GCHQ Lack Staff for 'umbrella' Cyber Surveillance

 ghcq-apprenticeships.png

GCHQ has criticised reports that the UK government is turning the nation into a police state, arguing that the agency does not have the resources for umbrella surveillance.
Ciaran Martin, GCHQ's director general for cyber security, called for businesses to begin working with the agency, arguing that many concerns about its surveillance activities are exaggerated.
"Our intelligence gathering has been the source of controversy recently. I can't comment on that. The Queen's Speech laid out the plans," he said during a keynote speech at InfoSec Europe.
"But I would note that we use our powers extremely carefully. One of the things that's been said flippantly in our defence is that we don't have the power to do a mass intrusion."

Martin claimed that this is true. "We're simply not big enough to put a big cyber umbrella over the entire country. Our focus has to be on the high-end attacks: risks to national infrastructure, securing defence assets and assisting government departments making the transition to digital services."
Martin's comments follow concerns about the UK government's plans to revisit the controversial Snoopers' Charter and introduce legislation that would hamper companies' abilities to encrypt customer data in a way that the GCHQ could not access.

The concerns led to a backlash against the government and GCHQ in the security industry.
Pretty Good Privacy encryption creator and Silent Circle chief Phil Zimmermann described the UK's plans as Orwellian, while revealing his intention to move his company from the US to Switzerland for the same reason.
When asked about these concerns, Martin said that the ultimate decision regarding GCHQ's powers will be made by the government after a "lengthy and thorough period of debate and examination".
Martin added that the UK government has plans to improve the nation's digital economy, and would not let GCHQ mount any operations undermining this effort.
"The tech boom is a huge economic and social opportunity. This is something the government attaches great importance to," he said. "It is not our aim to slow or shut down the march of tech and, even if it was, we wouldn't be allowed to."
Looking to the future, Martin said that the public and private sectors will have to work together to achieve the government's growth plans, claiming that the cyber threats facing industry are too big for any firm to take on alone.
"We see real threats to the UK on a daily basis and the scale and rate are showing no signs of abating," he said.
"We think about motivation, why the bad people do what they do. Looking at this there are three words that explain the motivation in my mind: money, power and propaganda."

Martin highlighted the 2014 attack on Sony as proof of his claim, arguing that businesses are now the targets of criminals, state-sponsored groups and rogue hacktivists.
"Any organisation with money on a system is a target for cyber attacks. For some states operating outside national norms, getting one over on a rival who is more developed is attractive," he said.
"In an age when the reputation of organisations counts for so much, never discount this as motive. The Sony attack was destructive, but the goal was making a loud media splash. The same is true of hacktivists."
He added that the need for collaboration is pressing as many companies are still failing to follow basic cyber security best practice.

Martin has urged firms to take advantage of existing government guidance, such as GCHQ's 10 Steps to Cyber Security, the Cyber Essentials scheme and CERT-UK's Common Cyber Attacks: Reducing the Impact, and adopt more dynamic security strategies.
GCHQ is one of many government departments calling for increased collaboration between the public and private sectors in combating cyber threats.
V3:  http://bit.ly/1KSJwSj

« Snowden Revelations Costly for US Tech Firms
PWC 2015 Information Security Breaches Survey »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

EIT Digital

EIT Digital

EIT Digital is a leading digital innovation and entrepreneurial education organisation driving Europe’s digital transformation. Areas of focus include digital infrastructure and cyber security.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

Zeusmark

Zeusmark

Zeusmark are a digital brand security company. We enable companies to successfully defend their brands, revenue and consumers online.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.