Do NHS IT chiefs have a definition of what is an acceptable level of security breaches?

This is one of a series on this blog of some of more memorable comments made by witnesses and MPs at an inquiry into the National Programme for IT [NPfIT] by the Health Committee of the House of Commons.

The witnesses at the first hearing on 26 April 2007 were:

– Richard Granger, Director General of IT for the NHS and head of the NPfIT

– Harry Cayton, National Director for Patients and the Public, Department of Health

– Dr Gillian Braunold, a GP and National Clinical Lead for GPs, Connecting for Health.

Martyn Thomas, visiting Professor of Software Engineering, University of Oxford,

Dr Paul Cundy, Chair, General Practitioners’ Joint IT Committee

Andrew Hawker, NHS Patient

A list of who is on the committee is at the end of this article.

At the Health Committee hearing Martyn Thomas said: “One of the things that concerns me about the programme is that there is no definition of what is an acceptable level of security breach.

“You [the committee] heard Mr Granger [Richard Granger, head of the NPfIT] this morning saying clearly that no system would be ultimately secure and, therefore, he accepted that there would be security breaches in his systems; but I have asked him directly whether he has targets for what would be an unacceptable level of security breaches, and he says, ‘No, I have not.’

“That seems to me to be a mistake, because if you do not know how tolerable it is for a security breach to occur, you do not know how much effort you need to put into building systems that are adequately secure to meet your targets because you do not have the target. So what do you do?

“Do you go for perfection, which is certainly going to be unachievable but, in any case, is going to lead you down the path of spending vastly more money than you need to have spent; or do you take whatever level of security comes out of the way that you are going to be building the systems within the budget, which may lead to a level of security breaches that turn out to be unacceptable in practice and cause you to have to take the systems off-line”.

Jim Dowd MP then asked Thomas: “But your conclusion on the inevitability of a breach is not based on any knowledge of the systems and the architecture that BT have employed but really on a reductive process of experience of previous systems?”

Thomas replied: “Absolutely. Nobody outside BT, as far as I am aware, has any insight into the detailed architecture and security policies for the systems they are building. It is confidential.”


LInks: Smartcard sharing

Smartcard scheme makes a nonsense of IT security

Membership of the House of Commons’ Health Committee

Kevin Barron, Labour, Rother Valley – Chairman

Mr David Amess, Conservative, Southend West

Charlotte Atkins, Labour, Staffordshire Moorlands

Mr Ronnie Campbell, Labour, Blyth Valley

Jim Dowd, Labour, Lewisham West

Sandra Gidley, Liberal Democrat, Romsey

Stewart Jackson, Conservative, Peterborough

Dr Doug Naysmith, Labour/Co-operative, Bristol North West

Mike Penning, Conservative, Hemel Hempstead

Dr Howard Stoate, Labour, Dartford

Dr Richard Taylor, Independent, Wyre Forest