Director's Departure Leaves A Big Hole At GCHQ

Uploaded on 2017-01-30 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

The early departure of Robert Hannigan (pictured) as UK’s GCHQ chief, was recently announced and it marks not so much the end of an era as the transition between eras. 

The agency’s famous HQ in Cheltenham, a metallic doughnut the size of the UK’s Wembley Stadium, might look futuristic but was designed in the late 1990s before anyone worked out just how much data the intelligence services would have to intercept and analyse. Or how much of espionage would involve codebreaking, and on such an unprecedented scale. 

The workload exploded as it opened in 2003 and suddenly a GCHQ designed for 5,000 staff looked too small. New ways of working were needed.

Hannigan was brought in, as outsiders occasionally are to GCHQ, to administer some course correction. Its analysts needed to change the way they looked for jihadis, so as not to be drowned in the tsunami of data. The agency also needed to change the way it dealt with the outside world, especially in an era where the basic work of the agency could be misrepresented by the likes of Edward Snowden as massive-scale scandalous hacking, rather than the metadata analysis that the agency has always done. 

It’s tough for GCHQ to defend itself, because spies don’t talk. Hannigan tried to open up, a little, to implement a little glasnost, as it were (he had an article in the FT on his first day in the job). He believed that the agency had to do a better job of defending itself if it wanted a long-term future, and that it does have a good story to tell.

He took the helm in an era when jihadi-catching was becoming a lot harder. Just a few years ago, pretty much every email could be intercepted fairly easily. Then encryption started to be offered as standard, so the proportion of hackable emails fell from 100pc to about zero in the space of five or six years. 

Even ten years ago, jihadis were using GSM mobiles, easily traceable given the signals they gave out. The Islamic State is made up of a younger generation who survived by being smart enough not to use mobiles, and can set up their own satellite networks. They know how to conceal their communications, and how to take on dozens of identities. Tracking down a jihadi now is not like looking for a needle in a haystack, needles stand out. It’s like looking for a specific piece of hay in a haystack.

And for all that, GCHQ has managed to adapt and stayed ahead of the bad guys, as it has been doing since the days of Bletchley Park. Like all intelligence agencies, its success is measured in stories that we don’t hear about; attacks that never happen.

And why is Hannigan leaving so early? Those hoping for a conspiracy theory are likely to be disappointed: talk of a family illness is likely closer to the mark. Hannigan said in his resignation letter that he wants a successor to be firmly embedded by GCHQ’s centenary in 2019, but this job is of such importance that ministers expect a successor to be found by Easter.

Spectator:        Spying On You In Britain:         Cybersecurity Start-Ups Working With GCHQ

 

« Cyber Criminals Set to Get ‘Creative’ in 2017
Hacker, Tailor, Soldier, Spy: Future Cyberwar »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.

Continent 8 Technologies

Continent 8 Technologies

Continent 8 Technologies is the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions to the global online gambling industry.