GCHQ launches cybersecurity consultancy to help reduce vulnerabilities in public sector
Tue 2 Jun 2015
British spy agency GCHQ has this week announced a new UK scheme providing certified cybersecurity consultancy services for government customers and those in the wider public sector.
Following the launch of the programme Ciaran Martin, GCHQ’s public head of cybersecurity, spoke to audiences at this year’s Infosec Europe about the agency’s assumed role as the UK’s ‘top scarer’, spelling out the persistent threats targeting British businesses in cyberspace.
Contextualising today’s threat picture, Martin explained that the government agency continues to see real and often chronic, advanced threats on a daily basis of which the scale and rate show no sign of abating.
He advised that understanding not ‘who’ but rather what motives are at play behind an attack is the best approach in defending against these risks. Although often overlooked, Martin explained that three age-old criminal motives hold strong in the cyber sphere; money, power and propaganda – particularly in an age where intellectual property and a gleaming corporate reputation are of ever important value.
Referring to a lecture given in 2012 Martin cited at-the-time MI5 Director Jonathan Evans: “What is at stake is not just our government secrets but also the safety and the security of our infrastructure, the intellectual property that underpins our future prosperity and the commercially sensitive information that is the lifeblood of our companies and corporations.”
Three years later the threats remain and as Martin added GCHQ stands genuinely surprised at the extent and variety of UK businesses subject to intrusions.
He added that despite an increased awareness in the UK information security field there is a “relative immaturity of norms and practices” even across supposedly secure institutions – as so clearly displayed in large-scale attacks around the world such as wiped bank hard drives in Asia and the sophisticated attack on Saudi Arabia’s national oil firm in 2012.
The new GCHQ standards scheme hopes not just to help prevent these national attacks but to attempt to reduce vulnerabilities and render those attacks irrelevant for UK organisations.
Speaking on the new consultancy scheme, Martin noted that it “is a big step forward for UK cyber security. There’s only so much an organisation like GCHQ can and should do directly. This new scheme will significantly enhance the pool of trusted cyber security advice available from private providers.”