Britain’s cyber-spooks are reaching out from behind their veil of secrecy with the aim of cultivating the nation’s next generation of high-tech sentries — a move not without security risks.
With recruiting initiatives levelled at tech-savvy hipsters, start-ups pitching ideas and even Christmas puzzles, the top-secret Government Communications Headquarters (GCHQ) is letting the public in, ever so slightly.
The latest move was this month’s “Cyber Accelerator” event at the National Cyber Security Centre (NCSC) — part of GCHQ — when investors, journalists and entrepreneurs were offered a rare glimpse behind the scenes.
The Accelerator project connects tech entrepreneurs with GCHQ experts and information, aiming to help the budding companies turn their ideas into ready-for-market cyber-defence products.
The move is the latest in a series of initiatives by the security services to open their doors to young tech wizards — a subtle effort to recruit the best and brightest as Britain’s future cyber-sentries.
GCHQ has previously used stencil graffiti recruitment adverts in the fashionable east London tech hub, and also launched an online puzzle comprising 29 blocks of letters to be decoded by aspiring cyber spies.
During the visit to Accelerator, visitors were whisked up to the National Cyber Security Centre’s offices in central London in space-age lifts.
Once arrived, they got to see the latest weapons the entrepreneurs were pitching to private investors as part of the programme.
“Razor wire is there to keep people out, but it does quite a good job of keeping people in. It does create an internal community and we wanted to break out of that,” said Chris Ensor, NCSC’s deputy director for cyber-skills and growth.
“Accelerator is the natural next step, going out into the wider world.”
Nine businesses, who are working with GCHQ for nine months, pitched ideas including defences for crypto-currencies and domestic web-connected products as well as hardware that can wipe the contents of a laptop in case of theft.
Matt Hancock, a junior minister for digital and culture affairs, encouraged investors to dig deep, saying that GCHQ’s efforts to engage with the outside world were bearing fruit.
“The small acorn is now beginning to grow into an oak,” he said.
– Security risk –
Stressing the urgency of the challenge, NCSC technical director Ian Levy revealed that the agency has dealt with 600 major cyber incidents in its first year, 35 of which were classed as serious.
“They have taught us some things,” he said. “Our adversaries are infinitely inventive, they’re brilliant.”
Alan Woodward, a cybersecurity expert at the University of Surrey, praised Britain for harnessing individual inspiration with the power of government.
“Some of the best ideas have come from one man and his shed, it’s the modern version of that.
“They don’t always find a natural home in big business or government, this is about trying to give them a leg up,” he said.
The event’s Silicon Valley spirit and prospects of hard cash are both intended to lure sharp young minds towards working for the nation’s defence, he added.
“You can pay someone £30,000 ($40,000, 34,000 euros) a year to go and work at GCHQ and they can basically double that by going to industry. It’s hard to get them in and retain them.”
– ‘Keen to attract young talent’ –
“We also know GCHQ is very, very keen to attract young talent,” said Anthony Glees, director of the Buckingham University Centre for Security and Intelligence Studies.
“Some of the most succesful hackers have been 16 and 17-year old lads working out of their bedrooms.”
However, the necessity of information sharing with private citizens creates potential security “pitfalls”, he said, with the leaks by private contractor Edward Snowden while working for the NSA — GCHQ’s US equivalent — serving as a warning.
GCHQ conduct thorough background checks, but this is “an extremely expensive process”, said Glees.
The government must therefore walk a fine line in judging what information to share.
“Exchanging information is always hazardous… but it is necessary,” said Glees.
But some things will remain stamped “Top secret”, including the location where the entrepreneurs do their work with Britain’s cyber-spies.
“It’s a physical place, but you can’t tell anyone where it is,” said the NCSC’s Ensor.