GCHQ Lack Staff for 'umbrella' Cyber Surveillance

 ghcq-apprenticeships.png

GCHQ has criticised reports that the UK government is turning the nation into a police state, arguing that the agency does not have the resources for umbrella surveillance.
Ciaran Martin, GCHQ's director general for cyber security, called for businesses to begin working with the agency, arguing that many concerns about its surveillance activities are exaggerated.
"Our intelligence gathering has been the source of controversy recently. I can't comment on that. The Queen's Speech laid out the plans," he said during a keynote speech at InfoSec Europe.
"But I would note that we use our powers extremely carefully. One of the things that's been said flippantly in our defence is that we don't have the power to do a mass intrusion."

Martin claimed that this is true. "We're simply not big enough to put a big cyber umbrella over the entire country. Our focus has to be on the high-end attacks: risks to national infrastructure, securing defence assets and assisting government departments making the transition to digital services."
Martin's comments follow concerns about the UK government's plans to revisit the controversial Snoopers' Charter and introduce legislation that would hamper companies' abilities to encrypt customer data in a way that the GCHQ could not access.

The concerns led to a backlash against the government and GCHQ in the security industry.
Pretty Good Privacy encryption creator and Silent Circle chief Phil Zimmermann described the UK's plans as Orwellian, while revealing his intention to move his company from the US to Switzerland for the same reason.
When asked about these concerns, Martin said that the ultimate decision regarding GCHQ's powers will be made by the government after a "lengthy and thorough period of debate and examination".
Martin added that the UK government has plans to improve the nation's digital economy, and would not let GCHQ mount any operations undermining this effort.
"The tech boom is a huge economic and social opportunity. This is something the government attaches great importance to," he said. "It is not our aim to slow or shut down the march of tech and, even if it was, we wouldn't be allowed to."
Looking to the future, Martin said that the public and private sectors will have to work together to achieve the government's growth plans, claiming that the cyber threats facing industry are too big for any firm to take on alone.
"We see real threats to the UK on a daily basis and the scale and rate are showing no signs of abating," he said.
"We think about motivation, why the bad people do what they do. Looking at this there are three words that explain the motivation in my mind: money, power and propaganda."

Martin highlighted the 2014 attack on Sony as proof of his claim, arguing that businesses are now the targets of criminals, state-sponsored groups and rogue hacktivists.
"Any organisation with money on a system is a target for cyber attacks. For some states operating outside national norms, getting one over on a rival who is more developed is attractive," he said.
"In an age when the reputation of organisations counts for so much, never discount this as motive. The Sony attack was destructive, but the goal was making a loud media splash. The same is true of hacktivists."
He added that the need for collaboration is pressing as many companies are still failing to follow basic cyber security best practice.

Martin has urged firms to take advantage of existing government guidance, such as GCHQ's 10 Steps to Cyber Security, the Cyber Essentials scheme and CERT-UK's Common Cyber Attacks: Reducing the Impact, and adopt more dynamic security strategies.
GCHQ is one of many government departments calling for increased collaboration between the public and private sectors in combating cyber threats.
V3:  http://bit.ly/1KSJwSj

« Snowden Revelations Costly for US Tech Firms
PWC 2015 Information Security Breaches Survey »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

HWG Sababa

HWG Sababa

HWG Sababa is a cybersecurity provider that offers a comprehensive suite of strategic managed security solutions, services, and consultancy.

ThoughtSol

ThoughtSol

Thoughtsol help brands grow through Digital Transformation enabling them to leverage the power of IT for an all-embracing impact on their businesses.