Improving cyber security
Patients, service users and staff have a right to expect that information about them is held securely. Protecting information held on computers is called cyber security.
Patients, service users and staff have a right to expect that information about them is held securely. HSCN customers have a duty under the law to protect information. Increasingly, information is at risk from malicious activity, such as hacking and computer viruses (often called malware). Protecting information held on computers is called cyber security.
HSCN will feature comprehensive security monitoring and analysis functionality, providing a central capability to detect irregular traffic volumes or flows, in near real time. HSCN consumers will benefit from this capability as potential problems can be detected and resolved promptly.
Whilst these capabilities undoubtedly enhance network security, like N3 previously, HSCN should not be considered a 'secure' network. All connected organisations must risk assess their use of the HSCN, and employ their own security controls to protect any data for which they are responsible. The HSCN will not automatically encrypt any data, or guarantee the security of data or communications by default.
So like N3 or the internet, HSCN is not suitable to exchange patient or sensitive data without additional security safeguards. Where patient or sensitive data needs to be exchanged it must be encrypted in transit. National applications like NHSmail and Spine do this by encrypting the communication between the application and end user device.
HSCN will improve the cyber capabilities of the network in a number of ways:
Improved internet capacity
In HSCN, instead of having a single connection to the internet via the Transition Network, organisations will connect via one of a number of HSCN Consumer Network Service Providers (CN-SPs) who all provide internet connectivity. As a result they will be able to obtain faster and cheaper internet connectivity via their CN-SP and avoid the need to obtain additional local internet connectivity that is less secure or less monitored.
Improved protection via the Advanced Network Monitoring (ANM) service
- The HSCN Advanced Network Monitoring (ANM) service inspects all Internet traffic from CN-SPs and instantly blocks any known malicious content.
- The service also includes a new advanced threat detection capability designed to identify brand new or 'zero day exploits'. It operates as a cloud based service meaning all CN-SPs benefit from the same high level of high performance protection.
Improved protection and resolution via Network Analytics Service (NAS)
- The HSCN Network Analytics Service (NAS) is a new service that monitors the heartbeat of HSCN and identifies any new or anomalous behaviour on any part of HSCN.
- It takes real-time feeds from HSCN connections, the ANM service and the Domain Naming Servers (DNS), proactively looking for anomalous behaviour. Any anomalous behaviour is alerted to the NHS Digital cyber security team who can investigate further.
- NAS was specifically designed to counter the rising threat from encrypted traffic. It focuses on the source, destination and type of traffic, instead of relying on being able to read the content of the traffic. The NAS service will also benefit from early warning information from sources such as National Cyber Security Centre (NCSC).
Improved Protection via the HSCN DNS
The HSCN DNS will interface with the DNS being provided by the NCSC, which will block bad websites in real-time, preventing people going to them in the first place.
NHS Digital CareCERT
- NHS Digital's CareCERT will contact HSCN customers about malicious activity and malware that HSCN identifies. The aim is to help resolve the cyber security incidents and where needed help the HSCN customer to prevent further incidents.
- These measures will provide some security against malware and other malicious content. This will help to secure data, but they are not substitutes for good cyber security practices at HSCN customers. The UK's NCSC and CareCERT will provide quality and accessible information about cyber good practice to HSCN customers. This will help reduce the likelihood of a cyber incident affecting HSCN customers in a way that is right for the individual HSCN customer. It will be an important part in helping everyone meet the patient, service user and staff expectation that information about them is safe.