Director's Departure Leaves A Big Hole At GCHQ

The early departure of Robert Hannigan (pictured) as UK’s GCHQ chief, was recently announced and it marks not so much the end of an era as the transition between eras. 

The agency’s famous HQ in Cheltenham, a metallic doughnut the size of the UK’s Wembley Stadium, might look futuristic but was designed in the late 1990s before anyone worked out just how much data the intelligence services would have to intercept and analyse. Or how much of espionage would involve codebreaking, and on such an unprecedented scale. 

The workload exploded as it opened in 2003 and suddenly a GCHQ designed for 5,000 staff looked too small. New ways of working were needed.

Hannigan was brought in, as outsiders occasionally are to GCHQ, to administer some course correction. Its analysts needed to change the way they looked for jihadis, so as not to be drowned in the tsunami of data. The agency also needed to change the way it dealt with the outside world, especially in an era where the basic work of the agency could be misrepresented by the likes of Edward Snowden as massive-scale scandalous hacking, rather than the metadata analysis that the agency has always done. 

It’s tough for GCHQ to defend itself, because spies don’t talk. Hannigan tried to open up, a little, to implement a little glasnost, as it were (he had an article in the FT on his first day in the job). He believed that the agency had to do a better job of defending itself if it wanted a long-term future, and that it does have a good story to tell.

He took the helm in an era when jihadi-catching was becoming a lot harder. Just a few years ago, pretty much every email could be intercepted fairly easily. Then encryption started to be offered as standard, so the proportion of hackable emails fell from 100pc to about zero in the space of five or six years. 

Even ten years ago, jihadis were using GSM mobiles, easily traceable given the signals they gave out. The Islamic State is made up of a younger generation who survived by being smart enough not to use mobiles, and can set up their own satellite networks. They know how to conceal their communications, and how to take on dozens of identities. Tracking down a jihadi now is not like looking for a needle in a haystack, needles stand out. It’s like looking for a specific piece of hay in a haystack.

And for all that, GCHQ has managed to adapt and stayed ahead of the bad guys, as it has been doing since the days of Bletchley Park. Like all intelligence agencies, its success is measured in stories that we don’t hear about; attacks that never happen.

And why is Hannigan leaving so early? Those hoping for a conspiracy theory are likely to be disappointed: talk of a family illness is likely closer to the mark. Hannigan said in his resignation letter that he wants a successor to be firmly embedded by GCHQ’s centenary in 2019, but this job is of such importance that ministers expect a successor to be found by Easter.

Spectator:        Spying On You In Britain:         Cybersecurity Start-Ups Working With GCHQ

 

« Cyber Criminals Set to Get ‘Creative’ in 2017
Hacker, Tailor, Soldier, Spy: Future Cyberwar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Surefire Cyber

Surefire Cyber

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.