Online threats are now as significant as those posed by states or militants, the new head of GCHQ, the government’s signals intelligence and information assurance agency, has said.
Jeremy Fleming, who became director of the Cheltenham-based organisation earlier this year after a career at MI5, said increased government funding was being used to “make GCHQ a cyber organisation” as well as one that carries out roles in international intelligence and countering militant threats.
He said the shift coincides with a new mandate for GCHQ – “to help make the UK the best place to live and do business online” – and the creation of the National Cyber Security Centre (NCSC), which operates as a branch of GCHQ and which turned one year old last week.
Government funding has helped the organisation “recruit the brightest and best from across our society”, Fleming said.
That expansion mirrors the increased importance of technologies such as high-speed internet communications and end-to-end encryption, he said.
“Hostile states, terrorists and criminals use those same features – instant connectivity and encrypted communications – to undermine our national security, attack our interests and, increasingly, commit crime,” he wrote. “Our adversaries are quick to spot new ways of doing us harm.”
GCHQ, which will mark its centenary in 2019, has always operated secretly, but Fleming said the NCSC marks a new era of “high profile” work with the private sector, the media and schools and universities.
“All of this can feel deeply challenging for a GCHQ that by necessity has worked in the shadows,” Fleming wrote in The Telegraph on Sunday.
At the same time, the increased importance and visibility of communications and data security has meant a positive change for GCHQ, which in the past has “too often felt like the poor relation”.
He noted that in responding to online incidents over the past year, including the WannaCry malware that disrupted the NHS and an attack on Parliament email accounts, the NCSC “drew on GCHQ’s data, analytical capabilities, skills and partnerships”.
In May NHS services across England and Scotland were disrupted as part of the WannaCry malware attack that affected organisations around the world.
The following month up to 90 email accounts were compromised in a string of targeted attacks on Parliament.
Last week NCSC head Ciaran Martin said 1,131 cyber-attacks had been reported during the centre’s first year, of which 590 were considered ‘significant’ and more than 30 were serious enough to draw a cross-government response.
In February the Public Accounts Committee (PAC) said that in spite of the NCSC’s creation cyber protection agencies remained an “alphabet soup”.
The government has formed at least 12 teams and organisations to handle cyber-security, but they have overlapping mandates and activities related to protecting information, the PAC said.
Last month a computer security researcher said it took him two months to report a pair of serious flaws in HMRC’s website to the government and confirm they had been fixed. He criticised HMRC and the National Cyber Security Centre (NCSC) for providing no way for experts to ensure issues are attended to.
Do you know all about security in 2017? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…