Facebook’s digital cults
The social network’s encouragement of private groups threatens an election nightmare
It’s the secretive headquarters of Britain’s shadowy cyber war against skilled Russian and Chinese hackers. But the office of the National Cyber Security Centre, a division of spy agency GCHQ, looks more like the regional headquarters of an insurance firm. The open-plan office in London’s Victoria sits beside a burger restaurant and a cluster of trendy coffee shops. Sometimes staff members bring their dogs into the office.
If you pay attention, however, you will soon realise that this isn’t a normal office. Only a handful of employees can disclose their surnames to the public and meeting rooms without windows are used for classified discussions.
This used to be the domain of Ciaran Martin, an easy-going civil servant from Northern Ireland who ran the NCSC and shepherded its emergence from the secrecy of GCHQ into the public eye in 2016.
Now, after 23 years, Martin is out of the civil service. He left the NCSC at the end of August, handing the reins over to Lindy Cameron, another civil servant from Northern Ireland.
The adjustment hasn’t been easy for Martin. For the first time in his career, he doesn’t have a team of security services employees on hand to manage his diary and field press requests. It’s been a “huge adjustment”, he admits.
“The withdrawal of a brilliant support team has been a minor trauma because they were great,” he says in a call from his family home in Oxfordshire. The establishment of the NCSC came as the UK faced serious hacking attacks from Russia and China which have probed our national infrastructure and sought to steal coronavirus vaccine research.
Forming a new division of a spy agency at a time when cybersecurity is more vital to the country’s safety than ever before is no easy task. For Martin, who was born in Omagh in 1974, the inspiration for his move into public service came as he grew up in Northern Ireland during the Troubles.
“Growing up in the Eighties, the background of the Troubles was always there,” Martin says. “Over time, clever and well-meaning people in London, Belfast and Dublin did some very imaginative work to create the conditions for better things. So I think for me, there was always something about good, trustworthy, fair, highquality government.”
A teenage Martin played keyboards in an indie rock band named Some Kind of Wonderful, a fact which a childhood friend mischievously added to his Wikipedia article. “We weren’t very good and nobody was interested in us,” Martin recalls with a laugh.
He graduated with a degree in history from the University of Oxford in 1996 before entering government.
After years inside the Treasury, National Audit
Office and Cabinet Office, Martin entered the secretive intelligence agency GCHQ.
The 2015 general election led to a renewed focus on cybersecurity and Martin used the opportunity to lobby for a new public face for the organisation, which for years had maintained an exceedingly low profile.
“We spent one
Friday drafting a paper for ministers that was actually quite technical and ambitious,” Martin recalls. “And they came back and said ‘yeah, we love this’.”
The NCSC started life as a way for cybersecurity experts to work with organisations to keep them safe without the pressure of having to remain in the shadows. Martin’s initial concerns were that businesses would refuse to work with the NCSC following the Snowden revelations and that the organisation would accidentally disclose secret material to the public. Martin says neither of those scenarios came to pass. But the organisation has faced serious attacks from Russian hacking groups linked to the country’s government.
“In the six and a half years that I was at GCHQ, Russia was the operational constant. It was a very significant threat,” Martin says. “GCHQ has been tracking some of these Russian groups for nearly 30 years. Some of them are very good.”
Russian hackers previously crept into the UK’s energy grid, for now just snooping around to gain an understanding of how everything works in case they might want to return and wreak havoc. A serious hack of a power plant is likely to be classed by the NCSC as a “category one” attack, which could cause loss of life or severe economic damage.
The NCSC calls these types of attacks a “national cyber emergency”. The organisation has never had to declare one of these emergencies, but Martin says it “came close”.
He says a hacking campaign carried out by the Chinese government, which was revealed in 2018, that targeted businesses around the world likely caused enough damage to be declared a category one incident.
“I think we only stopped short of categorising that as a category one because we couldn’t quite quantify what they’d done,” Martin says.
And the WannaCry ransomware attack of 2017 which spread around the world, locking computers in businesses and the NHS, was also a serious problem. “Had WannaCry got closer to disrupting patient care, I would have declared that a category one attack,” he adds.
The most pressing danger, Martin believes, isn’t a catastrophic cyber attack caused by a skilled hacker managing to break into the servers of a nuclear power plant, for example.
Instead, it’s the risk that the UK continues to be vulnerable to ransomware attacks which shut down services like healthcare.
Martin is calling for “urgent” action to combat ransomware, including a change in the law to prevent businesses from paying ransoms.
He also wants businesses to make preparing for ransomware a boardlevel problem. “Countering ransomware is not rocket science,” he
‘GCHQ has been tracking some of these Russian groups for nearly 30 years. Some of them are very good’
says. “It’s an avoidable problem and there needs to be a lot more leadership attention.”
The most high-profile period of the NCSC’s existence was the debate over whether to allow Huawei, the Chinese telecoms supplier, to play a role in the UK’s 5G networks.
Martin’s organisation became the public face of the security services’ technical assessment that the risk could be managed. At one press conference in 2019, aides were left pleading with journalists to ask Martin about something other than Huawei.
“The Huawei issue was highly unusual,” Martin recalls. He says it had periods of “high stress” as the NCSC waded into a politically charged topic.
The UK’s initial decision in January to allow limited use of the firm’s kit was overturned following US sanctions which cut Huawei off from parts of its own supply chain. “The US sanctions changed everything technically,” Martin says. “I know that will seem to some people a rather boring and convenient route to a change of policy. It also happens to be true.”
The Government announced its decision during lockdown, a period which Martin says involved the NCSC protecting food distribution businesses and vaccine research from cyber attacks.
He adds that he was “terrified” of a serious ransomware attack causing disruption during the pandemic.
Now, Martin is about to embark on a new life outside of the intelligence agencies.
He applied for, but did not get, the position of chief executive of Ofcom. Instead, he’s returning to the University of Oxford to teach the management of public services at the Blavatnik School of Government.
“My colleagues are all getting used to teaching in a Covid environment. I’m getting used to teaching full-stop,” Martin says.
He is also advising venture capital fund Paladin Capital, which has a series of cybersecurity investments, and is on the advisory board of secure browsing start-up Garrison.
Martin’s ambition is to continue the work he’s been doing inside government and carry it on in the outside world. “I really hope that I’ve done my bit in the last few years to promote a little bit of trust in technology in the UK in my old guise,” he says. “Now, hopefully, I can do a bit more in the next one.”
Huawei and Russia, led by president Putin, right, both posed headaches for Ciaran Martin, below, as head of the NCSC