THE National Cyber Security Centre (NCSC) has outlined a coordinated plan to boost cyber resilience across the NHS, detailing how government and industry have deepened collaboration over the past 18 months to reduce risk and improve detection.
The plan rests on pillars such as piloting tools through the Active Cyber Defence 2.0 program, strengthening software supply chain security, managing vulnerability disclosures and sharing threat intelligence, improving visibility of the threat surface, and promoting NCSC tools including the Early Warning service, the Cyber Action Toolkit and the Cyber Essentials scheme.
Nicholas W. of the NCSC’s National Resilience Directorate explained that the government’s Software Security Code of Practice is already used in NHS procurement to gauge supplier cyber maturity, while a healthcare partner is being used to prioritise supplier risk with data from incident history, alerts and vulnerability activity and technical indicators.
The NCSC notes how it has helped NHS England, NHS Business Services Authority and NHS Scotland establish internal vulnerability disclosure processes, in addition to its Vulnerability Reporting Service since 2019. The NHS App’s passkeys, External Attack Surface Management and threat hunting workshops are among other ongoing efforts.