NHS Digital to build a new cybersecurity centre

  • 1 August 2017
NHS Digital to build a new cybersecurity centre

NHS Digital is looking for a supplier to build a new cybersecurity centre.

Announced 26 July in a “request for information”, the national agency wants to develop its security capabilities, with a national security operations centre that provides centralised cybersecurity services.

The creation of this new centre was announced in NHS Digital’s Fit for 2020 document, published last month.

The notice said that the centre does not intend to replace CareCERT and the NHS Digital’s data security centre, but rather “build on and enhance” it.

The supplier will have to provide greater cybersecurity capability, better responses and increased analytics power.

The centre will deliver threat intelligence, vulnerability management, protective monitoring and security incident management.

“[the centre] will bring together disparate security functions and will allow standardisation of processes and technology within a single unified security operating model”.

The areas covered in the notice include the health and social care network (HSCN) and NHSmail.

The move comes as the government has prioritised spending money on cybersecurity, with an additional £21 million of capital funds investment to strengthen cyber-protection, initially given to trauma sites.

NHS Digital has recently come under criticism from an internal review which found the organisation to be relying on out of date technology, has skill shortages in multiple areas and its data services are operating below expectations.

Its Capability Review said that there were skill shortages in areas that included cybersecurity.

In its response, Fit for 2020, the organisation said it will address the findings through establishing a National Security Operations Centre for cybersecurity, implementing a business intelligence tool to access data and transforming its website.

NHS Digital said responses to the advert will be followed up at an upcoming industry event after 14 August.

NHS Digital wants to find a supplier, before the end of existing contacts on 31 March 2018.

Deadline for the submissions is 9 August.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.

9 Comments

  • The most important skill for the people in the cybersecurity unit should be the ability to SELL their wares to clinicians, managers, nurses, receptionists and clerks.

    This means speaking plain English, (not Craig-speak), to explain to the non-geeks:
    (a) that security is important,
    (b) that fear of insecurity is not an excuse for saying no to new
    technology.

    Just dreaming up security ‘solutions” is not enough.

    • Absolutely right, start with the why. Why does it matter to me? Why is it important? Why is it important to my patients.

      I’m always clear when I’m asked to speak. We need to simplify our language, focus on the affect on patient care and trust and leave technical language at the door.

      Data Security Centre was highlighted in the fit for 2020 report for the work it’s done and it’s foundational capability. It was clear though that there was more to be done and this has been in the planning for the last year. It’s not knee jerk after the review or wannacry. That doesn’t mean we haven’t learned form both of these and they have influenced the requirements.

  • We need to do two things; increase the proactive and reactive monitoring as well as preparedness to cyber attack within NHSD. While also doing the same within the NHS, supporting local organisations to make local decisions that are better informed and in near real time. We can’t be all things to all people, but what we can do is try to provide health and care with as much information to increase their information security, providing them with mitigation, remediation and guidance.

    If we can do that we’re half way there…

    • Suerly it’s meant to be a spoof – it can’t be for real can it? Oh dear.

  • Craig manages to smash buzzword bingo in one easy round.

    • Glad to hear there’s someone who professes to “Love Craig”. In all seriousness, though, this is meant to be an informed audience, able to understand primary terminology. I’m sure a different elevator pitch would be made if targeting newbies. Perhaps ‘I love Craig’ can outline what he/she did not understand?

      • All you’ve achieved, my love, is a stream of vacuous cliché’s without presenting any benefit. It’s surely a singular skill. There is nothing you’ve posted of any particular depth so, while I appreciate your concern, I managed to rede it reli gud.

  • What is necessary are both OFFENSIVE and DEFENSIVE teams, working towards the goals and policies of the overall strategy, i.e. maximising CIA and delivering maximum patient/customer satisfaction. A clear temperature check of AS IS versus TO BE needs to be taken and a SMART milestone phased journey planned-out in order to grow the NHS cyber security maturity and overall capability in a sustainable and measurable way. There is no excuse in this day and age for inadequate cloud-based analytics dashboards offering drill-down detail into KPIs, service restoration path and route cause analysis at scale.

  • from my understanding the NHS Cyber intelligence only have ‘advisory’ powers. The NHS like so many other businesses and institutions want security as a badge or on the cheap.
    Wannacry showed how little investment and poor working practices can lead.
    Good luck tothe guys in this new Dept but without buy in at the top they will be in the same place .

Comments are closed.