NHS held to ransom
While 48 English NHS trusts and 11 Scottish health boards worked to get their computers and networks up and running (NHS reported that all but six were back to normal by Saturday evening), media and spectators begin to learn things about the dark world of malware and cyber attacks that they never expected to be interested in and will probably forget by Tuesday.There are several reasons for many computers across the world becoming unusable on Friday, and probably many more being closed down as a protective measure. We know by now that it wasn't an "attack on the NHS", though the health service seems to have been particularly vulnerable in this country.
Organisations in dozens of countries have hit the problem including, interestingly, Nissan in the UK and Renault in France. These allied companies are reported to have halted production at some plants, though they're not really telling. I'd like to see an account one day of how something random like this hits a cross-border supply and product chain with heavily computerised and integrated production lines.
Colin Lawther, Nissan's Senior Vice President, Manufacturing, Supply Chain Management and Purchasing for Europe told the House of Commons International Trade Committee in February that their plants hold stocks of parts sufficient for only half a day:
“Take Sunderland. We hold about half a day’s stock inside the plant itself, and that’s continuously replenished. Every day we use about 5m parts; 5m have to come into the plant, they have to get fitted to the right car and we build two cars every minute.
“We talk about minutes; we’re talking two, three, four, six minutes’ downtime a day interruption is a disaster.”
That was in the context of a discussion about post-Brexit customs procedures interrupting production. This weekend millions of parts might have been delivered through our open EU borders and not used. Was there somewhere to store them?
What happened?
The creators of malware dream up clunky names for their little bits of code, in this case WanaCrypt0r. If you really want to see how the dirty deed is done, here is one of no doubt many descriptions. Suffice it to say that your data will have been put out of reach using pretty heavy encryption.
At least part of the problem has probably been down to people clicking a link in an unexpected and unrecognised email, seeing something they aren't interested in, and probably moving on without a thought. In that brief time the malware has been copied onto the computer, to copy itself via email and other routes to the user's contacts.
Another facet is the age of the software running on some NHS computers. We hear that 90% of NHS organisations had PCs running Microsoft's Windows XP in December 2016. XP was released in 2001 and general support was withdrawn in April 2014, though Crown Commercial Services, an agency of the UK government, paid £5.48 million to extend that to April 2015. (I bet other large and lazy customers did the same, though the price for any more years would have risen sharply because Microsoft really didn't want to do it.)
90% of NHS organisations? But how many machines? I can't find a definitive number but 5% is quoted more than once, which could still be many thousands. And it's not just these really old ones which are vulnerable. Microsoft issued a fix for the problem on more modern systems two months ago, but some large organisations insist on managing (=delaying) the application of fixes.
Note also that it was reported in March 2013 that more than half of local councils in the UK would still be running Windows XP after it's "end-of-life deadline". You might want to ask how your local authority is doing now.
And now it looks as if the problem is just about over, and it's possible the worst that has happened is that one day's notes have been lost, one day's appointments have been disrupted, and many staff and patients have been frustrated and frightened, though I'm sure we'll hear of a few GPs or dentists here and there who don't have proper backups and have lost more.
Upgrading those last few systems is going to look even more urgent. even with the squeeze on NHS funding. Why might those systems be outstanding? A Twitter contact who has worked in IT integration for several large NHS trusts came up with a few suggestions.
Quite apart from the cost of training and getting used to a very different set of Microsoft office software there are the specialist applications which might be vital to the organisation's operation but no longer supported. The situation in some cases might be similar to banking software - established systems whose innards nobody really understands, and with all sorts of bits tacked on.
But let's take it that we're now down to the last few (and the most complicated or they would have been fixed by now) systems, and hope that the urgency of this weekend's attack will concentrate minds and get the job finished soon.
The nearest to a scandal I could find
People were shouting for Jeremy Hunt to tell us what was going on, but perhaps he was a bit busy. In the event it was Amber Rudd who did the media rounds and convened the COBRA emergency committee. The committee brings different people together for different disasters and would perhaps not have such a stirring name if it met in Cabinet Office Briefing Room B.
One thing Amber Rudd is good at is sounding authoritative on radio and TV. Until you listen to what she's saying. "It is the type of virus that works particularly effectively on systems that are connected" really doesn't help. Systems are connected. That's the point, really. However, let's give her the benefit of the doubt and hope that her stewardship of COBRA was just as a reporting centre for what the professionals were doing.
When figures like"90% of trusts" can easily be heard as "90% of computers" and everybody but the government knows that the NHS is short of money, the best a minister can do is fend off the accusations. Why are we still using such old software? Why hasn't the government made sure we're protected? And Rudd did her best.
In one of the background pieces I found for this post, there's a link to "http://ccs.cabinetoffice.gov.uk/i-am-buyer/categories/ict/special-agreements/custom-support". Special agreements, custom support, looks exactly the thing we need, but it redirects to something much more boring. I wonder when that page redirect was put in place.
There's a very straightforward government question. The coalition bought an extra year of support, but more than a year was required. Yet this weekend's attack comes when the remaining old systems in the NHS (and other government departments?) have gone two years without protection. Did it slip Conservative minds? Is the redirection above just a crude attempt to cover up inaction?
There's a big, international question about the US National Security Agency discovering the weakness in Windows which made this particular attack possible and not telling Microsoft about it.
A few days ago I noted that governments were part of the problem of cybersecurity, b/c they hide info on exploits. Here’s a perfect example. https://t.co/Rat4rEohKa— Michael E. Smith (@ProfMESmith) May 13, 2017
And there's a smaller question about why England and Scotland had this problem but Wales and Northern Ireland apparently didn't.
And labour in wales made the changes and set a national standard and did not have the cyber attack - lessons there peeps! https://t.co/QtUXlarhN3— David Hanson (@DavidHansonMP) May 13, 2017
Campaign snippets
@theJeremyVine here's Paul Nuttall's UKIP battle bus stuck rather ironically in a village called Stickford. Shouldn't laugh... 😂😂😂 pic.twitter.com/euzOSJ8VrW— Lucie Johnson (@MsLucieJohnson) May 13, 2017
Hospital visit essentials in Tory 2017.— Denis Skinner (@BolsoverBeast) May 13, 2017
1: Pyjamas
2: Toothbrush
3: Anti-virus software
We update Trident, but not NHS computers. WHY? pic.twitter.com/MzRjbYbWBp