Internet Security

 Today, 13th May 2017, according to news broadcasts it seems that one or more NHS employees must have seen a new email and opened it's attachment. I'm not altogether suprised because lately I've noticed my inbox has several such emails and these seem to be getting more and more plausible. Usually the language is a trifle odd, but of course nowadays the use of odd English language is so common, even on the Beeb, who's to say that DHL or Bloggs & Co aren't employing someone whose English is not their second language? Apparently the virus, once released, uses the local area network to spread to other computers.

Now that the man on the Clapham omnibus isn't the injured party, at least directly, the media is trying to pin the blame for opening a bad email attachment. As this type of problem has been with us almost since computers were first introduced you'd think, at least the State has filters in place to protect publicly owned systems from viruses. Certainly there's supposed to be an organisation in charge of this and in charge of that a Government Minister. According to statements I read (and can we believe these?) all the right instructions were given. As a manager, at least I was donkeys years ago, and I assume good practices are much the same, I understand that it's useless to issue an instruction without checking it's been obeyed. "I told the NHS yonks ago to update from Windows XP", is the excuse. Did you suggest a timescale I wonder or was it an open-ended request? Was it a passing suggestion or was a dictate? Another story, which may be more informed, tells me the virus spread, not through XP computers, but through Windows 7 machines that were missing a security update... and, the story goes, to save expense, were not fitted with an anti-virus package.

Many moons ago we would have heard next that, "so and so has resigned", but these days this never happens. Possibly a huge cut in salary is the reason for not resigning, but I can't say. Who is it that's in charge of this area exactly? It seems that the Cabinet Office is the prime mover.

 Click to see the PDF explaining everything

and here's what the organisation has to say

Office of Cyber Security and Information Assurance

The Office of Cyber Security & Information Assurance (OCSIA) supports Cabinet Office ministers and the National Security Council in determining priorities in relation to securing cyberspace. The unit provides strategic direction and coordinates the cyber security programme for the government, enhancing cyber security and information assurance in the UK.

The OCSIA works with other lead government departments and agencies such as the Home Office, Ministry of Defence (MOD), Government Communications Headquarters (GCHQ), the Communications-Electronics Security Department (CESG), the Centre for the Protection of National Infrastructure (CPNI), the Foreign & Commonwealth Office (FCO) and the Department for Culture, Media & Sport.

Aims and objectives
The OCSIA is responsible for implementing a number of cross cutting agendas including:

providing a strategic direction on cyber security and information assurance for the UK including e-crime
supporting education, awareness, training and education (for example, Get Safe online and the Cyber Security Challenge)
working with private sector partners on exchanging information and promoting best practice
ensuring that the UK’s information and cyber security technical capability and operational architecture is improved and maintained
working with the Office of the Government Senior Information Risk Owner (OGSIRO) to ensure the resilience and security of government ICT infrastructures such as the Public Sector Network (PSN) and G-cloud
engaging with international partners in improving the security of cyberspace and information security

 

Well, I should say they appear to have failed as far as "strategic direction" and co-ordination, insofar as the NHS is concerned... but then again, what do I know, I'm just an ancient pensioner?

 What's the answer? Well, if the problems originated from an email attachment, and I don't know if that is a fact, why not filter emails before allowing these to leave the email servers. Perhaps something really simple such as blocking attachments and embedded links?

Return to Reception