Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Wednesday 27 September 2023 Dublin: 14°C
Shutterstock/Sergey Nivens
# white hats
Defence Forces deployed 'ethical hackers' to fight back against massive HSE cyber attack
The CIS Corps deployed experts trained to think like cyber criminals to tackle the threat.

THE DEFENCE FORCES deployed the skills of so-called ‘ethical hackers’ in their bid to fight back against the HSE cyber attack of May this year. 

Ethical hackers are trained to effectively think like a cyber criminal and highlight flaws in a system’s structure. They’re typically tasked with highlighting weaknesses that need to be addressed in IT systems. 

Captain Steve Keane, an Officer in the Computer Response Team (CRT) of the Defence Forces Communications and Information Services Corps (CIS), has revealed for the first time the detailed work of the unit during the HSE crisis, which is still not yet fully resolved. 

In a podcast by the Defence Forces, Keane revealed how his unit were contacted immediately by the HSE and how they set about trying to find the hackers and analyse the virus.

“We had personnel who were analysing the malware – what does it do?” he said.

“They were also hunting for the threat actor, the adversary, on the network. [We were asking] is the person there? Is there a level of persistence where the network is brought back up and is there something nasty hiding in the corner and undoes all the work?”

Keane said that there were also military experts involved in testing a decryptor – a programme designed to retrieve infected data on HSE computers. 

He said that his team were working on the project with the health service “up until extremely recently”.

According to the latest update from the HSE, 82% of systems are now decrypted. The attack continues to affect various aspects of the service, but according to the latest official update on the ransomware attack there is currently “no evidence that large amounts of patient or staff data has been published online or sold to criminals involved in fraud”.

As the health system buckled under the pressure of the initial attack, Keane said the Defence Forces sprung into action immediately. 

While Keane didn’t comment on any specific measures, sources have told The Journal that soldiers attached to CIS were sent to hospitals and HSE offices to decrypt computers on site.

The captain said: “The Defence Forces, due to its flexible nature, were able to deploy very quickly. We were able to deploy nationally to a lot of locations in every corner of the country due to the amount of barracks and their locations so we were very flexible. 

“It was great to see all the different companies, all the different entities there. They were at the briefings and everyone saying ‘what can we do?’. It was a very positive experience.”

As previously reported by The Journal, significant questions have been raised by TDs and military sources about the impact of funding cuts on the CIS Corps.

Keane did not speak about the funding shortfall in the Defence Forces affecting its ability to respond but defended his unit’s capability.  

“The quality of people we have, we don’t have a lot of personnel – as with every organisation you are crying out for more but the people we do have, the skills they have, are exceptional.”

Keane was asked during the interview what was the future for the CIS Corps and he said that the need for the unit was only going to grow. 

“It is only going to get bigger, it has to get bigger. It is recognised by the European Defence Agency, by NATO, by any credible force that the nature of conflict has changed.

Using a term often deployed by military experts to refer to traditional warfare he said: “You don’t just have kinetic conflict, from now on, it will be proceeded by a cyber effect.”

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel