| What is the best way to advertise the most powerful thing mankind might have ever created? This is the question that Anthropic’s marketing has probably been asking themselves over the last few weeks. The answer is butterflies, literally. |
| This month, the mercurial AI lab released the publicly available version of its (and the world’s) most potent large language model, Mythos. Its promotional material harked back to nineteenth-century botanical drawings, delicately drawn butterflies fluttering across a stained yellow background. The choice of imagery is no coincidence. Sketches and paintings from zoological and biological studies are but a thin veneer to shroud the capabilities of a model capable of penetrating the cyber defences of nation states. |
| Mythos was deemed so powerful that its initial release was limited to 50 companies who had been ‘invited’ to test the model. Despite a delayed rollout for safety reasons, Mythos was banned for use outside of the United States just days after release. At the time of writing, access to the model has been shut off everywhere. |
| The rise of Anthropic and the future of Mythos were profiled in the Financial Times as part of a 5,000 word examination of how a startup that broke away from OpenAI transformed itself into a behemoth of the new artificial age. In the article, one unassuming sentence poses more questions than it answers: “It is able to find ways to hack into critical systems, from power plants to financial services, mobile operating systems or hospitals.” |
| Hospitals are not everyday buildings. They have to function 24/7, every single day of the year, and must be immune from even the smallest glitches. Today, bigger buildings rely on a network of servers and computers to keep them functioning. They control everything from temperature and humidity to shading and electrical systems. In hospitals, the Building Management System (BMS) is a frontline healthcare tool and can be the difference between life and death for hundreds. |
| If models such as Mythos, and those that will inevitably follow, are aimed at the BMS of critical buildings, what would happen? This is not just a question of stealing patient data but how hacking into a hospital could cripple both the building and the life-saving infrastructure itself. |
A breath of fresh air
| Large buildings are like human bodies. They need ducts and pipes to pump cool air and hot water to every corner. Wires carry the electrical impulses that make them twitch, move and, oftentimes, make them usable in the first place. When they get too hot, the windows open and when it’s too bright, the curtains slowly droop over the windows. Buildings are impossibly complicated and the bigger they get, so does their brain. |
| In hospitals, these networks get increasingly more layered. Hospitals rely on significantly higher levels of air filtration than commercial buildings. Medical gases like oxygen, medical air and Entonox are regularly delivered through centralised gas pipelines within the hospital. In the UK, the NHS is piloting a series of ‘smart theatres’ that can monitor CO2 levels and augment them in real time. |
| This is called the ‘field’ level of building management. Networks of sensors and probes throughout the building relay information back to a BMS and any alterations are made at the valves and outlets of the networks. It collects data and makes the physical changes required to maintain the required conditions. Below the field level lie the ‘automation’ and ‘management’ levels. These process the data from sensors and allow humans to operate the system respectively. Together, the three layers form a near-living, breathing set of networks that allow a hospital to maintain a stable internal environment even as external conditions change. Apart from the systems needed for everyday use, a BMS also controls critical safety infrastructure like fire suppression systems and security access. |
| No room tests their efficacy more than the operating theatre. |
| Operating theatres require a constant influx of filtered air to maintain a higher air pressure than surrounding rooms. A lower pressure would act as a vacuum and draw in airborne pathogens through cracks and fissures. The result is that operating theatre ventilation systems change the entire volume of the room’s air once every three minutes. |
| Around the operating table, airflow is used to create a sterile environment. Some theatres create laminar airflow directly above the table, blowing air in a single, uninterrupted direction with minimal turbulence. This reduces the chance of airborne pathogens being erratically blown across a room and airflow is constantly directed away from the patient. The total air in these theatres can change up to three hundred times an hour. The need for constant stability within a theatre makes them highly susceptible to small changes in their air systems. |
Anatomy of an attackBoston Children’s Hospital is the main paediatric wing of Harvard Medical School. In 2021, a hacker was able to gain access to its ventilation systems by hacking the contractor. Vendors of a BMS’s components often have remote access for specialist maintenance and monitoring, making them targets for entering large networks. The hacker unsuccessfully attempted to extort money from the vendor and the incident became a warning sign of the vulnerabilities of an unsecured hospital BMS.Hackers can get access to these systems by using search engines like Shodan. Like a specialised Google, it can be used to find items connected to the internet like servers and cameras. A hacker can use Shodan to identify unsecured items on a building’s network. A common point of entry is cameras or other devices that are connected to the internet but unlikely to have had their default configurations changed by the user. Once a hacker has found an entry point, they can access the network it communicates on. Most BMSs use a network called BACnet (Building Automation and Control Networks), the standard method of automating and controlling building components. Despite covering over half of such building networks, it is inherently vulnerable to cyber-attacks. Once a hacker has access, they would be able to see the entire ecosystem of devices on the network and a meagre camera can turn into a gateway to a major heating or ventilation system. The next stage involves lateral movement, travelling through the network to find the correct target. By using the default credentials or details that they may gain from phishing emails, the hacker can navigate through BACnet. Once a hacker has reached this stage, it is far more difficult to identify them as there is little to separate them from regular network traffic. On average, reaching this point takes an attacker two hours. When a critical building system is reached, the ability to manipulate performance turns into leverage. A hacker can now shut off ventilation systems, disable warning alarms or turn chiller units off. Each system accessed is now a bargaining chip to achieve whatever the demands may be. If a hacker can say that operating theatres can no longer guarantee a sterile environment or that flammable gas leaks can't be identified, the precautions alone could cause chaos. When a cyber-attack occurs, the effects cascade and they aren’t limited to the physical infrastructure. A compromised hospital diverts incoming ambulances to other facilities, testing their capacity. Patient appointments are cancelled and staff switch to slower and more tedious paper-based forms of recording information. Entire wards may have to be temporarily shut or evacuated. Not only is the target hospital paralysed, the local network is strained in trying to carry the additional load. Cyber attacks on steroids:Hospital cyber-attacks have existed long before AI became part of our everyday lexicon. With advanced models, the time taken for a hacker to be able to move laterally through a system has dropped to below an hour. The key difference today is the scale and repetitiveness of attacks that can be carried out. Models can refine their approaches in real time, creating more persistent threats while chatbots can craft more believable and personalised scam emails and messages. Mythos can find and connect multiple small vulnerabilities in a system and create its own tools to map the network and exploit vulnerabilities.Counterintuitively, in the world of digital attacks, hospitals are particularly vulnerable because they are buildings. The physical infrastructure of many of today’s hospitals was manufactured and installed before AI-powered cyber-attacks could take place. Retrofitting cybersecurity into networks that were not designed to accommodate it is far more difficult and the alternative, replacing entire piping networks or ducts, can cause severe disruption. The physical apparatus needed for critical life support are held together by vulnerable digital threads which need to be suitably protected in today’s environment. Smart buildings are here to stay. Computerised systems offer plentiful benefits across a building’s life, from energy efficiency to rapid response times during emergencies. The challenge for all smart buildings in the coming years will not be just the extent of digital infrastructure that they can incorporate, but how well they can protect it. As cyber threats become more pertinent, a hospital’s duty of care will extend far beyond the walls of the operating theatre, to the reassurance they can provide patients that it is also a digital safe zone. |