Support 100 years of independent journalism.

  1. Science & Tech
24 July 2017updated 06 Aug 2021 6:06am

Public bodies are vulnerable to hacking – government needs to step up to protect them

The threat of cyber crime is only going to increase as hackers develop more sophisticated methods.

By Oscar Williams

Barely a month passes in 2017 without some kind of IT failure hitting the headlines, but the hacks, leaks and breaches that make the news may represent just the tip of the iceberg.

An investigation by the i newspaper has revealed that public bodies such as hospitals, councils and museums have been breached more than 400 times over the last three years.

The real number may be higher still. More than half of NHS trusts and one in ten councils refused to answer questions put to them by the i’s team of reporters.

The motivations for such attacks are varied. Some hackers want to extort money and steal sensitive data. Others simply want to wreak havoc.

To casual observers, the threat may seem abstract – but cyber crime has a real world impact, a truth thrown into stark relief in May when the NHS faced its biggest hack yet. A gang of cyber criminals since linked to the North Korean government released a virus dubbed WannaCry into the wilds of the internet. It quickly found its way into the poorly protected systems of the NHS, encrypting files as it spread.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

Fortunately, the proliferation of the ransomware, which demands victims pay a fee to have their files released, was stalled when a 22-year-old computer whizz known as Malware Tech found a killswitch that halted its spread.

However, considerable damage was done before the NHS’s IT teams had a chance to stop it. Doctors and nurses were forced to cancel thousands of operations and appointments as techies scrambled to get systems back online.

Content from our partners
How do we secure the hybrid office?
How materials innovation can help achieve net zero and level-up the UK
Fantastic mental well-being strategies and where to find them

Public bodies such as the NHS are far from alone in being targeted by hackers. But the figures revealed by the i indicate that the public sector may be particularly vulnerable to the march of cyber crime. One hospital told the paper WannaCry was the price it paid “for a very long-term under-investment in IT infrastructure”.

It’s a sentiment echoed by the Charted Institute for IT, which concluded in a report last month that the WannaCry strike could have been averted if hospitals had spent more time skilling up staff.

“The [strike] was bound to happen, it was just a matter of when,” said David Evans, the institute’s director of policy. “Whilst doing the best with the limited resources available, it is clear that some hospital IT teams lacked access to trained, registered and accountable cyber-security professionals with the power to assure hospital boards that computer systems were fit for purpose.”

The threat of cyber crime is only going to increase as hackers develop ever more sophisticated methods of attack. The Register, an IT news site, reported last week that experts now fear hackers will create ransomware tailor-made for particular organisations.

Public bodies could become prime targets for such strikes, given the importance of the work they carry out, but too many remain poorly protected.

The creation of the National Cyber Security Centre (NCSC), a spin off from GCHQ, was welcomed by experts last year. But there is only so much the organisation can do to help public bodies without assuming complete control of their systems, an approach that is neither practical nor desirable.

The impetus for change must come from within, but cyber security is expensive. Even with the best will in the world, executives in the public sector are powerless to protect their organisations unless they have the money to do so.

Government needs to ensure NHS trusts and other bodies have the funds to adequately secure their systems. If custom-made ransomware takes off, WannaCry 2.0 could be far more destructive – and it may not have a killswitch. 

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics