This write up is impressive. Even more impressive is its source - the NHS. It's always great to see exceptionally competent IT and security people in government agencies.
From an Australian who is generally disappointed in government IT.
Oh... the stories I could tell about Australian gov IT!
I have a theory that for a long time now Australia has been "too rich" in the sense that government inefficiency and waste effectively aren't perceived as important and is simply being ignored.
A friend of mine got a senior gov IT person drunk one Friday evening and asked him what he thought about the failure of the project to deliver on time and budget. (At that point it was already delayed by 2 years and a hundred million over budget).
He replied: "There is no such metric as success or failure for this project."
You see, only government budget line items have success or failure metrics. Those are all in the billion-dollar range, and are tracked by the Treasury, properly audited, and can qualify as "failing". Anything less than that goes into the "Other" category and isn't tracked to any significant degree.
Everyone involved in these things is a contractor or a consultant, and to them delays and budget overruns are a success, not a failure.
As I was saying, nobody seems to care about this, so the profligate waste will continue until we have a proper economic crisis that will force everyone to tighten their belts and stop wasting money quite as much...
> I have a theory that for a long time now Australia has been "too rich" in the sense that government inefficiency and waste effectively aren't perceived as important and is simply being ignored.
I think it exposes the stupidity of those in Govt, they view their waste "pet projects" as GDP enhancing but they dont realise they could have simply given the money to someone on the street and got a better return on investment and a greater boost to GDP over the long term. The flip side is its stealth repression using authority.
In some cases it's true that excessive/wasteful government spending is just another kind of business subsidy. A well-known example is the US space program, which basically exists just to keep some specialised defence contractors afloat in between wars.
The problem I see with Australian government (or any foreign government) overspending on IT, is that much of that money goes off-shore back to US-based IT vendors like Microsoft. It isn't "recycled" back into the local economy.
And an obvious support of US based IT vendors, is the use of Google's I'm not a Robot test, a streetview surveillance category program disguised as AI training?
But then when considering US antivirus spam filter vendors necessitated the need for I'm not a Robot, was/is this simply the US shaking down the rest of the world or at least western civilisations to dominate like the US does in NATO?
I posted primarily because I share your sentiments. This particular write-up details targeted attacks against Windows OS specifically and is part of the NHS's wider documented response to Log4Shell [1]
From an Australian who is generally disappointed in government IT.