Today’s massive cyber attack on the NHS is a timely reminder of the importance of cyber security in the 21st century. Coming as it does in the middle of a general election it should focus the minds of policy makers on cyber security’s importance in the future as more and more of our economy moves online.
The attack was not targeted specifically at the NHS, with organisations across Europe hit. However, the disruption it has caused to dozens of NHS institutions has captured the headlines, trauma patients in London have been diverted, many A&E departments are severely affected and hundreds of procedures have been cancelled. Today is a vivid example of the potential impact on critical services that cyber criminals can have, the NHS has deployed pre-prepared strategies to minimise disruption in the event of a big cyber attack, but the attackers have still been successful in causing misery to thousands of patients.
Today’s malware attack was a so-called Ransomware attack, with malicious links sent via email, which when opened, paralyse IT systems and demand a ‘ransom’ for release whilst spamming all the effected systems email contacts with further emails spreading malicious software. A fairly basic way of launching a cyber attack, it is nevertheless still highly effective and has been able to penetrate large private and public sector IT systems across Europe.
Large cyber attacks can come from both private sources and foreign powers. A huge denial of service (dns) attack on public services in Estonia a few years ago managed to temporarily disable large parts of the infrastructure of one of Europe’s most advanced digital economies. For many years now governments across the West have also complained about armies of Chinese government hackers attacking key military, intelligence and economic targets in the rest of the world. In the age of nuclear stalemate / detente cyber war is one of the most devastating weapons hostile powers can deploy against each other.
The UK government has been a leading voice in Europe on cyber security for the last 7 years, and significant investment has been made across the EU in bolstering cyber security, but there is much more to do. Politicians need to prioritise investing in cyber security as critical infrastructure on the same level as important strategic military and defence systems. Even fairly tech-savvy policy makers don’t always appreciate or understand the importance of cyber-security and cannot see any public-relations benefits in focusing on cyber investment at the expense of other more popular priorities.
Cyber criminals recognise no borders and cyber security must likewise be strengthened on a cross-border basis. On Wednesday the European Commission announced plans for updates to current EU cyber security frameworks and new proposals on improving ‘internet of things’ devices’ security, which received a cautious but somewhat disinterested welcome from European politicians. The UK will need to continue engaging in and supporting EU cyber security policy development, and the government has committed to do so. Any future UK-EU arrangements will necessarily require agreements on the free flow of data and cyber security cooperation. It may not be the most political or high-profile part of the Brexit negotiations, but it will be one of the most critical for our present and future security and prosperity.