NHS security compromised by boss?

The head of the National Health Service has been accused of weakening its computer security by suggesting a move from the current X400 mail protocol to SMTP.
Written by Will Knight, Contributor

Alasdair Liddle chief executive of the NHS is reported by Computer Weekly to be angry that the NHS' database and mail network, NHSNet is based on the "obsolete and expensive" X400 messaging standard instead of SMTP.

Ian Johnstone-Bryden, a consultant with computer security firm Oceanus, who has implemented numerous computer security networks for the British government, believes this shows naivety of the security implications. "X400 is by no means obsolete," he says. "In fact it's newer and significantly more secure than STMP. It is expensive but not when you compare it to implementing a Microsoft exchange. The cost could also be reduced because STMP could be put on NHSNet's external gateway."

NHSNet contains databases of all information relevant to GPs and hospitals and also provides the health service's computer communications system.

X400 protocol was developed by the government and academics in the UK in the 1980's to provide highly secure and highly reliable computer communications. X400 is generally regarded as more secure than the more common STMP standard because it allows computer communications to be monitored throughout their journey.

Johnstone-Bryden also sees Liddle's comments as further evidence of the government's U-turn on pre-election promises of investment in public sector computing. He says, "X400 was developed so that the government didn't have to say 'let's go to Mr Gates to get our computer systems'. This would be a waste of all the original efforts to have a more accountable system not reliant on the computer industry."

Editorial standards