Photo: Mark Weeks for Civil Service World
The former head of the civil service Lord Bob Kerslake has said that all government departments need to look “very seriously” at increased cyber protection, in the wake of last week’s mass ransomware attack that crippled NHS trusts and took down businesses across the world.
Speaking on the BBC’s Westminster Hour programme on 14 May, Kerslake said that “pretty much every government department is at risk”, although he added that he suspected that the defence and security agencies would be well protected.
“The sums involved in protecting against cyber crime and cyber attacks are pretty eye watering, but I think we’re going to have to look at that very seriously,” Kerslake said.
He added that one of the main issues was to do with the training and understanding of users of IT systems, saying that malware used IT users “against themselves”.
The attack, which affected organisations in more than 70 countries, saw a strain of malware, called WannaCry, encrypt computer files and ask for $300 in Bitcoin to unencrypt them.
Although it is clear that the virus spread through connected systems - such as those relied upon by the healthcare service to provide joined-up care - by exploiting a vulnerability in Microsoft’s SMB file-sharing services, it is not yet known how it infected ‘patient zero’ in each organisation.
Speaking to the BBC’s Today programme yesterday (16 May), IBM’s vice-president for security Caleb Barlow, said that the question was a “head scratcher”.
Ransomware attacks are often preceded by phishing emails, he said, but added that an analysis of more than 1 billion spam and phishing emails identified by IBM between March and the present day, “showed no evidence of a single spam or phishing email associated with this attack”.
Asked whether the attack was directly targeted at the organisations it hit, Barlow said that experts didn’t know, but that he would “feel a lot more comfortable” if it was clear how the virus got into the computer systems initially.
Similarly, NHS Digital said in an FAQ factsheet for organisations that the investigations into the attack vector continue - but that they had “uncovered no indication NHSmail has been compromised or is the method of attack”.
It said that NHSmail “has several levels of filtering in place, including safe testing of suspicious files. Any emails with known bad URLs or IP addresses are also filtered out at site”.
Meanwhile, there are continuing attempts from politicians, tech experts, campaigners and companies to assign blame for the incident.
After it became clear the US National Security Agency knew about the vulnerability months ago - Microsoft’s president and chief legal officer Brad Smith criticised governments for “stockpiling vulnerabilities” to exploit them, rather than reporting them to suppliers.
But The Register has today reported that Microsoft itself had been stockpiling critical security patches for its legacy systems, despite being aware that the existence of the SMB vulnerability had been leaked.
According to the publication, the patches that Microsoft released for the systems it no longer supports - including XP, which much of the NHS still uses - were prepared in February but not released to the public until last Friday.
The government, meanwhile, has been criticised for a lack of funding for NHS IT systems, and for only taking out an extension for Microsoft support for XP for a year after the company’ support ended in 2014 - and NHS trusts have come under fire for their continued reliance on Windows XP.
However, NHS Digital has countered that the “vast majority are running contemporary systems”, saying that the number of devices reportedly using XP has fallen to 4.7%.
“This may be because some expensive hardware (such as MRI scanners) cannot be updated immediately, and in such instances organisations will take steps to mitigate any risk, such as by isolating the device from the main network,” the organisation said in a statement.