NHS Goes To War Against Open Source
NHS Goes To War Against Open Source
英国国家医疗服务体系(NHS)向开源宣战
The NHS is preparing to close nearly all of its Open Source repositories. Throughout my time working for the UK Government - in GDS, NHSX, i.AI, and others - I championed Open Source. I spoke to dozens of departments about it, wrote guidance still in use today, and briefed Ministers on why it was so important. That’s why I’m beyond disappointed at recent moves from NHS England to backtrack on all the previous commitments they’ve made about the value of open source to the UK’s health service.
英国国家医疗服务体系(NHS)正准备关闭其几乎所有的开源代码库。在我为英国政府工作的这段时间里——包括在政府数字服务局(GDS)、NHSX、人工智能办公室(i.AI)等部门任职期间——我一直是开源的支持者。我曾与数十个部门探讨过这一议题,撰写了至今仍在使用的指导方针,并向部长们简要说明了开源为何如此重要。正因如此,我对英国NHS近期背弃其此前关于开源对英国医疗服务价值的承诺的行为感到无比失望。
It’s rare that multiple people leak the same story to me, but that’s what gives me confidence that lots of people within the NHS are aghast at this news. A few days ago, I was sent this quote which was attributed to a senior technical person in NHS England. We are obviously looking at things like Mythos, which is more sophisticated at finding vulnerabilities. In the next week or so, we will be changing our tack on coding the open and making our code public until we’re on top of that risk. Most of our repos, unless they’re essential, will be removed for security reasons.
很少有不同的人向我泄露同一条消息,但这让我确信,NHS内部有许多人对这一消息感到震惊。几天前,我收到了一段据称来自NHS英格兰某高级技术人员的引述:“我们显然正在关注像Mythos这类工具,它们在发现漏洞方面更为先进。在接下来的一周左右,我们将改变‘公开编码’的策略,在控制住风险之前,不再公开我们的代码。除非是必要的代码库,否则我们的大部分仓库都将出于安全原因被移除。”
As I’ve written before, this is not the correct response to the purported threat by Mythos. Neither the AI Safety Institute nor the NCSC recommend this action. While there may be some increase in risk from AI security scanners, to shutter everything would be a gross overreaction. Nevertheless, that’s what the NHS is preparing to do. On the 29th of April, guidance note SDLC-8 was sent out. Here’s what it says: The majority of code repos published by the NHS are not meaningfully affected by any advance in security scanning. They’re mostly data sets, internal tools, guidance, research tools, front-end design and the like. There is nothing in them which could realistically lead to a security incident.
正如我之前所写,这并不是应对Mythos所谓威胁的正确方式。无论是人工智能安全研究所(AI Safety Institute)还是英国国家网络安全中心(NCSC),都没有建议采取这种行动。虽然人工智能安全扫描工具可能会带来一定的风险增加,但将一切关闭是一种严重的过度反应。然而,这正是NHS准备要做的事情。4月29日,一份名为SDLC-8的指导说明被发布,内容如下:“NHS发布的大多数代码库并没有受到安全扫描技术进步的实质性影响。它们大多是数据集、内部工具、指南、研究工具、前端设计等。其中没有任何内容能现实地导致安全事件。”
When I was working at NHSX during the pandemic, we were so confident of the safety and necessity of open source, we made sure the Covid Contact Tracing app was open sourced the minute it was available to the public. That was a nationally mandated app, installed on millions of phones, subject to intense scrutiny from hostile powers - and yet, despite publishing the code, architecture and documentation, the open source code caused zero security incidents.
疫情期间我在NHSX工作时,我们对开源的安全性和必要性充满信心,因此我们确保新冠接触者追踪应用程序在向公众发布的那一刻就实现了开源。那是一款国家强制要求的应用程序,安装在数百万部手机上,并受到敌对势力的严密审查——然而,尽管我们公开了代码、架构和文档,该开源代码却未引发任何安全事件。
Furthermore, this new guidance is in direct contradiction to the UK’s Tech Code of Practice point 3 “Be open and use open source” which insists on code being open. Similarly, the Service Standard says: There are very few examples of code that must not be published in the open. The main reason for code to be closed source is when it relates to policy that has not yet been announced. In this case, you must make the code open as soon as possible after the policy is published. You may also need to keep some code closed for security reasons, for example code that protects against fraud. Follow the guidance on code you should keep closed and security considerations for open code.
此外,这一新指南直接违背了英国《技术实践准则》第3点“保持开放并使用开源”的要求,该准则坚持代码应当公开。同样,《服务标准》也指出:“几乎没有代码是绝对不能公开发布的。代码闭源的主要原因是它涉及尚未公布的政策。在这种情况下,必须在政策发布后尽快将代码开源。出于安全原因,你可能也需要保持某些代码闭源,例如用于防范欺诈的代码。请遵循关于闭源代码的指导及开源代码的安全考量。”
There’s also the DHSC policy “Data saves lives: reshaping health and social care with data”: Commitment 601 – completed May 2022 We will publish a digital playbook on how to open source your code for health and care organisations. And, here’s NHS Digital’s stance on open source in their Software Engineering Quality Framework: The position of all three of these documents is that we should code in the open by default. All of which is reflected in the NHS service standard: Public services are built with public money. So unless there’s a good reason not to, the code they’re based should be made available for other people to reuse and build on. All of which is to say - open source should be baked into the DNA of the NHS by now.
此外,英国卫生与社会保障部(DHSC)的政策《数据拯救生命:用数据重塑医疗与社会护理》中提到:承诺601(2022年5月完成)——我们将发布一份数字手册,指导医疗和护理机构如何实现代码开源。同时,NHS数字部门在其《软件工程质量框架》中对开源的立场是:这三份文件都主张我们应该默认以开源方式进行编码。所有这些都体现在NHS的服务标准中:公共服务由公共资金建立。因此,除非有充分的理由不这样做,否则它们所基于的代码应该提供给他人重复使用和构建。总而言之,开源现在应该已经融入了NHS的基因之中。
There are thousands of NHS repositories on GitHub. The work undertaken to assess all of them and then close them will be massive. And for what? Even if we ignore the impracticality of closing all the code - it is too late! All that code has already been slurped up. If Mythos really is the ultimate hacker, hiding the code now does nothing. It has likely already retained copies of the repositories. And if it were both practical and effective to hide source code - that doesn’t matter. These AI tools are just as effective against closed-source. They can analyse binaries and probe websites with ease.
GitHub上有数以千计的NHS代码库。评估并关闭所有这些代码库的工作量将是巨大的。但这又是为了什么呢?即使我们忽略关闭所有代码的不切实际性——现在也太晚了!所有这些代码都已经被抓取了。如果Mythos真的是终极黑客,现在隐藏代码毫无意义。它很可能已经保留了这些代码库的副本。即使隐藏源代码既可行又有效——那也无济于事。这些人工智能工具对闭源软件同样有效。它们可以轻松分析二进制文件并探测网站。
There are tens of thousands of NHS website pages which refer to their GitHub repos - will they all need to be updated? What’s the cost of that? I’ve no idea what led to NHS England making this retrograde decision - so I’ve send a Freedom of Information request to find out. I am convinced that closing all their excellent open source work is the wrong move for the NHS. I hope they see sense and reverse course. Until then, I’ve helped make sure that every single NHS repository has been backed up and, because the software licence permits it, can be re-published if the original is closed.
有数以万计的NHS网页链接到了他们的GitHub仓库——难道所有这些都需要更新吗?这要付出多大的代价?我不知道是什么导致NHS英格兰做出了这一倒退的决定——所以我已经提交了一份信息自由请求以查明真相。我坚信,关闭所有优秀的开源成果对NHS来说是错误的举措。我希望他们能认清形势并扭转方向。在此之前,我已经协助确保了每一个NHS代码库都已备份,并且由于软件许可协议的允许,如果原始仓库被关闭,这些代码可以被重新发布。
In the meantime, you should email your MP and tell them that the NHS is wrong to shutter its world-leading open source repositories. Don’t let them take away your right to see the code which underpins our nation’s healthcare.
在此期间,你应该给你的议员发邮件,告诉他们NHS关闭其世界领先的开源代码库是错误的。不要让他们剥夺你查看支撑我们国家医疗保健系统代码的权利。