Don’t Wannacry

There has been plenty of discussion on the BCS Voices discussion area on the Wannacry ransomware event... it has focused on the NHS because of BCS’s straddling of both security and health and care issues - although the actual incident was, of course, much wider.

As you might expect from IT pros, the comments have covered a broad range - with views both trenchant and pithy. Several perspectives have attracted good comments.

Technical

Let’s start with basic IT hygiene, as this comment exemplifies: ‘Backups, backups, backups.’

Patch management naturally came up in discussion, with John Sherwood saying that it is not a ‘simple exercise in applying the patches’, but, ‘requires a careful risk management approach’. He suggests eight key steps in this process.

Communication shortcomings

The technical issues go hand in hand with the larger concerns of effective communication between the techies and those at board level. Andrew Ellis noted that ‘one question is whether there is sufficient understanding at board level about the role of IT in the NHS, and sufficient accountability.’ He also suggests that NHS systems should be treated as critical infrastructure - no doubt a view that would be echoed by the people who missed treatment.

Sean Collins also raises the spectre of ‘not having IT directors on the boards of the trusts to help make budgeting decisions.’

Administrative issues

Collins also notes that there is no single body that is responsible for technical standards across the NHS. And the board members themselves have a role in that, as Ellis also comments: ‘Only when board members are held personally accountable for service failures like this will the situation change.’

Wider society

At an even larger level, bearing in the mind the source of the ransomware, Adrian Firth asks why security agencies are weaponising exploits instead of raising them with vendors for fixes – and goes on to mention one of the key planks of recent BCS campaigning - that individuals should have control over their own data.

BCS itself will have more to say in the near future on this.

But we are keen to hear from members - take part in the discussion

There are no comments on this item

Leave Comment

Post a comment

About the blog

The Echoes blog showcases the best of the conversations on the BCS Voices debate platform.

See all posts by Echoes

Search this blog

September 2017
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
28
29
30