Authors: Valentina Del Rio / PLURIBUS and Stefano Dalmiani / FTGM
In this interview, Stefano Dalmiani, Head of the Bioengineering Department at the Monasterio Foundation, .
Could you tell us more about your role at Fondazione Toscana Gabriele Monasterio and how it aligns with the goals of the KINAITICS project?
As the project leader in Monasterio I am leading the demonstrators work package, to test results and performances of the tools designed in KINAITICS to support particular situations in computer simulations in energy production, healthcare, ecommerce and environments where the cyber solutions are directly integrated into the physical world.
What specific challenges have you encountered in integrating ai-driven cybersecurity solutions in healthcare systems, and how are you addressing them?
The integration with medical devices (like an electronic medical record) is still a challenge. The cybersecurity-world and the healthcare world live with different basic rules, much more unrestricted in the healthcare to support unpredicted clinical events or real-world events (see power outages) that requires many times non-canonical usage of medical devices to save patient’s life. This is something that needs a solution involving the cybersecurity feature from the beginning in the design of medical devices to have a resilient solution. KINAITICS provides many possible solutions that can be embedded in the design of medical devices, especially where the devices are controlled by the processing part directly integrated into the physical world (e.g. pacemakers, infusion pumps, ventilators, etc).
In your experience, how does the collaboration between KINAITICS partners enhance the development of effective cybersecurity tools for healthcare?
Increase the awareness of developers and users in the healthcare sector on the development of solutions that represent an attack surface, complemented by possible defense tools or safeguards to include.
How do you envision the future of ai in cybersecurity, particularly in protecting sensitive data in sectors like healthcare?
Identifying the abnormal or illegal behavior of an attacker, but also of malicious users, in data management, both reading and writing sensitive data.
How do you see the role of public-private partnerships in advancing cybersecurity innovations, particularly in European projects like KINAITICS?
The industrial part should play their role in providing beyond-state-of-the-art solutions, following the needs and policies in the provision of services of the public sector. This is a crucial element that was really implemented in KINAITICS.
What key advancements or breakthroughs in cybersecurity for healthcare have you observed in recent years, and how do they impact the way we approach patient data protection?
I see only more capabilities in the attack part, especially using AI-based tools, leveraging huge digital gap also in healthcare operators. Few commercial-grade defense systems are capable to respond to those, having economic efficiency on their side.
What advice would you give to organizations looking to implement ai-driven cybersecurity solutions in highly regulated industries such as healthcare?
To start cooperating with medical device producers. Cybersecurity is part of the residual risk management for them and is essential to take care of it. Consider also that small medical devices don’t have complex processing capability (think about a digital scale, or a thermometer), but a cyberattack can produce patient’s harm anyway.
As the lead of wp6, which focuses on demonstrators, could you share some key challenges and achievements in developing and testing these demonstrators within the KINAITICS project? How do they contribute to the overall goals of the project?
Despite the workshops are based on real-world scenarios, it can be difficult to have a comprehensive demonstration of the efficiency of the KINAITICS platform for any event of the real world in healthcare provision. At the end of the demonstrators, we plan to discuss with stakeholders’ strengths and weaknesses of the scenarios, so only in the end we could say if KINAITICS was a success or only an advancement in the knowledge of the attack surfaces.
How does the concept of “human in the loop” integrate into the cybersecurity solutions being developed in KINAITICS, especially in the context of healthcare use cases? What role do human experts play in the decision-making process?
In healthcare humans are the primary actors, from patients to doctors. KINAITICS need to provide tools or functionalities that are practical for the roles that each human plays in the process, and this can be inferred analytically, but the level of trust and digital literacy is a result that can be only elicited from the human participants through the questionnaire that we are using in the workshops. Eventually there are the humans that decide what tool or platform to adopt, where, why and how, so this remains as a final decision player.