NCSC To Train Private-Sector Security Staff

GCHQ’s National Cyber Security Centre (NCSC), which is to be officially opened on Tuesday by the Queen and the Duke of Edinburgh, plans to train staff from the private sector in order to help bring the private sector into the fight against Internet-based attacks.

Chancellor Philip Hammond said the centre will invite businesses to second up to 100 staff, allowing the government to draw on private-sector expertise and vice-versa.

Industry partnership

“We will invite business to second up to 100 employees to come and work in the NCSC – allowing us to draw on the best and the brightest in industry – to test and challenge the government’s thinking,” he is to say at the opening. “And for these people to then return to the private sector and draw on their experience at NCSC to drive change within industry.”

The government alone “cannot protect businesses and the general public from the risks of cyber-attack”, he is to say.

Hammond, who over the weekend warned that online attacks now affect kettles and refrigerators as well as critical national infrastructure, on Tuesday will argue it is up to the private sector to “sharpen its approach as the scale of the threat from cyber increases and intensifies”.

The NCSC is ready to “work hand in hand with industry”, but Hammond’s speech will criticise businesses’ cyber-readiness, saying nine out of ten companies don’t have an incident management plan in place in the event of a data breach.

“This cutting-edge centre will cement our position as world leader in cyber security and work carried out here will ensure our country remains resilient to potential attacks,” Hammond is to say.

Incident response

The NCSC said it plans to begin taking on private-sector staff by the end of the 2017/2018 financial year.

Ciaran Martin, who heads the centre, said its tasks will include pinpointing vulnerabilities in public-sector websites, eliminating fraudulent emails and removing UK-based phishing sites.

“We will help secure our critical services, lead the response to the most serious incidents and improve the underlying security of the internet through technological improvement and advice to citizens and organisations,” Martin stated.

The centre is based in the Nova development (pictured) off Victoria Street, between Buckingham Palace and Westminster, with full occupancy of its roughly 700 staff expected early this year.

NCSC deputy director for digital services Alison Whitney said the centre aims to protect routine online transactions such as Internet shopping and digital interactions with government.

“We say and we really do mean that we are here to make the UK the safest place to do business and to live online,” she said in a statement ahead of the opening.

The NCSC said it has prevented 188 potential attacks in the three months since it started operations in October of last year, including attempts to steal government secrets and university research.

MPs have expressed concern that with the formation of the NCSC the government is focusing on national security risks to the exclusion of increasingly disruptive cyber-attacks on the financial sector, while parliament’s Public Accounts Committee (PAC) has criticised the government for taking too long to consolidate the country’s “dysfunctional” data breach reporting system, challenging it to set out a “detailed plan” for the NCSC by the end of this financial year.

Do you know all about security? Try our quiz!