Security researcher and Tekna member Marie Moe has been awarded Akademikerprisen for 2017 for her research into the hacking of pacemakers: a machine that keeps her heart – and those of many others – going. The award ceremony took place at the annual conference of the Federation of Norwegian Professional Associations (Akademikerne) in Oslo on 25 October. The prize comprises a monetary award of NOK 100,000 and a sculpture by Nico Widerberg.
“I feel very honoured to be awarded Akademikerprisen, particularly when I look at the list of previous recipients,” says Marie Moe.
One especially interesting aspect of her research is the personal history behind it – she herself is entirely dependent upon her pacemaker. Six years ago, at the age of just 33, she collapsed and passed out because her heart started beating irregularly. She had to be fitted with a pacemaker, a small battery-powered device that emits a small but constant electrical signal which keeps her heart beating.
At the time, she was working as a section manager for the Norwegian National Security Authority (NSM). As an engineering graduate specialising in industrial mathematics, and with a doctorate in information security, she was in a position to ask the questions that normal patients are not able to pose.
“The answers I got, or failed to get, frightened me so much that I decided to do some research, initially in my spare time, and later as part of a project at SINTEF in Trondheim.” Marie now heads a research group on information security. In addition, she holds a 20 per cent teaching position as an associate professor at the Norwegian University of Science and Technology. What she discovered was that pacemakers are equipped with communications equipment that enables them to be connected wirelessly to the Internet, and in a worst-case scenario, to be hacked.
“The ability to remotely read medical equipment implanted in the human body offers substantial benefits because the patient does not have to travel long distances to a hospital for check-ups. At present, however, this equipment is not adequately protected against hacking.
Insufficient information security at hospitals
Marie Moe believes that there are holes in the security of very many medical appliances. “Manufacturers often have patent-protected commercial secrets and do not use open source codes for the software that controls the equipment. The manufacturers are not subject to information security requirements.”
Marie Moe is working to ensure that medical equipment that is able to communicate over the Internet is far made more secure and for health personnel to be given better training in the use and understanding of this equipment.