GCHQ Lack Staff for 'umbrella' Cyber Surveillance

 ghcq-apprenticeships.png

GCHQ has criticised reports that the UK government is turning the nation into a police state, arguing that the agency does not have the resources for umbrella surveillance.
Ciaran Martin, GCHQ's director general for cyber security, called for businesses to begin working with the agency, arguing that many concerns about its surveillance activities are exaggerated.
"Our intelligence gathering has been the source of controversy recently. I can't comment on that. The Queen's Speech laid out the plans," he said during a keynote speech at InfoSec Europe.
"But I would note that we use our powers extremely carefully. One of the things that's been said flippantly in our defence is that we don't have the power to do a mass intrusion."

Martin claimed that this is true. "We're simply not big enough to put a big cyber umbrella over the entire country. Our focus has to be on the high-end attacks: risks to national infrastructure, securing defence assets and assisting government departments making the transition to digital services."
Martin's comments follow concerns about the UK government's plans to revisit the controversial Snoopers' Charter and introduce legislation that would hamper companies' abilities to encrypt customer data in a way that the GCHQ could not access.

The concerns led to a backlash against the government and GCHQ in the security industry.
Pretty Good Privacy encryption creator and Silent Circle chief Phil Zimmermann described the UK's plans as Orwellian, while revealing his intention to move his company from the US to Switzerland for the same reason.
When asked about these concerns, Martin said that the ultimate decision regarding GCHQ's powers will be made by the government after a "lengthy and thorough period of debate and examination".
Martin added that the UK government has plans to improve the nation's digital economy, and would not let GCHQ mount any operations undermining this effort.
"The tech boom is a huge economic and social opportunity. This is something the government attaches great importance to," he said. "It is not our aim to slow or shut down the march of tech and, even if it was, we wouldn't be allowed to."
Looking to the future, Martin said that the public and private sectors will have to work together to achieve the government's growth plans, claiming that the cyber threats facing industry are too big for any firm to take on alone.
"We see real threats to the UK on a daily basis and the scale and rate are showing no signs of abating," he said.
"We think about motivation, why the bad people do what they do. Looking at this there are three words that explain the motivation in my mind: money, power and propaganda."

Martin highlighted the 2014 attack on Sony as proof of his claim, arguing that businesses are now the targets of criminals, state-sponsored groups and rogue hacktivists.
"Any organisation with money on a system is a target for cyber attacks. For some states operating outside national norms, getting one over on a rival who is more developed is attractive," he said.
"In an age when the reputation of organisations counts for so much, never discount this as motive. The Sony attack was destructive, but the goal was making a loud media splash. The same is true of hacktivists."
He added that the need for collaboration is pressing as many companies are still failing to follow basic cyber security best practice.

Martin has urged firms to take advantage of existing government guidance, such as GCHQ's 10 Steps to Cyber Security, the Cyber Essentials scheme and CERT-UK's Common Cyber Attacks: Reducing the Impact, and adopt more dynamic security strategies.
GCHQ is one of many government departments calling for increased collaboration between the public and private sectors in combating cyber threats.
V3:  http://bit.ly/1KSJwSj

« Snowden Revelations Costly for US Tech Firms
PWC 2015 Information Security Breaches Survey »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

Ncontracts

Ncontracts

Our mission at Ncontracts is to continually improve our clients’ ability to manage risk and compliance.