Sunday, 14 May 2017

Week 134, Encryption begins, IT illiteracy continues, bluebell ends


The IT systems failures at the end of last week has handed the Tories a stick to beat the NHS with.  Journalists who should have access to expert analysis found themselves either unable to locate experts, or unable to understand the experts they had located.

It appears that the Tories don't understand the cause of the problems, or if they do they are taking advantage of widespread ignorance to pass the buck.  It is obvious that the journalists don't understand the cause of the problems and are failing to hold the Tories to account.


Summary of events:
  • The Tories cut the NHS budget.
  • Replacement for NHS software systems that only run on Windows XP cannot be funded.
  • Windows XP goes out of general support.
  • The Tories cut funding of Microsoft extended support for NHS Windows XP systems.
  • NHS systems inevitably and predictably get infected with malware due to a security vulnerability of Windows XP.
  • The Tories (specifically Amber Rudd) say the NHS "must learn" from this and upgrade its IT systems.

It was Theresa May who was responsible for cancelling the extended support for Windows XP from Microsoft when she was Home Secretary, a post with responsibility for cyber security.  Support which would have meant patches would have been available for many out of date systems run by the NHS.

Why weren't NHS systems updated to newer versions?  Reasons why that might be are: lack of availability of software; lack of technical staff with the right skills; contracted-out services with no interest in improving systems; complexity of the process.  All of the reasons are directly attributable to the lack of available funding to pay for the process.

I didn't hear a single journalist ask what the reasons were.  I heard one expert mention software applications being unavailable for newer versions of Windows, but the journalist failed to recognise the point being made.


Why hadn't the various NHS trusts upgraded from Windows XP where they could, surely the NHS has an Enterprise Licensing agreement with Microsoft?

In 2010 David Cameron's Tory government cancelled the Enterprise Licensing agreement that the NHS had with Microsoft after deciding that there was no business case or budget to renew it.  The decision to scrap the licensing agreement pushed the burden of software licensing onto individual NHS trusts, these Trusts would have been ill placed to manage such agreements.  

Cancelling an Enterprise Agreement required every single license covered by that agreement to be recalculated - every computer desktop, every application, every desktop which connects to a server, all of this involves interpreting individual license types of Byzantine complexity for each use case type.  The cost of recalculating the licensing will have cost the NHS a fortune, and mistakes would have been made, and during this process Microsoft also targeted NHS Trusts with audits.  Individual license agreements made by the NHS Trusts with Microsoft would have been in totality more expensive than the original Enterprise Agreement covering the entire NHS, before the additional cost of managing the agreements.


When Amber Rudd says that the NHS "must learn" from this and upgrade IT systems she is demonstrating her ignorance and being disingenuous.  And to suggest that the NHS hasn't learned from this is outrageous when they have raised the issue of risk repeatedly.  It is clear to see from this however that the Tories have successfully managed to pass the buck for a massive cock up which should lie squarely at their door and instead have blamed the victims.




For official/internal use only:
6677
0-9

No comments:

Post a Comment