event coverage

Ciaran Martin, CEO of the UK's soon-to-be-operational National Cyber Security Centre (NCSC) introduces his organization and describes its place in the UK cyber strategy. Photo by The CyberWire

GCHQ's New National Cyber Security Center

Washington, DC, was the site of a major British policy announcement. On September 13, 2016, Ciaran Martin, CEO of the UK's new National Cyber Security Centre, both announced the Centre's formation and described the role it would play in Britain's cyber security strategy.

As might be expected from a GCHQ talk delivered in NSA's backyard, Martin noted with approval and appreciation what he characterized as the trust, friendship, and mutual benefit of the two agencies' more than seven decades of partnership. He spoke of the long record GCHQ and NSA have established of protecting information, and asserted that the transatlantic partnership was now more important than ever.

Describing how pervasive connectivity, and therefore a need for cybersecurity, was throughout the UK's economy and government, he said the National Cyber Security Centre's job was "to make that digital economy work by making it safer." To do so requires more automation of defense against digital threats. Noting that those threats derived from both nation-states and criminals, he drew a distinction between not only their motivations, but their relative levels of sophistication. "National conflict in cyberspace involves power, money, and propaganda," Martin said. Those stakes have been constant for millennia.

Nation-states, of course, dispose of significant resources and are capable of sophisticated attacks. While there is some sophisticated cyber crime, most cyber crime isn't, and too much of the unsophisticated continues to succeed. Too many basic attacks are getting through, and doing a great deal of harm. "So too many people are unprepared. And there's something wrong with this. We haven't got ahead of the threat."

The National Cyber Security Centre intends to cope with those threats, and to do so taking full advantage of the automated technologies available. Martin noted that assigning responsibilities for defense can be notoriously difficult, and that the Centre's being part of GCHQ does place its public-facing role in tension with its connection to intelligence. But he thinks that the Centre's being "deliberately and fully a part of GCHQ" is the right call, organizationally. It will be effective insofar as it can draw upon GCHQ's capabilities.

He closed with a strong plea for automating defense wherever possible, and he claimed to have seen success in doing so. One striking improvement he left the audience with was action against phishing sites. These formerly endured for forty hours or more. Now they're taken down in less than five.