There is no doubt that the delays and disruption caused by the NHS computer virus could have been avoided. The government could have used a fraction of the multi-billion security budget to enable hospital trusts to update ageing software. However, instead of being focused on designing out crime as they promised to do, western security services are doing the opposite. The US government and our own, are pressuring companies like Microsoft and others to create ‘backdoors’ which open up our privacy and security to attack if they are leaked.
The people who created the virus are clearly to blame for the current attack on the NHS, but their work is based upon the exploitation of a flaw (they call it an ‘exploit’) in the Microsoft XP Operating system. As the head of Microsoft legal has pointed out “The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.” Those exploits were developed by the NSA as part of their ‘offensive’ capability in the fight against terrorism and rogue states. The NSA discovered the flaw in XP and then created a set of viruses that they could deploy against people they didn’t like. When those exploits leaked out earlier in the year, this virus attack became inevitable.
I am almost computer illiterate, but my work relies upon laptops and phones to be effective. The same goes for millions of businesses and organisations. I want them to be as secure as possible, which is why we shouldn’t vote for governments who want to deliberately create security flaws in that technology that they can exploit for the purposes of snooping on us. Our security services should make it a priority to design out crime, rather than finding ways of potentially designing it in.
The blog from President of Microsoft and head of legal is here