Comments by Stephan Engberg on CfH's Security and Confidentiality FAQs (20 Dec 2006)

From Nhs It Info

(The CfH's Security and Confidentiality FAQs are at:

This is what I call a Single Point of Trust Failure system, where you have massive concentration of risk and no inherent security except perimeter security. Since perimeter security must be considered void for anything but totally isolated systems, this is a ticking "trust bomb".

There are in fact many potential attack points:

  • The biggest threat is of course the central authorities, who will not be able to keep their hands off this data. They can demand anything, finding a wide range of excuses for their actions, and at the same time can easily ensure that the logs are overridden.
  • There will be rapidly growing function creep that also escalates the security risks exponentially.
  • Of course the direct attack route is through the (assumed perfect) security.
  • They will not be able to protect legitimate users from Identity Theft.
  • There will be a large number of people with backdoor-access to the database management system.
  • There will be a large number of systems with access to this data. These systems will be leaky.

In fact the purpose of this "security" system is more legitimisation and centralisation, with dis-empowerment as a (possibly intended) side effect, than security of patients, as that would involve active identity management and especially empowerment.

Because they have organised the system with insufficient security, they will not be able to share data for value-creating purposes, such as outsourcing, privatisation, etc., without escalating the security risks. As such they will face an inescapable choice between value creation and security erosion. - this is a lose-lose situation.

My advice is clear:

  • Assume the central servers are already hacked, cracked and taken over by a criminal gang. And then redesign accordingly.
  • Move control away from the centre and ensure damage control on all levels.
  • Don't create the security risks in the first place.
Stephan Engberg is founder of Priway, which focusses on solving the fast 
growing security and privacy problems, based on experience in Customer 
Relationship Management and eBusiness strategies and technologies. He is 
member of the Strategic Advisory Board of EU's ICT Security & 
Dependability Task Force, and the International Advisory Board of 
Privacy International - a London based international NGO. He participated
as a member of the EU's Network of Excellence in Privacy and Identity
Management. He is a member of the Board for the Danish Chapter of ISOC
(the Internet SOCiety), and lectures and gives seminars in Security, 
Privacy and scalable eLoyalty at various graduate level courses at
Copenhagen Business School, and the Danish IT-University.
Personal tools