Director's Departure Leaves A Big Hole At GCHQ

The early departure of Robert Hannigan (pictured) as UK’s GCHQ chief, was recently announced and it marks not so much the end of an era as the transition between eras. 

The agency’s famous HQ in Cheltenham, a metallic doughnut the size of the UK’s Wembley Stadium, might look futuristic but was designed in the late 1990s before anyone worked out just how much data the intelligence services would have to intercept and analyse. Or how much of espionage would involve codebreaking, and on such an unprecedented scale. 

The workload exploded as it opened in 2003 and suddenly a GCHQ designed for 5,000 staff looked too small. New ways of working were needed.

Hannigan was brought in, as outsiders occasionally are to GCHQ, to administer some course correction. Its analysts needed to change the way they looked for jihadis, so as not to be drowned in the tsunami of data. The agency also needed to change the way it dealt with the outside world, especially in an era where the basic work of the agency could be misrepresented by the likes of Edward Snowden as massive-scale scandalous hacking, rather than the metadata analysis that the agency has always done. 

It’s tough for GCHQ to defend itself, because spies don’t talk. Hannigan tried to open up, a little, to implement a little glasnost, as it were (he had an article in the FT on his first day in the job). He believed that the agency had to do a better job of defending itself if it wanted a long-term future, and that it does have a good story to tell.

He took the helm in an era when jihadi-catching was becoming a lot harder. Just a few years ago, pretty much every email could be intercepted fairly easily. Then encryption started to be offered as standard, so the proportion of hackable emails fell from 100pc to about zero in the space of five or six years. 

Even ten years ago, jihadis were using GSM mobiles, easily traceable given the signals they gave out. The Islamic State is made up of a younger generation who survived by being smart enough not to use mobiles, and can set up their own satellite networks. They know how to conceal their communications, and how to take on dozens of identities. Tracking down a jihadi now is not like looking for a needle in a haystack, needles stand out. It’s like looking for a specific piece of hay in a haystack.

And for all that, GCHQ has managed to adapt and stayed ahead of the bad guys, as it has been doing since the days of Bletchley Park. Like all intelligence agencies, its success is measured in stories that we don’t hear about; attacks that never happen.

And why is Hannigan leaving so early? Those hoping for a conspiracy theory are likely to be disappointed: talk of a family illness is likely closer to the mark. Hannigan said in his resignation letter that he wants a successor to be firmly embedded by GCHQ’s centenary in 2019, but this job is of such importance that ministers expect a successor to be found by Easter.

Spectator:        Spying On You In Britain:         Cybersecurity Start-Ups Working With GCHQ

 

« Cyber Criminals Set to Get ‘Creative’ in 2017
Hacker, Tailor, Soldier, Spy: Future Cyberwar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.