What if the superconducting magnet of an MRI machine breached containment?

What if the checks and controls of an MRI machine are connected to the network?

In this short talk I explore the cyber-physical risks of cryogenic systems, with the particular example of MRI superconducting magnets.

MRI magnets rely on cryogenic cooling - liquid helium near absolute zero - to maintain superconducting magnetic fields. Superconducting relies on the coil being so cold that it has no electrical resistance, so massive currents (hundreds of amps) can flow through it and sustain magnetic fields almost hundreds of thousands of times that of the Earth. If that coolant warms up at any point the superconducting property is lost, the conductor becomes resistive and heats up, and a truly vicious cycle of heating and increasing resistance develops so the nitrogen or helium boils - called a 'quench'. The boiled gas is hundreds of times bigger than the liquid so creates intense pressure: so much that your ears will probably pop but worse, you probably can't open the door: and it forces the oxygen out of the room so you suffocate, while also getting instant frostbite. The collapse of the magnetic field can stress the magnet's structure and permanently damage the coils: which cost tens of thousands of pounds to replace while you lose weeks worth of imaging throughput. Even a controlled quench costs thousands and risks damage. These things are prevented by failsafe systems: constant monitoring, automatic venting, secure supply chains, early warnings, regular maintenance and checks.

But what if they're not? What if someone or something interferes with the complex and supposedly resilient supply chain and safety monitoring systems? Then small anomalies can cascade and we have cryogenic bombs waiting to go off.

Cryogenics is now a cyber‑physical risk surface: pervasive networking and the Internet of Things now means system failures - through accident or attack - can cause failures in ordering systems, delivery delays, failing fail-safes so that Operational Technology is increasingly exposed to cyber risks in cryogenic monitoring and control.

The mitigations are obvious - and routine - but we all know that awareness and caution are not at all routine in cyber security, and restating the obvious is part of the toolbox of any cyber security professional so I will discuss mitigations including diversified helium and spares strategy, raised refill thresholds, network segmentation, encrypted telemetry with certificate lifecycle management, MFA for vendors, runtime physics‑based validation of sensor data, “alarm‑the‑silence” watchdogs, manual overrides, and blended quench‑plus‑cyber table-top drills, as useful tools that can help prevent incidents and avoid us breaking out into a sweat about liquid helium.