GCHQ Needs More Cyber War Skills, Say MPs

MPs have called on the UK’s intelligence agencies to  improve their cyber war capabilities, whilst raising “grave” concerns over a security skills issue within GCHQ.

The Intelligence and Security Committee (ISC), in its annual report for 2011-2012 to Parliament that was submitted to the Prime Minister last week, said some progress had been made in developing cyber war abilities but more had to be done in such a “fast-paced” field.

“While attacks in cyberspace represent a significant threat to the UK, and defending against them must be a priority, we believe that there are also significant opportunities for our intelligence and security agencies and military which should be exploited in the interests of UK national security,” the report read.

Cyber war games

It recommended initiating “active defence” by “interfering with the systems of those trying to hack into UK networks”, as well as “exploitation” by “accessing the data or networks of targets to obtain intelligence or to cause an effect without being detected.”

The report also pointed to Stuxnet, which caused disruption to Iranian nuclear capabilities, as an example of how UK security forces could access “networks or systems of others to hamper their activities or capabilities without detection (or at least without attribution).”

Additionally, “destruction of data, networks or systems” should be considered in support of armed conflict,” MPs recommended.

Talk of open cyber war has been gaining credibility lately. The US and Israel have been working with one another to target Iran, as it is believed they created Stuxnet and highly-sophisticated cyber espionage tool Flame.

Onward, cyber soldiers!

The report raised serious concerns over a skills issue affecting GCHQ. Despite gaining a large chunk of the government’s £650 million pot for cyber security, which is supposed to last until 2015, and upping the number of staff working on network defence and analysis of cyber attacks by almost one-third in the last two years, GCHQ was still urged to stop losing security specialists to the private sector.

“The real concern for this committee is the ability of GCHQ to retain internet specialists to respond to the threat to UK cyber security,” the ISC said. “In our 2010–2011 Annual  Report we recommended that GCHQ explore ways to improve the situation and that the Cabinet Office, as lead department for cyber security, should consider employing a system  of bonuses for specialist skills, such as is used in the US.

“This year we were told that the  situation had deteriorated and that GCHQ was “losing critical staff with high end cyber technology skills at up to three times the rate of the corporate average (3.4 percent).”

Iain Lobban, director of GCHQ, told the ISC the problem was likely to increase in the coming years as the government could not match the salaries offered in the private sector. Lobban recommended introducing a new employment model with

“We have asked the director of GCHQ to identify options to address the problem of how to retain such specialist staff, which can then be discussed with the Cabinet Office and HM Treasury. We expect to see a package agreed and implemented before the start of the 2013/14 financial year,” the ISC added.

GCHQ has been trying out different ways of recruiting cyber specialists. In December, the intelligence body launched an online code-cracking challenge to find fresh talent, promoting it over Facebook and Twitter.

Are you a security pro? Try our quiz!