GCHQ Lack Staff for 'umbrella' Cyber Surveillance

Uploaded on 2015-06-16 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

 ghcq-apprenticeships.png

GCHQ has criticised reports that the UK government is turning the nation into a police state, arguing that the agency does not have the resources for umbrella surveillance.
Ciaran Martin, GCHQ's director general for cyber security, called for businesses to begin working with the agency, arguing that many concerns about its surveillance activities are exaggerated.
"Our intelligence gathering has been the source of controversy recently. I can't comment on that. The Queen's Speech laid out the plans," he said during a keynote speech at InfoSec Europe.
"But I would note that we use our powers extremely carefully. One of the things that's been said flippantly in our defence is that we don't have the power to do a mass intrusion."

Martin claimed that this is true. "We're simply not big enough to put a big cyber umbrella over the entire country. Our focus has to be on the high-end attacks: risks to national infrastructure, securing defence assets and assisting government departments making the transition to digital services."
Martin's comments follow concerns about the UK government's plans to revisit the controversial Snoopers' Charter and introduce legislation that would hamper companies' abilities to encrypt customer data in a way that the GCHQ could not access.

The concerns led to a backlash against the government and GCHQ in the security industry.
Pretty Good Privacy encryption creator and Silent Circle chief Phil Zimmermann described the UK's plans as Orwellian, while revealing his intention to move his company from the US to Switzerland for the same reason.
When asked about these concerns, Martin said that the ultimate decision regarding GCHQ's powers will be made by the government after a "lengthy and thorough period of debate and examination".
Martin added that the UK government has plans to improve the nation's digital economy, and would not let GCHQ mount any operations undermining this effort.
"The tech boom is a huge economic and social opportunity. This is something the government attaches great importance to," he said. "It is not our aim to slow or shut down the march of tech and, even if it was, we wouldn't be allowed to."
Looking to the future, Martin said that the public and private sectors will have to work together to achieve the government's growth plans, claiming that the cyber threats facing industry are too big for any firm to take on alone.
"We see real threats to the UK on a daily basis and the scale and rate are showing no signs of abating," he said.
"We think about motivation, why the bad people do what they do. Looking at this there are three words that explain the motivation in my mind: money, power and propaganda."

Martin highlighted the 2014 attack on Sony as proof of his claim, arguing that businesses are now the targets of criminals, state-sponsored groups and rogue hacktivists.
"Any organisation with money on a system is a target for cyber attacks. For some states operating outside national norms, getting one over on a rival who is more developed is attractive," he said.
"In an age when the reputation of organisations counts for so much, never discount this as motive. The Sony attack was destructive, but the goal was making a loud media splash. The same is true of hacktivists."
He added that the need for collaboration is pressing as many companies are still failing to follow basic cyber security best practice.

Martin has urged firms to take advantage of existing government guidance, such as GCHQ's 10 Steps to Cyber Security, the Cyber Essentials scheme and CERT-UK's Common Cyber Attacks: Reducing the Impact, and adopt more dynamic security strategies.
GCHQ is one of many government departments calling for increased collaboration between the public and private sectors in combating cyber threats.
V3:  http://bit.ly/1KSJwSj

« Snowden Revelations Costly for US Tech Firms
PWC 2015 Information Security Breaches Survey »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

SSL2BUY

SSL2BUY

SSL2BUY is a leading SSL certificate provider, authorized to sell top CA brands like Comodo, DigiCert, GlobalSign, Thawte, GeoTrust and more.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.

Cyber Solutions Inc

Cyber Solutions Inc

Cyber Solutions has been providing professional IT Support for businesses since 1998.