The two chairs of the largest independent communities of NHS digital leaders will launch the ‘NHS Cyber Security Batsignal’, a new peer-to-peer cyber security warning alerting system, at the first Public Cyber Security conference next month.
The new community-developed incident and alerting service is designed to provide immediate alerts of future cyber security incidents and enable sharing of information on how to respond, ensuring digital leaders across the NHS can remain in contact even if official channels are out of action.
The new ‘Batsignal’ has been developed by the Chief Clinical Information Officer and Health CIO Networks, the grass roots-based leadership communities of over 1,800 local NHS digital leaders, with representation from all NHS trusts, convened by Digital Health.
A key lesson from May’s WannaCry crisis was that community-based peer-to-peer channels proved extremely effective at time-critical alerting, particularly as the attack was unfolding and official NHS communication channels and email were suspended.
On 12 May, the day WannaCry hit, many members of the CCIO and Health CIO Networks warned each other of the unfolding crisis as it hit and shared information on how to respond through their online community, hours before official communications were issued.
An ‘After Action Review’ chaired by Dr Joe McDonald, CCIO at Northumberland, Tyne and Wear NHS Foundation Trust and chair of the CCIO Network, identified a need for a simple peer-to-peer alerting system. The vital importance of social networks in enabling communications to continue when NHS email systems were being suspended was also highlighted in the recent NAO review on WannaCry.
Based on this experience the Health CIO and CCIO Networks have since developed the new ‘NHS Cyber Security Batsignal’, designed to enable NHS IT leaders to very quickly issue and share cyber security alerts that will trigger dual email and text alerts for registered users.
“The Batsignal project means that the CCIO and CIO networks have 1,800 pairs of highly-trained eyes on watch for the next WannaCry at all times and the means to give early warning to members who have signed up to receive text alerts,” said McDonald.
“Discourse [the online collaboration platform used by the Networks] already proved its worth on the 12th of May and the added functionality makes membership of the network even more valuable than before.”
Adrian Byrne, CIO at University Hospital Southampton NHS Foundation Trust and chair of the Health CIO network, added: “We know there is a need to rapidly communicate some information and are keen not to introduce too many channels. The Discourse platform is an ideal base as all parties already use it.
“We will not require Commissioner Gordon’s team to put out the alert, and will instead be relying on responsible members to recognise significant events and notify others. We are confident this will be a useful addition to the communications armoury.”
The prototype of the new peer-to-peer cyber security alerting service, developed by network members supported by Digital Health, will be publicly launched at Public Cyber Security, a new one day conference being held on Thursday 7 December 2017 at the ICC Birmingham.
Dr Marcus Baw, the project lead, said: “The Batsignal simply builds on the community’s own Discourse collaboration platform, which proved itself invaluable on 12 May. It extends it with SMS-alerting capability; SMS being a strong fallback technology in the case of cyber incident-related N3 network and email outages, which might otherwise prevent the alert from being received by NHS IT leaders.”
Jon Hoeksma, chief executive of Digital Health, said: “We saw during WannaCry that that the ability of the Networks to warn and support each other in real-time was hugely important. The new ‘Batsignal’ is a grass-roots initiative designed to make that same peer support available in future incidents to all NHS digital leaders that want it.”
All members of the CCIO and Health CIO Networks, which include representatives from every NHS trust in England, will be given the opportunity to register for the Batsignal. This will be offered first to members attending PCS, who will be invited to register for the alert service launch.
Once registered, they will be able to trigger and receive future alerts, which will be sent by email, on the Discourse community platform and by text alerts to their mobile.
The initial threshold for a member of the network to trigger the ‘Batsignal’ is: ‘The detection of an infected computer where the threat is likely to propagate to other NHS organisations’.
The new community-based alerting system is being developed to complement official CareCert alerting and notification services.
Attendees at Public Cyber Security who want to take part in the demonstration should first register for the conference – which is free to attend for public sector information security, IT and IG professionals – and then email their mobile telephone number to firstname.lastname@example.org.