GCHQ Lack Staff for 'umbrella' Cyber Surveillance

 ghcq-apprenticeships.png

GCHQ has criticised reports that the UK government is turning the nation into a police state, arguing that the agency does not have the resources for umbrella surveillance.
Ciaran Martin, GCHQ's director general for cyber security, called for businesses to begin working with the agency, arguing that many concerns about its surveillance activities are exaggerated.
"Our intelligence gathering has been the source of controversy recently. I can't comment on that. The Queen's Speech laid out the plans," he said during a keynote speech at InfoSec Europe.
"But I would note that we use our powers extremely carefully. One of the things that's been said flippantly in our defence is that we don't have the power to do a mass intrusion."

Martin claimed that this is true. "We're simply not big enough to put a big cyber umbrella over the entire country. Our focus has to be on the high-end attacks: risks to national infrastructure, securing defence assets and assisting government departments making the transition to digital services."
Martin's comments follow concerns about the UK government's plans to revisit the controversial Snoopers' Charter and introduce legislation that would hamper companies' abilities to encrypt customer data in a way that the GCHQ could not access.

The concerns led to a backlash against the government and GCHQ in the security industry.
Pretty Good Privacy encryption creator and Silent Circle chief Phil Zimmermann described the UK's plans as Orwellian, while revealing his intention to move his company from the US to Switzerland for the same reason.
When asked about these concerns, Martin said that the ultimate decision regarding GCHQ's powers will be made by the government after a "lengthy and thorough period of debate and examination".
Martin added that the UK government has plans to improve the nation's digital economy, and would not let GCHQ mount any operations undermining this effort.
"The tech boom is a huge economic and social opportunity. This is something the government attaches great importance to," he said. "It is not our aim to slow or shut down the march of tech and, even if it was, we wouldn't be allowed to."
Looking to the future, Martin said that the public and private sectors will have to work together to achieve the government's growth plans, claiming that the cyber threats facing industry are too big for any firm to take on alone.
"We see real threats to the UK on a daily basis and the scale and rate are showing no signs of abating," he said.
"We think about motivation, why the bad people do what they do. Looking at this there are three words that explain the motivation in my mind: money, power and propaganda."

Martin highlighted the 2014 attack on Sony as proof of his claim, arguing that businesses are now the targets of criminals, state-sponsored groups and rogue hacktivists.
"Any organisation with money on a system is a target for cyber attacks. For some states operating outside national norms, getting one over on a rival who is more developed is attractive," he said.
"In an age when the reputation of organisations counts for so much, never discount this as motive. The Sony attack was destructive, but the goal was making a loud media splash. The same is true of hacktivists."
He added that the need for collaboration is pressing as many companies are still failing to follow basic cyber security best practice.

Martin has urged firms to take advantage of existing government guidance, such as GCHQ's 10 Steps to Cyber Security, the Cyber Essentials scheme and CERT-UK's Common Cyber Attacks: Reducing the Impact, and adopt more dynamic security strategies.
GCHQ is one of many government departments calling for increased collaboration between the public and private sectors in combating cyber threats.
V3:  http://bit.ly/1KSJwSj

« Snowden Revelations Costly for US Tech Firms
PWC 2015 Information Security Breaches Survey »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Secure Source

Secure Source

Secure Source specialise in search and recruitment for Cyber Security and Security Cleared markets.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

Envelop Risk

Envelop Risk

Envelop Risk is a global specialty cyber insurance firm, combining decades of insurance industry expertise with sophisticated cyber and artificial intelligence-based analytics.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Apollo Secure

Apollo Secure

Apollo is an automated cybersecurity platform for startups and small businesses to achieve and maintain security compliance.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.

CASwell

CASwell

Caswell is an industry-leading OEM/ODM specializing in networking, security, SD-WAN, NFV, telecommunication and IoT applications.