Security Experts:

UK's Top Spy Agency Coming Out of the Shadows: GCHQ Director


The UK's Government Communications Headquarters (GCHQ) is one of the UK's more secretive intelligence agencies. Its existence was not acknowledged until 1976, when investigative journalists Duncan Campbell and Mark Hosenball (an American journalist working in the UK) 'outed' the organization in an article in Time Out. Hosenball was rapidly deported because he was deemed to be a threat to UK national security.

GCHQ started life at the end of the First World War as the Government Code and Cypher School (GC&CS). It operated from Bletchley Park during the Second World War where it, and particularly Alan Turing, were instrumental in breaking the German Enigma encryption system. Even that was not acknowledged for thirty years. The organization moved to Cheltenham, now occupying the 'doughnut', after the war -- and changed its name to GCHQ.

In the early 1970s, a GCHQ staff member named James Ellis developed the concept of public key encryption -- but not being a mathematician, could not make a working implementation. It was not until the 1980s that the Americans Whitfield Diffie and Martin Hellman independently discovered public key encryption. GCHQ's efforts were not publicly disclosed until 1997.

This predilection for secrecy is, overtly at least, slowly breaking down. It probably started and is an inevitable consequence of the evolution of the new National Cyber Security Centre (NCSC), which is part of GCHQ. Communications has always been the domain of GCHQ; but the rise of the internet means that crime and communications intelligence cannot realistically be separated. 

Locating NCSC within GCHQ is logical, where it is able to draw upon the enormous GCHQ cyber expertise to combat crime -- whether that is terrorist related or organized crime related. However, fighting crime cannot be done in the publicity vacuum that has been the traditional domain of GCHQ. NCSC, currently celebrating its first anniversary, talks to and works with business, and advises the public on cyber security awareness. GCHQ is very slowly emerging from the shadows.

The process of emergence was highlighted on Saturday when the director of GCHQ, Jeremy Fleming, made his most extensive public comment so far in an article published in the Telegraph. He moved from MI5 to GCHQ in March 2017. Without going into details on the amount, he writes, "The Government's investment in a bigger GCHQ gives us a chance to recruit the brightest and best from across our society -- as the threat becomes more diverse, so must the workforce that tackles it."

Inside GCHQ 3
Inside GCHQ 3 (Image Copyright GCHQ)

Much of that funding, he says, will go into making GCHQ a cyber organization as much as an intelligence organization. The difference is moot, since GCHQ has been using its cyber expertise for many years. Part of the Edward Snowden revelations disclosed a GCHQ project known as Tempora, which allegedly covertly gathered vast troves of personal internet communications which were then shared with the U.S. National Security Agency (NSA). GCHQ was also accused of targeting a Belgian telecommunications company, Belgacom, where staff computers were infected with malware in a 'quantum insert' attack to secure access to customers.

"By its nature," wrote Fleming, NCSC "has to work closely with the private sector; it works at lower (or without) security classifications, proactively engages with the media, and has a high profile in schools and universities. All of this can feel deeply challenging for a GCHQ that by necessity has worked in the shadows."

Fleming describes GCHQ as being 'at the heart of the nation's security.' "Over the past year," he writes, GCHQ/NCSC "has responded to nearly 600 significant incidents requiring a national, coordinated response. In dealing with these cases, from the WannaCry ransomware affecting the NHS through the attack on Parliament to lesser-known but important compromises and criminal attacks, the NCSC drew on GCHQ's data, analytical capabilities, skills and partnerships, which help us to prevent attacks as well as respond to them."

The WannaCry attack typifies the need to combine cyber intelligence and cybercrime activities. Ransomware is mainstream criminal activity; but the WannaCry outbreak is thought to have been delivered by nation-state actors working for North Korea. The combination of geopolitics and cybersecurity is getting increasingly entwined. "Keeping our citizens safe and free online must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism," he concludes.

It remains to be seen whether almost a century of secrecy can be altered in the new GCHQ. Whether it can or not, however, the combination of GCHQ and NCSC expertise is broadly welcomed. "The efforts of the British government to assure cybersecurity and online safety for its citizens are laudable, and should serve as an example to other countries," commented Ilia Kolochenko, CEO of High-Tech Bridge.

He warns, however, that it is an impossible task for a single nation. "However, the Internet is an open world without borders, and thus it's not an easy task to keep digital peace in a particular country or geographical area. It is virtually impossible to keep citizens of a particular country safe."

Since the problem is international and not entirely cyber-related, so must be the solution. Cybersecurity cannot be achieved, "without first resolving the intertwined problems of cybercrime, poverty, political crises and nation-state attacks. International cooperation, global economic and political stability -- are vitally important to fight skyrocketing cybercrime."

Peter Yapp, Deputy Director at NCSC, will be speaking on a panel at SecurityWeek's 2017 ICS Cyber Security Conference on Oct. 25 in Atlanta to discuss the growing global threat of international intrusions and cyberattacks on critical national infrastructure. Yapp will be joined by Simon Hodgkinson, CISO at BP; Dr. Kevin Jones, Head of Cyber Security Architecture, Innovation and Scouting at Airbus; and Dr. Chris Hankin, Director at the UK ICS cyber security Research Institute (RITICS).

Related: Learn More at SecurityWeek's ICS Cyber Security Conference 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.