Government releases strategy for cyber-security

30 November 2017 15:40

The government has launched a strategy on cyber-security in response to recent technological changes and the growing awareness surrounding the threat of cyber-attacks.

The Interim Cyber Security Science & Technology Strategy: Future-Proofing Cyber Security report identifies which technologies will have the most impact on cyber-security and develops policies to help the UK keep up with threats of cyber-attacks.

To develop the report, the government consulted with academia, industry and experts in the science and technology community to identify areas that are consistently identified as “game changers” for cyber-security.

Key technologies regarded in the report include the Internet of Things (IoT), data & information, automation, machine learning & AI and human computer interaction.

The ubiquitous nature of the Internet of Things (IoT) - which encompasses a range of industries including medical devices and healthcare – is highlighted as having a number of cyber-security challenges. The report recommends that all IoT connected devices are built with security in mind and that endpoint devices have secure authorisation & authentication. It also states that legacy systems have had no attention given to security considerations.

Connected medical devices can have great benefits on patient care, the report states, but also present issues in cyber-security.

The WannaCry attack that took place earlier this year is referenced as an example of how cyber-attacks can directly impact patient care. The report states that the Department of Health and NHS Digital are working with the Medicines & Healthcare products Regulatory Agency (MHRA) ‘to simplify and clarify the steps which health and care organisations and industry need to follow to bring innovative heath and care software and connected medical devices safely from development to adoption.’

To help address growing cyber-security issues, the National Cyber Security Centre (NCSC) is to be responsible for identifying technological advancements that have implications on the UK’s cyber-defence. To do this the NCSC will publish regular advice on emerging technologies, working with departments and agencies to do so.Conclusions made by the NCSC will be reviewed by an independent panel of experts. Government departments will also be required to attend a panel chaired by the government chief scientific adviser on how much they have incorporated the NCSC’s guidance and best practice into their policy making.

Rob Bolton, director and GM, western Europe at Infoblox, commented on the strategy’s objectives regarding medical device security. Bolton said: “Hospitals have a wide range of IT and medical devices operating on their networks. From MRI scanners and internet-connected medical equipment, to tablets and desktop PCs, these devices pose diverse security challenges to the IT team.

“In our recent survey of healthcare IT professionals, nearly one in five healthcare IT professionals reported that medical devices on the network are currently running on Windows XP – which is no longer supported by Microsoft, thereby introducing potential vulnerabilities – while 7% couldn’t even identify what system their medical devices are running on, meaning that they are unable to patch them. This poses a significant threat to hospital networks, with underlying security flaws leaving them open to cyberattacks.

“To that end, we celebrate that the Department of Health, NHS Digital and Medicines & Healthcare products Regulatory Agency are working to produce guidelines on the steps that healthcare organisations should take - from development to adoption - to ensure that connected medical devices are safe.”

Related

Government's calls for NHS trusts to adopt barcode scanning by 2024

UK government announces £13m fund to digitalise healthcare

SpeedMixer creates development and prototyping possibilities

Active and passive: Safety devices and diabetes care