Director's Departure Leaves A Big Hole At GCHQ

Uploaded on 2017-01-30 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

The early departure of Robert Hannigan (pictured) as UK’s GCHQ chief, was recently announced and it marks not so much the end of an era as the transition between eras. 

The agency’s famous HQ in Cheltenham, a metallic doughnut the size of the UK’s Wembley Stadium, might look futuristic but was designed in the late 1990s before anyone worked out just how much data the intelligence services would have to intercept and analyse. Or how much of espionage would involve codebreaking, and on such an unprecedented scale. 

The workload exploded as it opened in 2003 and suddenly a GCHQ designed for 5,000 staff looked too small. New ways of working were needed.

Hannigan was brought in, as outsiders occasionally are to GCHQ, to administer some course correction. Its analysts needed to change the way they looked for jihadis, so as not to be drowned in the tsunami of data. The agency also needed to change the way it dealt with the outside world, especially in an era where the basic work of the agency could be misrepresented by the likes of Edward Snowden as massive-scale scandalous hacking, rather than the metadata analysis that the agency has always done. 

It’s tough for GCHQ to defend itself, because spies don’t talk. Hannigan tried to open up, a little, to implement a little glasnost, as it were (he had an article in the FT on his first day in the job). He believed that the agency had to do a better job of defending itself if it wanted a long-term future, and that it does have a good story to tell.

He took the helm in an era when jihadi-catching was becoming a lot harder. Just a few years ago, pretty much every email could be intercepted fairly easily. Then encryption started to be offered as standard, so the proportion of hackable emails fell from 100pc to about zero in the space of five or six years. 

Even ten years ago, jihadis were using GSM mobiles, easily traceable given the signals they gave out. The Islamic State is made up of a younger generation who survived by being smart enough not to use mobiles, and can set up their own satellite networks. They know how to conceal their communications, and how to take on dozens of identities. Tracking down a jihadi now is not like looking for a needle in a haystack, needles stand out. It’s like looking for a specific piece of hay in a haystack.

And for all that, GCHQ has managed to adapt and stayed ahead of the bad guys, as it has been doing since the days of Bletchley Park. Like all intelligence agencies, its success is measured in stories that we don’t hear about; attacks that never happen.

And why is Hannigan leaving so early? Those hoping for a conspiracy theory are likely to be disappointed: talk of a family illness is likely closer to the mark. Hannigan said in his resignation letter that he wants a successor to be firmly embedded by GCHQ’s centenary in 2019, but this job is of such importance that ministers expect a successor to be found by Easter.

Spectator:        Spying On You In Britain:         Cybersecurity Start-Ups Working With GCHQ

 

« Cyber Criminals Set to Get ‘Creative’ in 2017
Hacker, Tailor, Soldier, Spy: Future Cyberwar »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Tapestry Technologies

Tapestry Technologies

Tapestry Technologies supports the Department of Defense in shaping its approach to cybersecurity.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Next DLP

Next DLP

Next DLP (formerly Jazz Networks) is a leading provider of insider risk and data protection solutions.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

CYNC Secure

CYNC Secure

CYNC boosts cybersecurity remediation by consolidating fragmented data and optimizing operational processes.