Evolving NHS Cyber Security ICS Landscape

Author: Shaun van Niekerk

Integrated Care Systems Priorities

1. ICS Strategy - Lighthouse Projects

2. Compliance/Board Assurance

3. Service Availability/DR

4. Patient Safety

5. Cyber Essentials Plus/DSP Toolkit Maturity

6. Training

7. Continual Service Improvement

Integrated Care Systems New Focus Areas

A. Medical Devices

B. Operational Technology

C. IoT

Defence in Depth - DID

Defense in Depth is a strategy using multiple security measures to protect the integrity of information. This way of thinking is used to cover all angles of business security - intentionally being redundant when necessary. If one line of defense is compromised, additional layers of defense are in place to ensure that threats don’t slip through the cracks. This method addresses the security vulnerabilities that inevitably exist in technology, personnel, and operations within a network.

As cyberthreats continue to evolve and tactics become more malicious and automated, Defense in Depth provides a solid, comprehensive approach to modern security for IT professionals.

Cloud Security

Cloud security is the whole bundle of technology, protocols, and best practices that protect cloud computing environments, applications running in the cloud, and data held in the cloud. Securing cloud services begins with understanding what exactly is being secured, as well as, the system aspects that must be managed.

As an overview, backend development against security vulnerabilities is largely within the hands of cloud service providers. Aside from choosing a security-conscious provider, clients must focus mostly on proper service configuration and safe use habits. Additionally, clients should be sure that any end-user hardware and networks are properly secured

Physical Security

Physical security is an important consideration when protecting against a range of threats and vulnerabilities, including terrorism.

When planning the introduction of any physical security measures, it’s imperative both safety and emergency responses are considered.

Effective physical security of a crowded place is best achieved by multi-layering a variety of measures. This is what is commonly referred to as ‘defence-in-depth’. The concept is based on the principle that should one line of defence be compromised, the additional layers and measures in place would ensure the threat didn’t slip through.

Perimeter Security

The network perimeter is the boundary between an organization's secured internal network and the Internet — or any other uncontrolled external network. In other words, the network perimeter is the edge of what an organization has control over.

Suppose an office has an internal network to which a rack of servers, several dozen employee desktop computers, a few printers, and networking equipment such as routers and switches are connected. If an employee brings their personal laptop into the office, the laptop is outside the network perimeter — unless they are able to connect it to the network.

Network Security

Network security is a broad term that covers a multitude of technologies, devices and processes. In its simplest term, it is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies.

Host Security

Host security refers to a category of security tools which are deployed at the host level. Installing updates and deploying a HIDS, a tool used to monitor traffic to and from the computer in which it is deployed, are examples of host-based security tools

EndPoint Security

Endpoint security is the practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats. Endpoint security has evolved from traditional antivirus software to providing comprehensive protection from sophisticated malware and evolving zero-day threats.

Organizations of all sizes are at risk from nation-states, hacktivists, organized crime, and malicious and accidental insider threats. Endpoint security is often seen as cybersecurity's frontline, and represents one of the first places organizations look to secure their enterprise networks.

As the volume and sophistication of cybersecurity threats have steadily grown, so has the need for more advanced endpoint security solutions. Today’s endpoint protection systems are designed to quickly detect, analyze, block, and contain attacks in progress. To do this, they need to collaborate with each other and with other security technologies to give administrators visibility into advanced threats to speed detection and remediation response times.

Application Security

Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.

SIEM

Security information and event management is a field within the field of computer security, where software products and services combine security information management and security event management. They provide real-time analysis of security alerts generated by applications and network hardware.

SOC

A security operations center (SOC), also called an information security operations center (ISOC), is a centralized location where an information security team monitors, detects, analyzes and responds to cybersecurity incidents, typically on a 24/7/365 basis.

SOAR

SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.

Zero Trust

Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.

Source: https://www.linkedin.com/posts/shaun-van-niekerk-cissp-19144b45_nhs-ciso-healthcare-activity-6864200863527788544-9rZi/