Tech
NCSC: No increase in cyber threat from Iran, but be prepared | Computer Weekly
In the wake of a major series of new US and Israel-led attacks on Iran and subsequent retaliatory strikes on Gulf states including Bahrain, Kuwait and the UAE, the UK’s National Cyber Security Centre (NCSC) has reassured British organisations that there is likely no significant change in the direct cyber threat posed by Iranian actors.
But that despite the attacks, Iranian state threat actors likely retain some ability to conduct cyber attacks, and more widely, there is a risk of collateral impacts – such as distributed denial of service (DDoS) attacks – originating from hacktivist groups sympathetic to Iran.
And, as the spreading conflict threatens to draw in the UK, the GCHQ-backed cyber agency said it this assessment was subject to change at short notice, and there was almost certainly a heightened risk of indirect cyber threat for any UK organisations with a presence in the Middle East.
“In light of rapidly evolving events in the Middle East, it is critical that all UK organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions,” said NCSC director for national resilience, Jonathon Ellison.
“Today, the National Cyber Security Centre has published an alert outlining the current cyber threat to the UK and the practical steps organisations should take in response.
“This includes engaging with our guidance to reduce the likelihood of falling victim to an attack where the cyber risk is heightened, and how critical national infrastructure organisations can prepare for and respond to severe cyber threats.
“Organisations are strongly encouraged to act now, following the recommended actions to prioritise and strengthen their cyber security posture,” said Ellison.
Global conflict
Although no European states have taken part in the initial strikes, Dennis Calderone, principal and chief technology officer (CTO) at Suzu Labs, said that European organisations still needed to pay attention.
“Iran’s cyber operations don’t stop at US borders, and the proxy groups operating on Iran’s behalf are even less predictable in their targeting,” said Calderone. “When the motivation is retaliation and the conventional military is gone, cyber operators cast a wide net.
“Since it appears that conventional military options are looking increasingly to be off the table, cyber is what Iran has left,” he added.
“And even with their own internet down, pre-positioned implants and operators based outside Iran can still execute. If you’re in energy, water, financial services, or defense, assume you’re a target. Start hunting for anomalous access in your environment now. Don’t wait for something to break.”
James Turgal, vice president of global cyber risk and board relations at Optiv, said that over the next 30 days or so, there will likely be a surge of cyber activity linked to Iran, including website defacements, DDoS attacks, doxxing and leaks, and disruptive intrusions designed to create symbolic impact and public fear. This will likely include influence operations.
Threat actors will likely opportunistically exploit vulnerabilities in unpatched, internet-facing systems, and take advantage of other cyber weaknesses, such as exposed VPNs, and badly-secured operational technology (OT) or industrial control systems (ICS).
Within 72 hours, at-risk organisations should move to lock down internet-facing exposures, verify they are patched and up-to-date, have removed or limited unnecessary remote admin surfaces, rotated any exposed credentials, and validated multifactor authentication on any remote devices, said Turgal. CNI operators should also review their OT and ICS segmentation and monitoring.
More widely, security leaders should take steps to protect user identities against potential intrusion, and ensure their infrastructure is hardened against DDoS attacks.
Blended threat
Halcyon’s Cynthia Kaiser – who was previously deputy assistant director of the FBI’s cyber division, said she was already seeing increased activity in the Middle East, and calls to action from hacktivists, DDoS botnet operators, and ransomware gangs.
“Iran has a long track record of using cyber operations to retaliate against perceived political slights…. Tehran’s cyber playbook has been aggressive and evolving,” she said.
“Increasingly, ransomware is incorporated into these escalating operations. Last year, an Iranian national pleaded guilty to ransomware attacks that crippled Baltimore and other US municipalities, causing tens of millions in damages. Since at least 2017, Iranian operators have targeted US critical infrastructure … with ransomware campaigns that blur the line between criminal extortion and state-sponsored sabotage.”
In practice, Kaiser explained, Iranian cyber ops blend state sponsorship, personal profiteering, and outright criminal behaviour. For example, she said, financially-motivated hackers may attempt to monetise access gained through government-funded campaigns.
Like Moscow, she added, Tehran turns a blind – or at least indifferent – eye to criminal cyber ops against shared enemies such as the US, Israel and their regional allies.
“Having access to cyber criminals gives the government options. As Iran considers its response to US and Israeli military actions, it is likely to activate any of these cyber actors if it believes their operations can deliver a meaningful retaliatory impact,” said Kaiser.
HOKA’s max-stacked Rocket X Trail combines road race shoe energy with boosted grip from a 3-mm lugged outsole. If you’re looking for a fast shoe to go on the attack, this is it. It’s also fantastic for all round comfort. In testing, I laced up the Rocket X Trail and ran 3 hours (just short of 19 miles) fresh out of the box, across roads, forest gravel trails, some grass and through some serious water. It delivered efficiency and energy whether I was moving at marathon pace or with heavier, tired, ragged footfalls in the latter miles.
The rockered, supercritical midsole uses HOKA’s liveliest foam, similar to those you find in its race-ready road shoes, along with a carbon plate. That combines for a really fun ride that’s smooth, springy and fast and really consistent. It’s also highly cushioned, so you will sacrifice a lot of ground feel for that big stack springy softness. It’s also less stable over very lumpy terrain. But on open, flat, runnable mixed terrain, it’s excellent.
The lightweight uppers have a race-shoe-ready feel and after running through ankle-deep flooded sections, they shed water really quickly. This is a pricey road-to-trail shoe, it’s versatile and there’s plenty of winter road potential, too.
| Specs | |
|---|---|
| Weight | 9.45 oz |
| Heel-to-toe drop | 6 mm |
| Lug depth | 3 mm |
It’s always pleasing to see an array of physical buttons, and you get sizable ones too. You’re not going to miss these wide flat ones even when picking the pace up. The silicone strap has a nice stretch to it and while the button clasp is a bit awkward to get into place, this watch does not budge.
Suunto has jumped on the flashlight trend, with an LED light strip sat on the front of the case. You can adjust brightness levels and there’s SOS and alert modes to emit a very noticeable pulsating light pattern. This is a light I found useful rooting around indoors as well as on nighttime outings.
The biggest change is the introduction of a 1.5-inch, 466 x 466 AMOLED display. This replaces the dull, albeit very visible, memory-in-pixel (MIP) display. Suunto also ditched the solar charging that did require spending a significant amount of time outside to reap its battery benefits.
Adding AMOLED screens to outdoor watches has been contentious. The older MIP displays are just more power-efficient. The Vertical 2 is down by about 10 days from the older Vertical for what Suunto calls daily use.
Still, even if you’re putting its tracking and mapping features to use, you’re not going to be reaching for the charger every few days. After two hours of tracking in optimal GPS mode, the battery only dropped by 2 to 3 percent. The battery drop outside of tracking is also small and the standby performance is excellent as well.
Software Updates
Photograph: Michael Sawh
A more streamlined set of smartwatch features helps reserve battery for when it really matters. Unfortunately, I probably got better battery life because you don’t get phone notifications or responses if it’s paired to an iPhone instead of an Android. There’s also no onboard music player, but you do get a pretty slick set of music playback controls that are accessible during tracking.
Every NHS trust in England needs an electronic patient record (EPR) system in place by March 2026, as part of a government push to digitise the healthcare system.
In many ways, this is long overdue: some trusts have still been using pen-and-paper record-keeping until very recently.
EPRs have the potential to massively improve efficiency in the NHS. If working properly, they allow doctors to keep all of their records in one place, speed up prescribing and diagnostics, and make it easier for patients to access their own health information.
But these roll-outs have not been without problems. Concerns have been raised about how far these benefits can actually be realised. Some NHS trusts have experienced issues with integrating new systems and training staff on how to use them.
In the extreme, there have been reports of EPRs creating new problems for hospitals, with evidence suggesting these systems may have contributed to serious harm and even deaths among patients.
NHS trusts have been put in charge of procuring their own EPRs, meaning there are numerous different technology companies involved. Some providers of these systems are large US firms. This includes Oracle Health, provided by the Larry Ellison-led tech giant, and Epic, a tech firm based in Wisconsin.
Contracts can run into nine figures: Guy’s and St Thomas’, a trust in South London, launched a £450m system from Epic in late 2023. Some parts of the NHS have been using them for more than a decade, but a handful are still set to miss the government’s March deadline.
Data access
Pritesh Mistry is a fellow at the King’s Fund, where he researches the impact of digital transformation in the NHS. He says it has had “both positive and negative impacts”.
“In the last few years, we’ve seen doubling down on the focus around digital records,” says Mistry. These are now in place in more than 90% of all trusts, and every GP practice.
“That means we’ve now got [new] data that’s within the healthcare system, which allows us to do other things, like treat populations, and understand and track patient safety,” he says.
Despite this, he cautions some patients are still struggling to get hold of their own data.
“We’ve got a lot of data that’s in silos,” says Mistry. “It doesn’t flow. That’s the biggest challenge: making the data accessible and usable for patients and healthcare professionals to be able to provide care in a way that is joined up and meets with modern expectations.”
He says complaints with new technology haven’t just come from patients.
“We need to recognise that staff are really frustrated,” says Mistry. “Software often crashes. Computers are really slow, and technology adds to their workload, instead of simplifying things.” He caveats that some parts of the NHS are better than others on this.
Safeguarding patient data
Mistry adds that there are safeguards in place to ensure patient data isn’t ending up where it shouldn’t be – such as through data protection rules and procurement requirements.
However, he warns that “we need to make sure we move with the times in terms of what technology is available”. Mistry is more concerned about medical staff inadvertently putting personal information into a large language model, for instance.
“Digital exclusion remains a barrier as well,” he says, adding that these systems have the potential to widen inequalities in healthcare. Those less able to use new technology might struggle to access their records.
“People tend to assume it’s old people [who are most impacted], but that isn’t necessarily true,” says Mistry, instead highlighting the impact of poverty and deprivation, with some still unable to afford internet access.
He argues the NHS should be working to meet people where they are, and provide more “tailored” technology services.
Patient safety
Nick Woodier is a doctor and investigator at the Health Services Safety Investigations Body (HSSIB), which looks into issues with healthcare in the UK. He sees problems arising from how EPRs are deployed by trusts, especially when medical staff overestimate their capabilities.
He uses the example of prescribing medicines: “There’s an assumption that these electronic prescribing systems will stop you [from] doing something catastrophic.”
But this isn’t always the case. In one investigation, the HSSIB found a child had been prescribed nearly 10 times the recommended dose of an anti-coagulant medication, with doctors having assumed the EPR would flag an issue. The child ended up with a bleed on their brain.
Woodier also worries hospitals are not always picking up on when these systems are at fault.
“We will often see where incidents have happened and the contribution of the electronic system has not been recognised,” he says.
Woodier sees this as coming from a culture which prefers to put the blame for safety failures on individuals.
A 2024 investigation by the BBC found there were more than 126 instances of serious harm registered by NHS trusts across 31 trusts, including three deaths related to EPR problems.
The HSSIB has also encountered problems from patients being unable to access their digital records.
“We’ve seen in general practice, for example, some patients telling us that they’ve gone without care – because in their mind, they thought the only way they could access their GP was to fill in an electronic form,” says Woodier.
A spokesperson for NHS England says EPRs are “already having a significant impact on improving safety and care for patients”, for instance, by helping to identify conditions such as sepsis, and preventing medication errors.
“They have replaced outdated and often less-safe paper-based systems, and we are working closely with NHS trusts to ensure they are implemented safely alongside other systems with appropriate training – and are used to the highest quality and safety standards,” the spokesperson adds.
Interoperability
The EPR roll-out has also been criticised for problems with “interoperability” – the ability of different programs and modes of data collection to converse with each other. The patchwork of different systems used by different trusts means data stored in one system might not be useful for a system used by a different part of the NHS.
Woodier says this often happens in communications between hospitals and GP surgeries. This can involve someone manually inputting information from one system to another, which can create risks when data is not being transferred properly, or is missed completely.
“When you introduce a manual operation, that risk increases,” he warns. “The odds are that at some point, somebody won’t do the right thing, because that’s the reality of being human.”
Alex Lawrence, a fellow at the Health Foundation, describes interoperability as a “significant challenge”, which the NHS and technology companies have been “grappling with for a really long time”.
“Some trusts have found it much harder to access their own EPR data than they anticipated, because of where that data is stored,” she adds, referring to research the organisation carried out in 2024.
“If it’s taking you days to pull the data that you need, then it’s already not going to be useful for a lot of the purposes that you might want it for.”
However, Lawrence adds that there have been some steps made in the right direction, notably with the Data (Use and Access) Act, which was passed last year.
“The government is making information standards mandatory for EPR providers, as well as trusts, with the Secretary of State potentially having more powers to enforce those standards,” she says.
The longer term
Going forward, Lawrence would like to see a system involving “patients being empowered with access to their own data, and as far as appropriate, clinicians being able to see all of the history that they need for their patients”.
In an ideal system, different parts of the healthcare system would be able to “share a patient’s data where necessary and appropriate, in an easy and timely way”.
She says they have the “potential to offer enormous value”, but much of their functionality is going unused. “What our qualitative research suggested was that a lot of these systems are still functioning as digital notebooks,” says Lawrence.
Matthew Taylor is the head of the NHS Confederation and NHS Providers, membership bodies for healthcare organisations.
“NHS leaders say the gap between trusts on digital maturity is still stark – and it’s shaping how quickly organisations can move to modern EPRs,” he says.
This gap – combined with the organisational complexity of the healthcare system – means interoperability has “long been a thorn in the NHS’s side”.
Taylor adds that EPRs are not a “once-and-done” job, and argues they will result in savings in the long term, but that it may take around five years to see the benefits.
“Hospitals are housing a huge amount of paper records, and the cost of storing, retrieving and managing those records can run into millions of pounds each year,” he says.
These systems are part of a larger picture, and one facet of the conversation, around the use of artificial intelligence in the NHS. AI models for areas such as research and diagnostics will require extensive and standardised medical data.
Mistry warns these AI tools operate on the basis of “garbage in, garbage out”.
“There is a risk that we roll out AI tools without the underpinning data quality it needs,” he says, adding that this could exacerbate inequalities or biases from using AI.
As Woodier puts it: “We’ve got organisations who are still using archaic computers, have got infrastructure that’s not working, are still on old web systems, or have EPRs that don’t talk to each other. A few [trusts] don’t have EPRs.
“So, actually, are we trying to run before we’ve even managed to walk?”
US mortgage rates rise to 6% after three-week slide as oil-driven bond yields climb – The Times of India
The new economics of fashion: Trust, longevity and price discipline
California school hired a coach, but police say he moonlighted as a pimp
What are Iran’s ballistic missile capabilities?
India Us Trade Deal: Fresh look at India-US trade deal? May be ‘rebalanced’ if circumstances change, says Piyush Goyal – The Times of India
US arrests ex-Air Force pilot for ‘training’ Chinese military
-
Politics1 week agoWhat are Iran’s ballistic missile capabilities?
-
Business6 days ago
India Us Trade Deal: Fresh look at India-US trade deal? May be ‘rebalanced’ if circumstances change, says Piyush Goyal – The Times of India
-
Politics1 week agoUS arrests ex-Air Force pilot for ‘training’ Chinese military
-
Business7 days agoAttock Cement’s acquisition approved | The Express Tribune
-
Business1 week agoHouseholds set for lower energy bills amid price cap shake-up
-
Fashion7 days agoPolicy easing drives Argentina’s garment import surge in 2025
-
Fashion7 days agoTexwin Spinning showcasing premium cotton yarn range at VIATT 2026
-
Sports6 days agoLPGA legend shares her feelings about US women’s Olympic wins: ‘Gets me really emotional’