Wannacry

Having done my best to ensure that my personal systems are as safe as I can make them, I am preparing a personal response to the #wannacry attack last weekend. Meanwhile, I consider this by John Elliot, a great response on the public policy side, and this by David Thomas, a useful look at the IT Security response where he argues that it’s not just about “Vulnerability Management” and that Technical Debt is not just a funky word to get money for the maintenance budget. Neither of them major on the NHS IT Security failings that made them such a target but David makes the points that the UK & NHS weren’t the only victims with Taiwan, Russia, Ukraine and India all suffering from attacks. This is from Microsoft’s Chief Legal Officer, Brad Smith and is also important, He re-states Microsoft’s commitment to all its customers and calls for better government response including the idea of a digital Geneva convention. The Washington Post describes the discussions inside the NSA and reveals aspects of how they decide whether to release security vulnerabilities or weaponise them. It’s argued that the cyber weapon was like “Fishing with dynamite”, but as ever no public evidence to allow the people that pay for this to evaluate their claims.