypted. The attack continues to affect various aspects of the service, but according to the latest official update on the ransomware attack there is currently “no evidence that large amounts of patient or staff data has been published online or sold to criminals involved in fraud”.

As the health system buckled under the pressure of the initial attack, Keane said the Defence Forces sprung into action immediately. 

While Keane didn’t comment on any specific measures, sources have told The Journal that soldiers attached to CIS were sent to hospitals and HSE offices to decrypt computers on site.

The captain said: “The Defence Forces, due to its flexible nature, were able to deploy very quickly. We were able to deploy nationally to a lot of locations in every corner of the country due to the amount of barracks and their locations so we were very flexible. 

“It was great to see all the different companies, all the different entities there. They were at the briefings and everyone saying ‘what can we do?’. It was a very positive experience.”

As previously reported by The Journal, significant questions have been raised by TDs and military sources about the impact of funding cuts on the CIS Corps.

Keane did not speak about the funding shortfall in the Defence Forces affecting its ability to respond but defended his unit’s capability.  

“The quality of people we have, we don’t have a lot of personnel – as with every organisation you are crying out for more but the people we do have, the skills they have, are exceptional.”

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

Keane was asked during the interview what was the future for the CIS Corps and he said that the need for the unit was only going to grow. 

“It is only going to get bigger, it has to get bigger. It is recognised by the European Defence Agency, by NATO, by any credible force that the nature of conflict has changed.

Using a term often deployed by military experts to refer to traditional warfare he said: “You don’t just have kinetic conflict, from now on, it will be proceeded by a cyber effect.”

About the author:

Read next:

COMMENTS (39)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel