GCHQ Cyber Unit To Monitor Private Networks

The cyber security unit of the UK’s intelligence agency, GCHQ, is to receive a massive boost in resources and funding, as part of government attempts to step up protection for critical national infrastructure.

Security minister Baroness Pauline Neville-Jones told The Daily Telegraph that the Cyber Security Operations Centre (CSOC) at GCHQ, which was created as part of the UK’s National Cyber Security Strategy in 2009, will receive a large portion of the £650 million pledged by the government last year to improve the country’s cyber defences.

The funding will allow the unit to expand significantly, building on its expertise in online threats to national security. As part of the government’s strategy, CSOC will partner with major communications, power and transport providers, allowing the intelligence agency to analyse streams of data from these firms for evidence of hacking.

David Cameron has apparently already entered into negotiations with several critical infrastructure firms, to allow their network data to be analysed by CSOC. Last month, representatives from British Airways, BT and the National Grid reportedly visited Downing Street to discuss the plans.

No security implications

Baroness Pauline Neville-Jones said this will create greater “situational awareness,” meaning the government will have access to up-to-the-minute intelligence garnered from multiple sources.

In an attempt to allay public concern, the security minister (pictured) said the partnership between GCHQ and these companies would not have privacy implications. “What this partnership will not do is start breaking boundaries that we have around privacy and personal data”, she said.

The news follows the government’s Strategic Defence and Security Review, published last year, which highlighted cyber attacks as one of the greatest threats to national security, alongside terrorism. The report said that “hostile computer attacks on UK cyberspace” would be considered as “tier 1” attacks – the highest in the new designations to be implemented in the coalition’s national security strategy.

Ian Lobban, director of GCHQ, has also previously warned that the threat of cyber attacks on critical infrastructure is “real and credible”. At an event at the International Institute of Strategic Studies in October, he said that government systems are targeted 1,000 times each month, and warned that such attacks threaten Britain’s economic future.

Last month, home secretary Theresa May allocated £63 million of the £650 million cyber security fund to cyber crime policing. She said that the UK is relying on “self-regulation” rather than “formal regulation” when it comes to tackling both cyber security and cyber crime.

Cyber threat exaggerated?

However, many observers have criticised the hype around cyber security, claiming that the risks have been overblown. For example, a January report by the OECD claimed that a war fought solely with cyber-weapons was unlikely, although it did warn that the use of cyber-weaponry as a “disrupter” or “force multiplier” could be extremely detrimental to a country’s infrastructure.

A recent report by the Office of Cyber Security and Information Assurance (OCSIA) and information intelligence firm Detica (owned by BAE Systems) also claimed that cyber crime costs the UK economy £27 billion a year. However, the report was dismissed by an information security professor at the London School of Economics as a “sales promotion exercise”.

Professor Peter Sommer said that the report was full of “fake precision,” and that no agreement has yet been made about what to include in the calculation of losses. “The whole report has been orientated to areas in which BAE can offer its facilities and services,” he said.