We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Cyber with Rosie
Rosie Underwood, Cyber Security Consultant in NHS Digital’s Data Security Centre, talks about her role in strengthening the security of organisations across the NHS in support of Cyber Security Awareness month.
28 October 2020
Hackers have the ability to make people’s lives a misery, especially in the health care sector. They target CT and MRI scanners because they hold personal data and they know how critical they are for diagnosis. They target medical records because they are worth more on the black market than financial records. They target the automation of car parking to prevent ambulances accessing hospitals in an emergency. Data and cyber security is critical for so many reasons.
I moved into cyber security three years ago, bringing project management skills I had developed delivering a variety of NHS Digital transformation programmes. I am now a qualified Cyber Security Consultant and the delivery lead for NHS Secure Boundary, the centrally funded, free-to-use perimeter security solution that helps to block threats as internet traffic moves into or out of NHS networks.
It is a 'one for all, all for one' situation.
NHS Secure Boundary gives local managers the information and tools they need to manage their cyber security risks while also allowing our Data Security Centre to respond to critical threats at a national scale. These threats have been particularly significant during the pandemic, with malicious actors taking advantage of a healthcare system under incredible strain.
Basically, it is a “one for all, all for one” situation. NHS Secure Boundary is all about the whole system working together. The more people join us, the more intelligence we can gather about the threat landscape. Put the other way around, if we don’t get buy-in from local organisations, we won’t get the most out of the system.
We are doing well getting organisations on board: all national gateway traffic is protected and more than 60 NHS trusts and Commissioning Support Units are now live. And we are building a community around NHS Secure Boundary to make sure implementation is as easy and effective as it can be for local organisations.
Monthly briefing webinars and now, best-practice webinars are helping colleagues understand the system and see how they can tailor it to their needs. The turnout has been encouraging, with nearly 100 NHS colleagues joining us for the first session, and we are getting good feedback. If you are an NHS trust or Commissioning Support Unit looking to move on to the platform, sign up, by getting in touch with us at email@example.com
We are also doing are best to link up NHS organisations so they can learn from each other’s experiences. We’ve seen some of our early adopters in in the North sharing network configuration ideas with counterparts in the South to get over technical blockers. That kind of mutual support is what NHS Secure Boundary is all about.
One thing the past few months has done is bring home now more than ever the incredible pressure that local NHS organisations are operating under. There are competing priorities and, in a pandemic, the choices can be really tough. It has been a reality check for us at the national level and we always have to remember the need to balance our requirement to drive forward an incredibly important national programme with a practical understanding of the reality on the ground. Essentially, this is about teamwork – and building a team ethic – not just in my internal team but among NHS organisations.
The heart of our strategy is to embed security into the fabric of everything we do.
My work has also opened my eyes to the massive effort that is taking place at trust level to support the digitisation of the NHS. Although onboarding did slow during the height of the first wave of coronavirus, we are back in a good rhythm with a further 100 plus organisations in the process of onboarding.
Another fascinating part of the role has been sharing the lessons learnt by our delivery and technical teams with partners such as The Scottish Government and NHS Scotland, the Ministry of Defence, the Department of Health and Social Care and the National Cyber Security Centre (NCSC). I have learnt about national security projects I didn’t know existed and people I never thought I would get the chance to work with. We have been able to take lessons from the deployment of NHS Secure Boundary – technical, delivery and communications-related -- to support other national projects such as the Protective Domain Name System being run by the NCSC. Again, it is all about teamwork.
I have just authored the Successor Data and Cyber Security Programme, which sets out the direction of travel for data and cyber security. At the heart of this strategy is the central aim of embedding security into the fabric of everything we do across the health and social care system.
That means continuing to build on and develop our existing services, such as NHS Secure Boundary, and fostering a culture of security that supports cyber awareness and ‘secure by design’ principles across all NHS workplaces.
We have got a quickly changing threat landscape in a system that is operating under pressure. We can’t leave loose ends and we can’t leave people out. We must build an approach that brings together the national and the local and that encompasses people and processes and technology.
At the heart of the DSC strategy is the basic reality that cyber is everybody’s job in the NHS – we are only as strong as our weakest link.
See our film about the NHS Secure Boundary.
Learn more about Cyber Security Awareness month.
Many ransomware attacks are not fully automated but involve individuals gaining access, moving around your system and then deploying malware. Simon Dyson, NHS Digital’s Cyber Security Operations Centre lead, discusses how organisations can make it hard for them.
John Noble, the non-executive director who leads on information and cyber security for the NHS Digital Board, looks at the cyber threat facing the NHS as it deals with the coronavirus (COVID-19) pandemic.