Cyber-attackers as big a threat as terrorists, says GCHQ chief
Britain’s expanded security centre has a vital new role protecting the nation from internet attacks
PROTECTING Britain from hacking and cyber-attacks is as important as preventing terrorism, the new head of GCHQ writes today.
Defending the “digital homeland” must become a key part of GCHQ’S work, Jeremy Fleming says in his most extensive public comments since becoming head of the agency.
The growing task of defending Britain’s online culture and commerce means an increasingly prominent role for an agency that has traditionally taken a back seat to MI5 and MI6.
Writing in The Daily Telegraph, he says that GCHQ must step out of the shadows of nearly a century of secrecy if it wants to keep people safe and free online.
Mr Fleming’s comments come after a series of high profile cyber attacks, including May’s Wannacry ransomware outbreak that caused chaos to the NHS.
Concerns over the UK’S national cyber security have also been raised by a string of allegedly Russian-backed cyber-operations targeting political parties and MPS across Europe.
Mr Fleming said: “If GCHQ is to continue to help keep the country safe then protecting the digital homeland must become and remain as much part of our mission as our global intelligence reach and our roundthe-clock efforts against terrorism.”
Mr Fleming joined GCHQ in April after a career at MI5.
Ihave spent my whole career, in MI5 and now as head of GCHQ, working to counter the most serious threats to our national security. If I’ve learned one thing, it’s that our adversaries are quick to spot new ways of doing us harm. We see that in the way terrorists are constantly changing their weapons or states are using their full range of tools to steal secrets, gain influence and attack our economy.
The biggest changes are shaped by the speed of technological advances, in particular the internet. These shifts are affecting virtually everyone on the planet. They offer amazing potential for individuals, communities, business and countries – friends and foes alike.
Our task in GCHQ is to help make sure that the UK benefits from this technological revolution, by protecting the nation from those who want to use the internet to cause harm. We all derive great benefit from the ease and speed of connecting across the planet and from the additional security provided by default encryption. But hostile states, terrorists and criminals use those same features – instant connectivity and encrypted communications – to undermine our national security, attack our interests and, increasingly, commit crime.
We see these threats to the UK’S prosperity and security changing faster than most people realise. But GCHQ – at the heart of the nation’s security – is an ingenious organisation. In my six months as its director I have seen countless examples of what can be achieved with a brilliant and diverse group of people using cuttingedge technology and tradecraft. We are part of an operational community of MI5, MI6, the police (particularly the National Crime Agency) and our Armed Forces – a combined force of thousands of men and women dedicated to Britain’s national security who now work far more closely together than at any point in my career. These collective capabilities are a huge strategic asset to the UK.
GCHQ’S role has always been to collect and use intelligence to disrupt, divert and frustrate our adversaries. We’ve been doing this since 1919 and we’re very good at it. But we cannot afford to stand still. The Government’s investment in a bigger GCHQ gives us a chance to recruit the brightest and best from across our society – as the threat becomes more diverse, so must the workforce that tackles it.
We’re using much of that funding to make GCHQ a cyber organisation as well as an intelligence and counterterrorism one. We have a longstanding mission to keep sensitive information and systems secure. This has a distinguished history, notably in protecting our own secrets in wartime. But it too often felt like the poor relation. Our new mandate, to help make the UK the best place to live and do business online, has transformed that perception. This profound development is led within GCHQ by the National Cyber Security Centre (NCSC), one year old last week.
In my view, the Government was right to house the NCSC in GCHQ. Over the past year it has responded to nearly 600 significant incidents requiring a national, coordinated response. In dealing with these cases, from the Wannacry ransomware affecting the NHS through the attack on Parliament to lesser-known but important compromises and criminal attacks, the NCSC drew on GCHQ’S data, analytical capabilities, skills and partnerships, which help us to prevent attacks as well as respond to them.
The NCSC has a world-leading programme to reduce the incidence and impact of cyber attacks without users even noticing. It is also challenging us to work differently across the whole of GCHQ. By its nature, it has to work closely with the private sector; it works at lower (or without) security classifications, proactively engages with the media, and has a high profile in schools and universities. All of this can feel deeply challenging for a GCHQ that, by necessity, has worked in the shadows.
It remains the case that much of what we do must remain secret. But I welcome the shift. If GCHQ is to continue to help keep the country safe, then protecting the digital homeland – keeping our citizens safe and free online – must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism.
Jeremy Fleming is Director of GCHQ