Coronavirus UK: GCHQ says NHS targeted by cyber attacks

by

The NHS is being targeted by a campaign of cyber attacks since the coronavirus outbreak, the director of GCHQ has said.

Jeremy Fleming said that GCHQ’s cybersecurity arm, the National Cyber Security Centre (NCSC), had been supporting the health sector after it had been targeted by hackers.

He told the Cheltenham Science Festival there were clear efforts being made to access sensitive data linked to Britain’s response to the pandemic, such as vaccine research. 

‘The reality is that we are seeing attacks on the health infrastructure,’ he said.

Jeremy Fleming said that GCHQ’s cybersecurity arm, the National Cyber Security Centre (NCSC), had been supporting the health sector after it had been targeted by hackers

Drugs to treat Covid-19 are ‘essential’ because a vaccine will take YEARS, expert warns 

Drugs that treat coronavirus are ‘essential’ to getting a grip on the pandemic because a vaccine will take years to roll out, a top expert has warned. 

Dr Nick Cammack, head of the Wellcome Trust’s Covid-19 Therapeutic Accelerator project into promising therapies, urged caution to those pinning their hopes on a jab being mass-produced this year.

He said it would take several years to scale up manufacturing capacity, even if a vaccine is developed and proven safe in 2020. 

Dr Cammack emphasised the importance of an effective treatment for potential second and third waves of the epidemic in winter, after countries come out of lockdown and air travel restarts. 

His comments come after hopes for a vaccine were ramped up in recent weeks following promises by several pharmaceutical giants to deliver jabs by autumn.

British firm AstraZeneca said it fully expected to have millions of doses of its AZD1222 vaccine, being developed by Oxford University, ready by September.

Brentford-based GlaxoSmithKline and US drugs giants Johnson and Johnson and Pfizer also unveiled plans to roll out their jabs later this year.

But Dr Cammack described it as an ‘extraordinary undertaking’ and said most people will not get their hands on a vaccine for ‘several years’.

‘We do know that, whether it’s states or criminals, they are going after things which are sensitive to us in this regard.

‘So, it’s a high priority for us to protect the health sector, protect, particularly, the race to acquire a vaccine, and there has been quite a lot of publicity around all of that.

‘They’re not using particularly different techniques to do it, they’re still looking for pretty basic vulnerabilities in our cybersecurity, they’ll still try and use lures to get people to click on the wrong thing, or will look for vulnerabilities where people aren’t backing up properly, or where they’ve got basic passwords and so on.

‘There is a lot of low-hanging fruit, still, in cybersecurity.

‘If we all did some of these basic things, then even quite sophisticated state actors would find it hard to come after us.’

The attacks were no more sophisticated than previous hacking attempts, Mr Fleming said, but he warned that criminals had seen Covid-19 as an ‘opportunity’, using fear around the pandemic to scare or trick people in sharing personal information.

‘We’ve been helping government and helping policing and the National Crime Agency in particular, cope with some of the spikes we’ve seen in serious and organised crime. As it is the case that hostile states can seek to do us harm, cybercriminals have spotted the opportunity from the pandemic,’ he said.

‘We’ve seen them using Covid-related tactics as lures to try and defraud people, to mount their forms of criminality and cause people harm.’

Mr Fleming revealed that GCHQ had ‘moved in’ to support the healthcare industry early in the pandemic for multiple reasons, including also offering cybersecurity support for the NHS’ contact-tracing app, which remains in development.

‘We lent in to advise and help around the creation of the NHS app around COVID, and that’s to make sure that all of our information is as secure as possible, and that the architecture behind the system is really cutting- edge and is protecting the things that we need to do, so that the decisions taken from it are as effective as possible,’ he said.

Mr Fleming revealed that GCHQ had 'moved in' to support the healthcare industry early in the pandemic for multiple reasons, including also offering cybersecurity support for the NHS' contact-tracing app, which remains in development (pictured: GCHQ headquarters)

Mr Fleming revealed that GCHQ had ‘moved in’ to support the healthcare industry early in the pandemic for multiple reasons, including also offering cybersecurity support for the NHS’ contact-tracing app, which remains in development (pictured: GCHQ headquarters)

Mr Fleming warned that criminals had seen Covid-19 as an 'opportunity', using fear around the pandemic to scare or trick people in sharing personal information (stock image)

Mr Fleming warned that criminals had seen Covid-19 as an ‘opportunity’, using fear around the pandemic to scare or trick people in sharing personal information (stock image)

GCHQ – A century of protecting Britain 

1919: GCHQ is formed under the original name of the Government Code & Cypher School (GC&CS) after a merger between Room 40 (naval intelligence) and MI1(b) (military intelligence). Its first home was in London at Watergate House.

1926: GC&CS buys its first Enigma machine.

1939: GC&CS is given the cover name GCHQ to better disguise its secret work when it moved to its wartime home at Bletchley Park.

1946: The UKUSA agreement was signed and became the ‘cornerstone’ of the Five Eyes partnership in which the UK, Australia, New Zealand, the US and Canada now share intelligence.

– GCHQ moves to Eastcote, in Greater London.

1950: GCHQ moves to Cheltenham (completed 1954).

1983: GCHQ is avowed – publicly acknowledged – in Parliament for the first time.

1984: Trade unions are banned at GCHQ.

1994: The Intelligence Services Act puts new legal duties on GCHQ.

1997: Trade Union ban lifted for GCHQ workers.

2016: Investigatory Powers Act is brought in to provide oversight of the intelligence agencies.

2019: GCHQ’s office in Manchester set to open.

– November 1: GCHQ turns 100.

Questions have previously been raised about the security of the app, but Mr Fleming said: ‘Privacy, security, data protection has been absolutely at the heart of our approach’ to its development.

‘It has been built in as a fundamental principle, the way in which the app operates, the way in which, with the user’s authority, it shares data so that clinical decisions can be taken, the way in which, long term, the interests of every individual in this country who downloads the app and the data that they provide is treated long term has been treated so seriously from the off, that I would like to provide significant reassurance on that.

‘I think it’s also equally important that we continue to be as transparent as we can be about that as a nation,’ he added.

Asked about the increase in time people are spending with digital devices during lockdown, the GCHQ director said it was right to embrace technology, but the public needed to remember good cybersecurity practice in order to stay safe.

‘The reality is, you can do most things from home, for most people, you don’t need to worry about it very much.

‘But you do have to make sure that some pretty basic cyber hygiene disciplines are in place to protect your information,’ he said.

‘Then, you can fill your boots with everything that this technology can bring.

‘It really is enabling, and our message in GCHQ and from the NCSC is that these technologies are here to enable us, they’re brilliant at doing that, so let’s do it, but let’s try and do that as safely as we can.’