Lib Dems have been reacting to the cyber-attack, telling the Conservatives that they should have put more resources into preventing this type of crime.
Brian Paddick said:
The Conservatives try to paint themselves as the party of law and order but crime has changed and they have failed to keep up. Instead of investing in the security of the systems that our public services rely on, they have chosen to extend surveillance systems instead.
Rather than giving the NHS the funding it needs to keep its IT up to date, you have a Home Secretary who wants to weaken encryption and waste millions on unnecessary intrusion into people’s privacy. Only the Liberal Democrats will stand up against mass surveillance, for cyber-security and properly fund the NHS.
He demanded an inquiry into why the Conservatives had cut cyber security support:
We need to get to the bottom of why the government thought cyber-attacks were not a risk, when a combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cyber-security.
It is worrying that in Amber Rudd we have a Home Secretary in the digital age more suited to the era of analogue. This is not the first time she has looked lost in cyber-space. The government likes to look tough but this is an example of where it has left Britain defenceless. We demand to be told why.
Health spokesperson Norman Lamb said:
This is a deeply disturbing development with potentially awful consequences for patients.
It shows we urgently need to explore what steps could be taken to better protect vital systems like this from cyber attacks.
From a Scottish perspective, Willie Rennie pointed out that it was a good thing that the Liberal Democrats had stopped the SNP from creating a super database:
The attack on the NHS was completely unprecedented. Scottish ministers need to move fast to assure patients about their data.
SNP ministers also need to reflect how much worse this could have been if they had got their way and centralised everyone’s in Scotland’s data in a super ID database as they had proposed.
If they had pushed on with their mass digitisation then the consequences for all other public services from a hack attack would have been much worse.
It was a close shave. The SNP only cancelled their database plan after two years of campaigning by Liberal Democrats.
The SNP need to fully abandon any future plans for a risky single database.
Follow @libdemvoice.org on Bluesky
Like us on Facebook
Subscribe to our feed
Sign-up for our daily email digest
Back on the campaign trail
1963: London's summer of the Hoverbus
Have resignations led to a rethink?
nigel hunter
Chloe
Abrial Jerram
27 Comments
The cyber attack is a disgrace (and it’s interesting that the Welsh NHS that Labour actually funded properly has not fallen victim).
I know Windows 8 was universally hated by users and IT folk alike, maybe going forward some sort of Linux option is the best way – the use of free software in government has obvious benefits, as well as Linux being a “strong and stable” platform (unlike May). Perhaps this is an area the Liberal Democrats could promote – many European cities and agencies have migrated successfully over to Linux based systems.
People had to be taken out of MRI scanners as the data collection failed. It’s really shocking when you think about it. Can’t help feeling that if some damage doesn’t stick over this then the Government really can get away with anything.
Indeed. Lives are at serious risk. I really don’t know how the Tories will get away with this – but they will.
Did the Lib Dems attempt to do anything within the coalition?
Govt. departments have been failing on this for many years, but the systems were at least receiving Microsoft security upgrades. That the NHS is still using an un-supported operating system (XP), has to be blamed on the current government, but also the tail end of the coalition govt… if it had not put in place a schedule to upgrade the IT systems.
Please do not be too quick to dismiss a central database. A central database is much easier to secure against this type of attack. Spreading important data across workstations creates confusion, unreliability, is not secure, makes information hard to share and is much more expensive to maintain. It is also what made this attack effective. Infected PCs could just have been wiped and restored to a standardised system image and this crisis quickly adverted had there been no important files stored locally on the workstation. Just look at how most businesses do their IT.
Theresa May’s government – Weak, unstable, using outdated technology, vulnerable to criminal enterprise, in cahoots with Mr Trump and his strange Russian friends, at loggerheads with everyone else. And, trying to conceal a certain £60bn “ransomware” demand from the voters they plan to saddle with it!
Lets putting some extra funding for upgrading NHS IT system in addition to the £6bn last week. We might need to update our manifesto to take into account this disaster.
But didn’t our leadership support the spending of £3 billion (estimate) on the NHS ‘reorganisation’?
Has everything gone so badly wrong in just the two years since the coalition?
Certainly, It is a very poor do and should be fertile ground for the Lib Dems. But let’s also be concerned about obsolete medical equipment – like scanners still being used when it is known they miss cancers that more up to date gear could pick up.
Let’s be clear about this whole thing. The exploit was due to a simple buffer overrun in Microsoft’s SMB code – this is “hacker 101” stuff that is really very basic and should not have gotten through Microsoft’s QA for the original code.
Microsoft was advised of this bug in late 2016. They took three months to issue any sort of patch at all – but exploit code (using a same mechanism from a leaked NSA cyber weapon) was publicly available in early February. Every Microsoft Windows system in the world was vulnerable to this exploit throughout the months of February and March 2017.
The exploit was rated a 10 out of 10 (extremely severe) by US CERT – and in the continued absence of a patch from Microsoft, US CERT advised that outbound SMB connections should be blocked. This is a highly technical advisory that most home users would simply not understand but which properly configured anti-virus software should implement.
When the patch was eventually released – at the end of March 2017 – Microsoft chose not to make it available on the old Windows XP platform. There are two points here: firstly, even if you are running a modern Windows OS it may come down to *luck* whether the exploit appears in the interval between Microsoft’s release of the patch and your business’s scheduled patch application. And secondly, is it really acceptable that a vendor simply washes its hands of responsibility for a vulnerability in its EOL product if that bug is rated at the most serious level?
If I was to order the “blame” here i would blame: 1. The hackers. 2. Microsoft. 3. The NSA. 4. The end-users.
It is extremely dubious to try to land the responsibility for this at the feet of Jeremy Hunt or the government.
If you still use Windows XP you can expect nothing but trouble.
Coalition of Chaos – Government IT support
Coalition of Chaos – NHS underfunding
Coalition of Chaos – Education underfunding
Coalition of Chaos – Insufficient Housing
Never mind, concentrate our resource on a hard Brexit, get clear of foreigners and all our problems will be solved.
@David Beckett
Astonishing to see such rubbish as you have written in your last paragraph on a Libdem website.
Foreigners are not the causes of any of the problems you mention. Indeed, we would arguably not have much of an NHS to hack if it were not for foreigner staff. We would also very likely have a larger teacher shortage. Thete is no evidence that foreigners have contributed to the housing shortage, if anything it is foreign building workers who have supported.infrastructure construction and prevented the housing problem from being worse.
We have laws and customs against all sorts of “isms”. Perhaps our political parties need to consider some law against prejudice against foreigners, or at least provide some strong cultural guidance and necessary admonitions.
The systems were highly vulnerable because the government decided in 2015 to stop paying for extended support for Windows XP. Hunt was repeatedly warned of the serious risks this entailed but chose to ignore expert advice. The Tories will get away with this because most people have little or no interest in computer security but is difficult to think of a clearer case of government incompetence.
The spread of this malware was not primarily caused by Windows XP. With a few exceptions, NHS institutions have updated from XP.* In any enterprise environment, there will still be PCs running XP in order to run legacy applications; competent system and network administrators will try to limit the associated risks.
Note that the vast majority of malware infected PCs run Windows versions which are fully supported by Microsoft. The important question is why they have not been patched to close a known critical vulnerability. I suspect that the answers will vary according to NHS institution.
The patch which closed the SMBv1 vulnerability was released several weeks ago. IT managers may claim that the demands of compatibility testing and change management require a slow deployment. I think that the Easter holiday break may have distracted some people. But prompt Windows patching should be a bread and butter matter for IT departments, or perhaps something more significant when the patch is flagged as “critical”.
Given that some NHS bodies were effectively locked out of systems whilst other units were hardly affected, I think we should look at the quality of IT management rather than lack of finance.
*According to one survey, 90% of NHS trusts have PCs running Windows XP. This is totally different from “90% of NHS PCs run Windows XP.” I suspect that 100% of NHS PCs have one or two Windows XP PCs.
I think it’s kind of ironic that the virus ‘Wanna Decryptor’ is described as ‘ransomware’ as we are told it’s purpose is to extract funds from PC users of Windows software. Of course I have no sympathy with there illicit activities whatsoever. However, from what I have read, a large number of victims are PC users who failed to upgrade their PC Windows from XP after Microsoft stopped its support for XP.
In doing this Microsoft, in effect, were ‘forcing’ its users to pay the cost of ongoing upgrades or run the risk of becoming susceptible to attacks. Given the £bn’s profit made by Microsoft each year, I thingk it begs the question “Just who are the real ransomware villains?”
Of course, I wouldn’t expect Microsoft to maintain Windows versions forever but they do seem to be in a very powerful and almost monopolistic position as the cost of migration to alternative platforms would be huge for large organisations as to be non viable.
Perhaps its time that Governments looked after consumers’ interests a little more closely in this area.
The challenges of moving away from Microsoft are exaggerated but as they used to say ” you never get sacked for choosing IBM” ditto for Microsoft. Just another case of management choosing the easy option of doing nothing. They will now be in management mode option two running round pointing fingers, tis ever thus.
Frankie is right when pointing out that they used say “Nobody ever got sacked for choosing IBM.” However MVS was inherently a very secure operating system, likewise VTAM, RACF etc. Indeed I remember IBM had a “black ops” team to test and break MVS so it could be improved continuously.
Sadly MSDOS and onwards into Windows had a totally different approach which was effectively fix on fail, and sadly that is why we are where we are.
@Richard Dean: I think David Becket was being sarcastic in his comments about foreigners. He was suggesting that that was the Government’s attitude, not his own.
@Caron.
Sorry to disagree, I see a rougher world out there. One in which is nowadays a dangerous weapon, two edged. That post was indistinguishable from one from an extreme UKIPper. It needed challenging, because without challenge there will be readers who take it at face value, and readers who will conclude or argue that it’s been agreed, and readers who try to persuade others of that.
If the phrase “LGBTI people” had been used instead of “foreigners”, there’d have been immediate criticism, at least I hope so on a Libdem website.
Perhaps David himself could clarify his meaning?
Richard, If you really think you need to ask David to clarify himself to you, I think you haven’t been reading his other posts
Irony is the most effective antidote to extremism, except when people who should know better use it to make a fuss.
I have a couple of friends who are IT managers – one is a former head of security at a vampire squid investment bank in NY and the other works for a leading UK university –
and their opinion on this is that it is a rather shocking management failure. Un-patched machines running old operating systems, for what ever reason, should always be isolated from the network and inventories of all machines and their status should always be up to date. It seems relevant, to me, that this almost uniquely seems to have affected the NHS in the UK – I haven’t heard anything about universities, schools, civil service, emergency services, etc, being affected. It rather smacks of a culture of institutional disregard for IT security by NHS managers. An inquiry is needed to find out what went wrong here.
As an aside, I did some temping work in an NHS records office in 2004. The patient administration system, responsible for all appointments, was accessed on monochrome dumb terminals that were on all the reception desks – their only function was to access one central database. These were then replaced with PCs that were also connected to the internet. It doesn’t take a genius to work out that the new system was a far greater security threat, yet there really wasn’t any need for the reception staff to require access to the internet or have USB ports – things might have changed since then, but that new system was a huge security risk and was introduced in that manner as a result of laziness.
I’ve noticed the strange lack of investigatory coverage by the Mail, Sun, etc…..
I missed the BBC news Sunday evening..However, I’m certain that Laura Kuenssberg was in full flight and demanding answers from May/Rudd and castigating Jeremy Hunt for doing his usual disappearing trick whenever s*** happens ‘on his watch’….
She didn’t? I can’t believe that…
I’m no fan of Microsoft but was pleased to hear that their CEO has heavily criticised the NSA. This malware is based on a leaked hacking tool developed by the NSA which exploits a vulnerability in windows that had been there for a very long time. If the NSA knew about this, it seems reasonable to assume that GCHQ did too (and probably the Russians, Chinese etc).
Rather than disclosing the vulnerability so that it could be fixed, they prioritised retaining the ability to hack into other peoples computers above allowing their citizens to protect themselves.
That is just crazy and indicates a very warped set of priorities. Our NHS and it’s patients, and many other organisations around the world are paying the price.
@AngrySteve – “It seems relevant, to me, that this almost uniquely seems to have affected the NHS in the UK”
I’m a little surprised your “couple of friends who are IT managers” didn’t disabuse you of this false conclusion; it would seem that they, like so many, get their security ‘advice’ from the UK media (who seem to be of the opinion that this is wholly an NHS issue) and not from Microsoft’s own security advisories and the organisations that monitor security matters.
Just had a meeting this morning with a client organisation who were of the opinion that because they weren’t running XP this didn’t affect them; totally failing to understand that WannaCrypt was simply using an open door that exists in all versions of Windows including Windows 10 (yes the odds are that shiny new PC you purchased this weekend from PC World is vulnerable!)
This door is only closed, if and only if, you have installed the most recent updates from Microsoft. Now many home users will simply have their PC’s set to automatically install updates and will have rebooted their PC’s when asked to do so by the Windows update programme; however, many people either click on the request to be reminded later or have the installation of updates set to manual in both instances I have often come across sites were many systems haven’t actually been updated for several months.
So have you run Windows Update since last Tuesday on all your PC’s and rebooted them to ensure all updates have been installed?
Because until you do, not only is door used by WannaCrypt potentially still open, but also a couple of other hidden doors, which NSA has been sitting on for a number of years, are now in the public domain and available to anyone who knows where to look (Google is your friend!).
Aside: If you have systems running Windows XP or 2003 then do yourself a favour and download the patch from Microsoft:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Otherwise AngrySteve, I agree there has been a failure in IT management; however, I am skeptical an inquiry will dig deep enough, as the roots of the current problems at the NHS and in other government IT go back several decades to a decision made by Thatcher in the late 1980’s to neuter the CCTA…
@Roland – as I said previously, the key point which is not being properly discussed in the media coverage is that this exploit was reported to Microsoft in 2016, exploit code was posted on github on Feb 6th 2017, and Microsoft released a patch on March 17th, 2017.
So for that period of weeks, every Windows machine in the world was susceptible to this attack and no amount of process management would have remediated an exploit.
Further, large organizations often “talk the talk” on system management but frequently fail to “walk the walk” when – for example – app owners argue that they cannot move the OS forward due to compatibility or stability concerns.
I say this not to excuse system managers for failing to keep their systems up to date, but to point out that this incident is mostly “a bullet dodged” by all relevant parties.
“I’m a little surprised your “couple of friends who are IT managers” didn’t disabuse you of this false conclusion; it would seem that they, like so many, get their security ‘advice’ from the UK media”
One of them is the former head of IT security at a large investment bank in New York. I’m pretty sure he didn’t get that position by taking his opinions on these matters from UK media.
“false conclusion”
The NHS is standing out like a sore thumb in this matter. I work in a university – we have thousands of desktop PCs. We haven’t had a problem with this. There are many other large organisations completely unaffected.
“So have you run Windows Update since last Tuesday on all your PC’s and rebooted them to ensure all updates have been installed?”
Yes. On my work desktop, running the standard university image, this was done centrally and remotely by our IT department – as they did for all the thousands of networked machines. On my other machines, I’ve updated them all. I have several dozen terabytes of data backed up on external hard disks that are not connected to a network.
Paul Murray makes a very valid point, but there is no excuse whatsoever for still having unsupported XP machines attached to the internet. The release of the patch from Microsoft would obviously have made no difference there.
@Paul Murray – I noted, but did not reference either your posting or that of Phil Beesley, both of which provided much-needed balance to the near hysteria we’ve seen both in the media and being expressed by many commenters, regarding the state of NHS IT and funding.
However, you also allude to the bigger picture that the media, focusing on the NHS is also failing to communicate: WannaCrypt uses only one of the many exploits (against Windows) contained in the rather large NSA toolkit that was placed into the public domain in 2016 and based on the dates contained in the toolkit, researchers believe was probably stolen in 2014.
Hence we are currently in ‘interesting times’: Microsoft are working to patch the various vulnerabilities the NSA toolkit exploits, yet the scale of the task means that there are vulnerabilities that every Windows machine is susceptible to that Microsoft won’t have patched. Hence why we need to be particularly vigilant, until such time as Microsoft announces that it has addressed all of the publicly disclosed vulnerabilities. So in the coming year, I suspect we will see more bullets being dodged and some more high-profile hits.
I think the importance of IT security is finally beginning to hit home, particularly among those who hold the purse strings.
Finally, the NSA toolkit also contains previously unknown exploits for operating systems other than Windows, such as MacOS and Linux…