Multi-Agency Working: how collaboration continues to evolve

In May 2017, over 20,000 medical appointments, including critical cancer appointments and heart surgery, were cancelled when the WannaCry ransomware blazed across the UK. The common aspects of what makes the National Health Service “National” left the health service in the UK particularly vulnerable to this attack. It “democratized” cyber: very many of us in the UK will know someone who was personally affected by WannaCry.


How WannaCry affected healthcare in the UK illustrates how essential it is that mechanisms are in place to enable a place-based response to cyber threats.

An official set of findings reported that 81 NHS trusts in the UK were affected, not only hospitals but GP clinics, dentists and pharmacies. The knock-on effect of those hospital appointments being cancelled was a direct impact on primary care and social services.

In 2003 “Information Exchanges” started to be formed in the UK to facilitate sector-specific collaboration on Cyber. In the US, Information Sharing and Analysis Centres (ISACs) had existed since 1998. These too, were sector-specific. The FS-ISAC, for example, brings together competitors in the financial services sector to collaborate on matters of security. London Connects was the first Warning, Advice and Reporting Point (WARP), established in 2003, with the aim of bringing together people at a local-level to collaborate on security. In a similar way, in 2013, US President Obama called for the establishment of Information Sharing and Analysis Organisations (ISAOs) in part to facilitate local coordination to respond to the cyber threat.

Much of the collaboration which happens in Information Exchanges and the WARPs in the UK is now supplemented by the UK’s national Cyber-security Information Sharing Partnership (CiSP) platform. CiSP hosts sector-specific and regional collaboration on the same platform, with both public and private sector organisations as members including Law Enforcement through the Regional Organised Crime Units (ROCUs).

CiSP was invaluable during the WannaCry outbreak, providing advice whilst members were sharing information. The role the CiSP community played in coordinating the response to WannaCry was documented in the NCSC’s first annual report, but alongside the official advice and support, there was real-time collaboration on a multitude of unofficial channels, including WhatsApp and Slack. To which of those channels should the person responsible for IT security in your local Council, College, or NHS trust have turned in order to look for help or co-ordinate when under siege from WannaCry?

The spirit of voluntary public-private collaboration which has made the UK’s CiSP a key case-study around the world of how to do information sharing properly, needs to be built upon: to bring the latest advances in secure technology to support collaboration distributed down to the most local level; to move beyond the confusing multiplicity of unofficial channels; to bring local stakeholders together, unified around a common purpose; and to keep one step ahead of the cyber threat in support of local citizens, industry and services.