GCHQ to take hub role in UK cybersecurity

The UK's intelligence agency GCHQ will become a main port of call for businesses dealing with cyberattacks, under the government's new cybersecurity strategy revealed on Friday.

GCHQ will play a larger role in protecting businesses from cyberattacks, under a new cybersecurity strategy announced by Cabinet Office minister Francis Maude. Photo credit: BIS

The Cheltenham-based agency will get an infusion of hundreds of millions of pounds to fund its larger role in the UK's cyber-defence, Cabinet Office minister Francis Maude said in announcing the The UK Cyber Security Strategy (PDF). It will have a key role in a new cybersecurity 'hub' that will be set up as a brokerage for the public and private sectors to exchange information about threats and technologies.

With the new strategy, the government is aiming to make the UK one of the safest places in the world to do business, as well as tackling cybercrime and cyber-espionage in general, according to Maude. The document, the release of which has been delayed twice, replaces a two-year-old strategy and allocates £650m in funding to set up a National Cyber Security Programme.

"The growth of the internet has transformed our everyday lives," Maude said in a statement (PDF). "But with greater openness, interconnection and dependency comes greater vulnerability. The threat to our national security from cyberattacks is real and growing."

Of the £650m in funding, around 65 percent is expected to be spent on capabilities, 20 percent on critical cyber-infrastructure, nine percent on cybercrime specifics, five percent on reserves and one percent on education.

"Around half of the £650m funding will go towards enhancing the UK's core capability, based mainly at GCHQ at Cheltenham, to detect and counter cyberattacks," the strategy document stated. "The details of this work are necessarily classified, but it will strengthen and upgrade the sovereign capability the UK needs to confront the high-end threat."

Cybersecurity hub

One of the areas GCHQ is involved in is the cybersecurity hub. The government plans to launch a pilot for the hub in December, involving companies from five sectors — defence, finance, telecommunications, pharmaceuticals and energy — as well as GCHQ. If successful, businesses in other industries will be invited to join in March 2012.

Read this

CESG: How UK defends against cyberattacks

Read more

"The government cannot tackle this challenge alone. The private sector — which owns, maintains and creates most of the very spaces we are seeking to defend — has a crucial role to play too," Maude said.

This means businesses will have to form "uncomfortable partnerships", Owen Pengelly, deputy director of the Office of Cyber Security and Information Assurance (Ocsia), acknowledged earlier in November. Companies have traditionally been reluctant to share sensitive security knowledge with their peers, fearing a leak might hurt their reputation or that the information could be used against them commercially.

Some details of the hub are still being worked out, according to Ross Parsell, the director of cyber-strategy for Thales UK, which is involved in the project. These include what happens if a publicly traded company's shareholders demand that it does not disclose vulnerabilities; where the IT for the hub will be located; and whether the hub itself could become a target for attacks from nation states.

The government cannot tackle this challenge alone. The private sector — which owns, maintains and creates most of the very spaces we are seeking to defend — has a crucial role to play too.

– Francis Maude

"Somebody raising the fact they've been breached immediately affects shareholder value, as we've seen with things like Sony — how do we make it right and okay for people to do that?" Parsell told ZDNet UK. "That's still a journey we're on."

"Some companies may not wish to publicly declare that they've had a breach. The hub is a protection mechanism — you could declare to Cheltenham that you've had this, but the hub then anonymises the attack profile," he noted.

The Centre for Protection of Critical National Infrastructure (CPNI), which tests information security products destined for use by key industries, is set to have a role as well, according to Parsell. It will most likely operate the front end of the hub, where companies can exchange and access attack information.

Commercial technology

Beyond the hub, the government will look at GCHQ's secret technology with the aim of commercialising it without compromising the organisation's role of protecting the UK from online threats. In addition, the strategy calls for GCHQ to host a Joint Cyber Unit to give the UK more military capabilities in cyberspace. These moves will help boost the country's cybersecurity industry, according to Maude.

Another goal is to improve the police's work against internet-related crime. As announced earlier, a National Cyber Crime Unit will be created within the new FBI-style National Crime Agency by 2013. The cybercrime unit brings together the Metropolitan Police Central e-Crime Unit, which will investigate botnets and other high-level e-crime, with the Serious Organised Crime Agency, which will provide intelligence.

"The NCA will also support police forces across England and Wales to drive up wider national capability on cybercrime, including through shaping the training for mainstream law enforcement on cyber-issues," the strategy document states. "A key area will be ensuring the best possible flow of information between police forces and the NCA."