Tag Archives: GCHQ

GCHQ accelerator launches with The Landing to support start-ups in improving digital safety

In partnership with GCHQ, The Landing and global tech accelerator UP Ventures have been selected to deliver a ground-breaking accelerator: the Safe Citizen Digital Innovation Lab. Applications to join this GCHQ accelerator, which will start in early 2020, are being sought from companies who have customer-facing technology solutions aimed at improving citizen digital safety across the North West. 

This follows on from the GM Future of Health Challenge accelerator which received unprecedented application numbers and is now underway with a cohort of 15 companies, led by UP Ventures at The Landing, in the heart of Salford’s MediaCityUK.

GCHQ is a world-leading intelligence, cyber and security agency with a mission to keep the UK safe. In parallel with celebrating its centenary year, GCHQ is opening a new strategic hub in the heart of Manchester.

GCHQ is excited to engage with the thriving tech ecosystem in Greater Manchester and the North West and will be imparting exclusive tailored technical expertise into the programme. The GCHQ accelerator seeks start-ups that have harnessed cutting-edge technology in a creative way to make a difference to day-to-day life. This could be anything from informing and, in turn, empowering citizens by providing new insights from connected devices and services through to the creative use of data to deliver social impact in the region.

GCHQ’s deputy director for Manchester stated: “The Greater Manchester community has been fantastically welcoming to GCHQ and we’re just as pleased to be here. This accelerator programme is an early chance for us to begin working with the buzzing tech community in the North West. The ‘Safe Citizens’ theme for the accelerator combines our passion for exploring innovative cutting-edge technology with our desire to make a real contribution to the region. We look forward to building relationships with a diverse range of technologists, creatives and entrepreneurs.”

GCHQ at Cheltenham, Gloucestershire

Pioneering “a new kind of security”

In order to pioneer a new kind of security as it expands into Greater Manchester, GCHQ is seeking to engage with external partners in the region, sharing unique technical expertise and collaborating with a diverse range of entrepreneurs, industry and academia to make a difference in the community.

Danny Meaney, CEO of UP Ventures, commented: “This is a fantastic opportunity for emerging tech businesses to gain unique access to GCHQ’s world-class engineering and technology teams, as well as leading digital thinkers and our strong investor network.  We’re excited to help bring another initiative to the market that has the potential to make a meaningful impact on people’s lives through applied technology here in Greater Manchester and the North West. We’re also pleased to build on our long-standing and successful partnership with The Landing.”

The 16-week accelerator programme will leverage unique technical infrastructure and facilities, including the Vodafone 5G Innovation Lab which provides real world urban environments for demonstration of products and services of MediaCityUK. GCHQ is keen to contribute to the fabric of Greater Manchester. Therefore, the programme welcomes submissions that provide “life impact” solutions for vulnerable groups across the region, empowering and connecting citizens through the ingenious use of technology.

Dan Sodergren, head of business services at The Landing, observed: “Thanks to our unparalleled facilities and a commitment to innovation from all partners, this is a significant opportunity for companies to explore how a ‘Smart City’ can work for its customers. Using technology for good is something we’re incredibly passionate about and we’re excited to receive applications from those who can really make a positive difference to all of our lives in the 21st Century.”

*Apply to the Safe Citizen Innovation Lab 1: http://thegchqaccelerator.mystrikingly.com

**Deadline for entries is 8 November. Successful applicants will be announced by 13 December and the programme begins on 13 January 2020

Leave a comment

Filed under Risk Xtra

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

CESG Certified Training rebranded as GCHQ Certified Training

CESG Certified Training (CCT) was established in November 2014 to deliver training which satisfies the high standards set by CESG, the information security arm of GCHQ. APMG International is announcing that the scheme has been rebranded as GCHQ Certified Training (GCT). Effective as of 1 January 2016, the name change has been enacted to drive market recognition of the scheme and improve access to professional and relevant cyber security training.

APMG is GCHQ’s independent certification body, responsible for ensuring that training providers meet GCHQ standards. GCT helps professionals and organisations navigate the increasingly saturated cyber training market, and quickly identify training courses that meet the highest standards in terms of both content and delivery.

GCT certifies high quality cyber security training and trainers and is based on the IISP Skills Framework. This includes training suitable for those aspiring to certification under the CESG Certified Professional (CCP) scheme. The criteria for GCT are also aligned with the standards GCHQ uses for the GCHQ Certified Cyber Security Master’s degrees.

SilverShadowCyberSecurityPage13

CCT has been rebranded as GCT in recognition that GCHQ is a more widely known brand and is already used to certify cyber security Master’s degrees while also recognising high quality cyber security research. The instantly recognisable brand of GCHQ will increase awareness of the scheme for those working within cyber security, ultimately improving the availability of – and access to – cyber security training that’s fit for purpose.

Building cyber skills

A GCHQ spokesperson told Risk UK:  “One of the biggest challenges for the UK in cyber space is developing enough skilled people. Vital to building cyber skills is having relevant and high quality cyber security training. GCHQ Certified Training helps to deliver that by providing confidence in cyber security training providers and the courses they offer.’’

Commenting on the name change, Richard Pharro (CEO of APMG) said: “GCHQ is widely recognised as the pre-eminent authority on cyber intelligence and data security, which is why we fully support changing the name of the scheme. By bringing CCT under the GCHQ banner, training providers that have certified against the scheme will benefit greatly from the rebranding. This move will make it easier for end users to better understand what the certification signifies: quality, assurance and security.”

Andrew Fitzmaurice, CEO of Templar Executives (one of the first training companies to have achieved CCT certification for its courses) added: “The rebranding to GCT is a positive step for training providers and clients alike. In a market with a plethora of products, the GCHQ brand immediately helps delegates recognise which training and trainers have been rigorously assessed to deliver the highest quality learning and development, in turn reflecting Best Practice in cyber security.”

Sarah Rudge, information assurance manager at Ofqual (the Office of Qualifications and Examinations Regulation), found that the GCT-certified course she recently attended to be of a high quality, confirming the scheme’s value in the market.

Rudge commented: “I cannot recommend highly enough the information risk management course from Ultima Risk Management, which has been certified under the GCT scheme. I found it to be the perfect mix of tuition and practical exercises. It was so refreshing to find a course which is so relevant and directly applicable to my work.”

Leave a comment

Filed under Risk UK News, Uncategorized

UK Government announces further measures to boost cyber security defences in the UK

On Friday 12 December, Francis Maude – Minister for the Cabinet Office – hosted an event at the Institute for Chartered Accountants of England and Wales in central London marking the third anniversary of the UK’s Cyber Security Strategy. On the day, Maude unveiled several additional measures being put forward by the Government to assist in safeguarding the online space for all citizens.

The event was designed specifically to address leaders in industry, academia and Government and highlight ways in which the UK is building skills to boost its growing cyber security sector. It follows hot on the heels of a report to Parliament on progress and forward plans scripted to make the UK one of the safest places in which to do business online.

Increasing the number of people with the right cyber skills is vital for both Government and industry as the UK collectively faces the reality of cyber threats. The Government’s work to improve the UK’s cyber security defences is led by the Cabinet Office, the Department for Business, Innovation and Skills and, of course, GCHQ.

Maude announced that the Government has committed to:

*Grants for colleges and universities in Birmingham, Liverpool, Lancashire and Newcastle that will improve cyber security education and learning (the grants being realised in partnership with companies including Barclays Bank and Hut Group, the online retailer)
*New cyber camps and mentoring schemes run in conjunction with the Cyber Security Challenge UK and the Cyber Growth Partnership to help computing graduates gain practical experience and begin a career in cyber security
*Cryptoy: a new and innovative Android app designed by students on placements at GCHQ to highlight exciting developments in cipher and code-breaking for a new generation of cyber specialists
*A virtual hub operated in conjunction with the Council of Registered Ethical Security Testers (CREST) that’s ultimately designed to inspire students towards cyber security careers and provide advice and information on job opportunities
*New cyber security careers resources for students within the Graduate Prospects careers website
*An updated guide for business on the cyber security skills initiatives that will help develop the skills of their own staff members and nurture future talent

“As part of this Government’s long-term economic plan,” stated Francis Maude, “we want to ensure that Britain is one of the safest places in which to do business online. Over the past three years, we’ve taken a strategic approach to improving cyber security, working with others to deliver schools programmes. We’ve also certified six Masters degrees and established two centres for doctoral training alongside 11 Academic Centres of Excellence.”

The MP continued: “Given the work of Alan Turing and Bletchley Park in days gone by, the UK has a proud heritage in cryptography and computer science. Today, no less than 40,000 people work in our cyber industry and we have 14 cyber security ‘clusters’ across the country, but we do want to develop greater skills and encourage more people to pursue a career in this growth area.”

Maude concluded: “We do hope the Cryptoy app will spark a new interest among individuals to pursue a career in cyber security. Our new cyber camps, mentors and Higher Education Academy grants will help more people when it comes to embarking on a cyber security career.”

Read the minister’s speech in full

Francis Maude MP delivering his speech at the Institute for Chartered Accountants in England Wales, central London

Francis Maude MP delivering his speech at the Institute for Chartered Accountants in England Wales, central London

UK’s cyber security talent pool

Stephanie Daman, CEO of the Cyber Security Challenge UK, responded to the MP’s speech by stating: “This announcement highlights the Government’s ongoing commitment to improving the size and quality of the UK’s cyber security talent pool. It also demonstrates a real understanding of the fact that addressing our cyber security skills gap requires a sustained programme of targeted support for innovative programmes and initiatives that are inspiring the next generation of cyber professionals.”

Daman added: “Government’s support now spans a huge range of opportunities, from innovative tools such as Cryptoy to a national mentoring programme and a raft of new cyber camps designed to inspire budding cyber defenders. As a country, we’re now creating extraordinary opportunities for young people who demonstrate the aptitude and appetite to forge successful and rewarding careers in cyber security. I’m encouraged that, with the continued backing of Government, UK businesses and academia we’re doing exactly what’s required to future-proof the cyber security capabilities of the UK.”

Mark Hughes, president of BT Security, explained: “Making certain that security’s right and protecting businesses, Government and the general public against cyber attacks is vitally important. Data breaches and attacks are an everyday threat to business and, with the UK cyber security industry now worth £6 billion a year, it’s critical that we build a pipeline of talented people to fill the gap in skills we’re currently experiencing.”

Hughes went on to say: “Recruiting into the industry is notoriously difficult. On that basis, it’s critical that we engage in strategic activity that helps find the right people, prepares them for jobs in the industry, trains them and makes them ready to take on key roles in the cyber security profession.”

In conclusion, Hughes outlined: “It’s for this reason that BT is proud to be supporting the cyber camps and mentoring schemes announced by Francis Maude. It’s not enough that we concentrate on developing the workforce of today. If we’re to build and maintain resilient infrastructure in the UK then we simply must develop the workforce of the future. BT is fully committed to helping create that workforce.”

Professor Stephanie Marshall, CEO of the Higher Education Academy, also voiced opinion on the matter. “If the UK is to be equipped to respond to cyber threats,” opined Marshall, “we need to strengthen the pipeline of cyber talent and help prepare students for entry-level security career opportunities. The Higher Education Academy is pleased to be able to offer support to higher education providers when it comes to developing innovative projects involving strong partnership with businesses that will improve cyber security teaching and learning across the discipline of computing and the sectors beyond.”

Marshall also explained: “All four projects launched at this event have the potential to do this, thereby helping to improve the skills of graduates, address the shortage of cyber security skills and future-proof the country’s IT sector, in turn making it more resilient to possible cyber attacks.”

Leave a comment

Filed under Risk UK News

Robert Hannigan begins director’s role at GCHQ

Robert Hannigan has now succeeded Sir Iain Lobban as director of GCHQ, his appointment made with the agreement of Prime Minister David Cameron and in consultation with Nick Clegg, the Deputy Prime Minister.

Robert Hannigan has been the Director General (Defence and Intelligence) at the Foreign and Commonwealth Office (FCO) since 2010. Hannigan’s appointment (first announced back in April) at GCHQ was made following a recruitment process chaired by Sir Kim Darroch, National Security Adviser, that was open to crown and civil servants.

Foreign Secretary William Hague commented: “I’m delighted that Robert Hannigan has been appointed as the next Director of GCHQ. GCHQ’s world class work is vital to the safety and security of the United Kingdom. As well as his impressive personal qualities, Robert brings to the job a wealth of relevant experience in the fields of national security, counter-terrorism and international relations. I’d also like to thank Sir Iain Lobban for his consistently strong and professional leadership as Director of GCHQ since 2008.”

Commenting on his appointment, Robert Hannigan said: “It’s a privilege to be asked to lead GCHQ, an organisation which is so central to keeping the people of this country safe. I have great respect for the integrity and professionalism of the staff at GCHQ and for what they have achieved under the outstanding leadership of Sir Iain Lobban. I’m excited about meeting the challenges of the coming years alongside them.”

Robert Hannigan: the new Director of GCHQ

Robert Hannigan: the new Director of GCHQ

Sir Kim Darroch stated: “I’m delighted Robert Hannigan has been appointed Director of GCHQ. He will bring energy, flair, deep knowledge and extensive experience to the role, and I look forward to working closely with him. I would also like to take this opportunity to thank Sir Iain Lobban. Iain has been a close friend and colleague over my time as National Security Adviser, and has done an absolutely outstanding job at an exceptionally testing time for the organisation.”

Robert Hannigan: the Curriculum Vitae

Robert Hannigan joined the FCO as Director General (Defence and Intelligence) on 29 March 2010. For a number of years he has advised the Prime Minister on counter-terrorism, intelligence and security policy.

Hannigan joined the Civil Service from the private sector, becoming Director of Communications for the Northern Ireland Office. He was then appointed to be principal adviser to (then) Prime Minister Tony Blair and various Secretaries of State for Northern Ireland on the peace process, assuming responsibility for negotiations with the political parties and other groups in addition to liaison with the Irish Government and US Administration.

Hannigan was also the Prime Minister’s Security Adviser and Head of Intelligence, Security and Resilience in the Cabinet Office from 2007 with responsibility for the UK’s National Security Strategy.

Hannigan has been a member of the Joint Intelligence Committee for many years and was responsible (in the Cabinet Office) for the funding of the three UK intelligence agencies. He has regularly chaired ‘COBR’ meetings on terrorist incidents.

He was also responsible for the UK’s first Cyber Security Strategy and oversaw the first National Security Strategy.

Leave a comment

Filed under Risk UK News

GCHQ launches Royal British Legion’s Gloucestershire County Poppy Appeal 2014

To launch this year’s Royal British Legion Gloucestershire County Poppy Appeal, around 1,400 GCHQ staff – both civilian and military – worked together to create a giant poppy in the centre of the iconic GCHQ ‘doughnut’ building in Cheltenham.

Representing remembrance of the past and hope for the future, the stunning poppy was created using Royal Navy personnel wearing black uniforms to form the centre. They were surrounded by GCHQ staff dressed in red rain ponchos and other military personnel attired in green combat dress to form the stalk.

In a year that marks the centenary of the conflict which gave birth to the poppy as a symbol of remembrance and hope, the Royal British Legion’s role remains as contemporary and as vital as ever, supporting today’s generation of Armed Forces families and veterans.

For its part, GCHQ has a long history of supporting the military stretching back to 1914. Whenever and wherever British forces have deployed, GCHQ has been ready to assist, providing intelligence to help keep UK troops safe. Indeed, this enduring connection meant that there was no shortage of volunteers to help the Gloucestershire Legion with their efforts in the centenary year of World War I.

To launch this year’s Royal British Legion Gloucestershire County Poppy Appeal, around 1,400 GCHQ staff - both civilian and military - worked together to create a giant poppy in the centre of the iconic GCHQ building in Cheltenham

To launch this year’s Royal British Legion Gloucestershire County Poppy Appeal, around 1,400 GCHQ staff – both civilian and military – worked together to create a giant poppy in the centre of the iconic GCHQ building in Cheltenham

The completed poppy measured 38 metres in diameter with a 28 metre-long stalk. It was made up of 100 military and 1,308 civilian staff. Thanks to thorough military planning and some loud hailers, it took just over an hour to make sure everyone was position.

‘Top Secret Brass’ – GCHQ’s brass band – provided rousing music to keep the spirits up while everyone found their place. The mood was light at times: a Mexican wave was attempted but as the helicopter flew overhead to take the aerial shots, a poignant silence fell over the courtyard in a shared moment of reflection.

The event gave all involved the chance to actively show their support for the Royal British Legion and the military family.

One of the GCHQ participants who made up part of the petal described his experience. He said: “I was really proud to take part and show my support for the Royal British Legion by joining my colleagues, united in purpose, to honour those who have served – and continue to serve – this country.”

Supporting the work of The Royal British Legion

Nicole Mayall, community fundraiser for Gloucestershire’s 2014 Poppy Appeal, commented: “It’s really moving to see so many people standing together in support of The Royal British Legion’s work and to launch this year’s Poppy Appeal. We’re so grateful to all the staff at GCHQ who’ve made this possible. The money raised through the Poppy Appeal goes directly to the Legion’s welfare work, in turn providing through life care to anyone who’s currently serving in the British Armed Forces, anyone who has previously served and their families.”

Chris – a GCHQ civilian employee who had previously deployed overseas to support the military – spoke about his impressions of the day. “I’ve worked with the military in Afghanistan and seen at first-hand how GCHQ intelligence can help keep UK troops safe while they’re on operations. I’m proud to see so many people from GCHQ showing their support for the Royal British Legion and the military family.”

Participants were invited to make a donation to take part in the event and no less than £1,730 was raised.

The ponchos left over from the day will be donated to charity, namely a number of scout groups in the local area and Bloodbikes (a charity providing out of hours emergency medical courier services to Gloucestershire and the surrounding counties).

The poppy, representing Remembrance of the past and hope for the future, was created using Royal Navy personnel wearing black uniforms to form the centre. They were surrounded by GCHQ staff in red rain ponchos and other military personnel in green combat dress to form the stalk

The poppy, representing Remembrance of the past and hope for the future, was created using Royal Navy personnel wearing black uniforms to form the centre. They were surrounded by GCHQ staff in red rain ponchos and other military personnel in green combat dress to form the stalk

GCHQ: the detail

Government Communications Headquarters (GCHQ) is one of the three UK Intelligence and Security Agencies along with MI5 and the Secret Intelligence Service (MI6). GCHQ works to protect the UK and its citizens from a range of threats to national security, including those posed by terrorism, serious and organised crime and cyber attack.

The organisation also works to safeguard UK forces wherever they are deployed and, through its Information Security arm CESG, provides policy and assistance on the security of Government communications and electronic data.

At the heart of GCHQ’s support to the military is its staff. In recent conflicts, GCHQ staff have volunteered in numbers for deployment to war zones such that they can help keep the military safe. 90 GCHQ staff have received the medal for service in Iraq and 156 for their service in Afghanistan.

During November 2014, a number of memories and reflections of GCHQ staff who have worked to support the military – from World War I to the present day – will be shared on the GCHQ website. Check back at: http://www.gchq.gov.uk for further information from 1 November.

About The Royal British Legion

The Royal British Legion is the nation’s leading Armed Forces charity. The Legion provides immediate support and life-long care to Armed Forces families in need, spending £1.4 million each week to deliver direct, practical assistance and support to the Armed Forces community.

The Poppy Appeal 2014 introduces the Legion’s new position: ‘Live On – To the memory of the fallen and the future of the living’. This message provides a clear understanding of what The Royal British Legion does on a daily basis.

GCHQ has a long history of supporting the military stretching back to 1914

GCHQ has a long history of supporting the military stretching back to 1914

Remembrance is a hugely significant part of the Legion’s work, but the organisation also helps the living to approach their future with hope. Through the ‘Live On’ message, the Legion aims to capture the public’s imagination and reaffirm the meaning of the poppy as a symbol of both remembrance and hope.

The Royal British Legion created the Poppy Appeal to help those returning from the First World War. A century on from the start of that conflict, the organisation is still helping today’s Armed Forces families in much the same way, whether they are having to cope with bereavement, living with disability or working to find employment.

The fundraising target for the Poppy Appeal 2014 is a record £40 million (an increase on last year’s total of £39 million).

Leave a comment

Filed under Risk UK News

Alex Younger appointed as next Chief of the Secret Intelligence Service

With the agreement of Prime Minister David Cameron, Foreign Secretary Philip Hammond has announced that Alex Younger is appointed as successor to Sir John Sawers as Chief of the Secret Intelligence Service. Younger will take up the appointment in November.

The Secret Intelligence Service (SIS), often known as MI6, collects Britain’s foreign intelligence. The Service is based at Vauxhall Cross in London and provides Her Majesty’s Government with a global covert capability to promote and defend the national security and economic well-being of the United Kingdom.

Philip Hammond stated: “I’m pleased to announce that Alex Younger has been appointed as the next Chief of the Secret Intelligence Service. The work of MI6 is world class and its operation vital to the safety and security of the United Kingdom. Alex brings a wealth of relevant experience to the role, including his work in Afghanistan and helping keep the country safe during the London 2012 Olympics.”

Hammond added: “I’d also like to thank Sir John Sawers for his strong leadership and personal commitment to a modernising agenda. I wish him well for the future.”

Alex Younger: the next Chief of MI6

Alex Younger: the next Chief of MI6

Commenting on his appointment, Alex Younger said: “I’m delighted and honoured to become Chief of the Secret Intelligence Service and lead one of the best intelligence agencies in the world. Our dedicated staff work tirelessly against an array of threats that this country faces. They do so in close partnership with both MI5 and GCHQ with whom I’m looking forward to co-operating very closely.”

Younger also commented: “I would like to pay tribute to John Sawers for his lifetime’s dedication to the country and particularly to his time as Chief of MI6. He brought us into a new era, and I’m determined to build on this and bring my ideas for a modern Service to life.”

In response, Sir John Sawers said: “I’m delighted that my colleague and friend is taking over from me. He has played a vital part alongside me in modernising the SIS and ensuring that the Service is in the best possible shape to play its part in defending the country’s security and our values.”

Alex Younger: the Curriculum Vitae

Alex Younger is a career SIS officer and has been in the Service since 1991.

For the last two years he has been overseeing the Service’s intelligence operations worldwide. Younger has held overseas postings in Europe and the Middle East and was the senior SIS officer in Afghanistan.

He has filled a variety of operational roles in London, including leading the Service’s work on counter-terrorism in the three years running up to the 2012 Olympic Games.

Before joining the Service, Younger – an economics graduate – served as an officer in the British Army.

Leave a comment

Filed under Risk UK News

UK Government announces £4 million funding package to tackle cyber crime

New UK Government funding will help smaller businesses in the UK cyber sector to grow, collaborate and develop innovative solutions aimed at tackling today’s cyber threats.

Speaking at the first ever UK-US Global Cyber Security Innovation Summit in London, business secretary Vince Cable has unveiled details behind a £4 million competition for UK cyber businesses designed to help them develop ideas for tackling myriad cyber security threats.

The minister also announced the appointment of a cyber security ‘small business champion’ in addition to funding for specialist projects that will help drive growth and innovation in the sector. The competition will be run by the Technology Strategy Board (the Government’s innovation agency) in 2015 and subsequently award funding to those firms delivering the best ideas.

The Technology Strategy Board’s goal is to accelerate economic growth by stimulating and supporting business-led innovation. Sponsored by the Department for Business, Innovation and Skills (BIS), the Board brings together business, research and the public sector, supporting and accelerating the development of innovative products and services to meet market needs, tackle major societal challenges and help construct the future economy.

Vince Cable: Secretary of State for Business

Vince Cable: Secretary of State for Business

“The growth of the cyber security sector in the UK is a great success story,” urged Cable. “Indeed, that sector is now worth over £6 billion and employs around 40,000 people. Building a strong and resilient cyber space for the UK is central to ensuring that our companies can make the most of online business opportunities while also avoiding potentially costly threats to the information they hold and the services they provide.”

Cable added: “Maintaining innovation and growth requires continued investment. Committing a further £4 million will help businesses of all sizes turn their ideas for countering cyber threats into reality. Partnering with industry experts will also increase the opportunities for the UK’s smaller cyber companies such that they might work together and grow their businesses.”

Mapping cyber security businesses

Andy Williams (an industry expert from techUK, the UK’s largest technology Trade Association) has been appointed cyber security small business champion. In this role, Williams will be responsible for mapping cyber security small businesses and establishing a UK-wide growth project designed to encourage them to work closer together.

Williams’ role will also involve working to showcase the capability of small and medium-sized cyber businesses at UK and international events, delivering business advice and establishing an online portal for sharing information about national initiatives with the cyber business community.

“Given the rapidly evolving global cyber threat landscape, the emergence of highly innovative and agile new companies with specialist cyber capabilities will be vital to ensuring the future safety and prosperity of the UK,” explained Williams. “The extra funding that BIS is providing to support cyber start-ups and small businesses will be absolutely key to ensuring the UK’s position as a global leader in cyber security.”

In parallel, Dr Emma Philpott (managing director of cyber and technology catalyst Key IQ) will lead a project to actively work with local volunteers on establishing regional clusters of small companies operational in the cyber security space. This network of clusters will link the small and medium-sized businesses to national opportunities and events while also affording them a collective voice.

Philpott brings considerable expertise to this role as the founder and manager of both the Malvern cyber security cluster and the UK Cyber Security Forum. The latter links cyber security-focused small and medium-sized enterprises across the UK.

“Smaller companies working in cyber security are active right across the UK,” stated Philpott. “The clusters we’re helping to establish will meet on a monthly basis, be free to join and afford their members an opportunity to network and partner with each other. There’s enormous enthusiasm for this move. Groups are already planned for five new regions.”

Both projects will be delivered through the Cyber Growth Partnership which is a forum of Government representatives, academia, cyber security companies and trade bodies working to boost the UK’s global market position in terms of cyber security products and services. techUK co-ordinates business and academic involvement in the Partnership while the high-level Board is co-chaired by Ed Vaizey (Minister for Culture and the Digital Economy) and Gavin Patterson, CEO of the BT Group.

New UK Government funding will help small businesses in the UK cyber sector to grow, collaborate and develop new solutions to tackle cyber threats

New UK Government funding will help small businesses in the UK cyber sector to grow, collaborate and develop new solutions to tackle cyber threats

The Cyber Growth Partnership’s excellent work has realised the development of a Cyber Security Suppliers’ Scheme. Businesses in the scheme can show that they supply cyber security products and services to the UK Government and use the Government logo in their marketing material.

The Security Information Network (SINET) Global Cyber Security Innovation Summit

The business secretary made these announcements in front of 250 senior members of Government and industry who attended the two-day Global Cyber Security Innovation Summit at the British Museum. The Summit was supported by the UK and US Governments and brought together representatives of both the British and American Governments as well as business leaders to encourage the creation of new partnerships and projects centred on tackling threats in cyber space.

In essence, the Security Information Network (SINET) Global Cyber Security Innovation Summit focuses on building international public-private partnerships that will improve the protection of the UK and America’s critical infrastructures, national security and economic interests.

The key objective is to orchestrate and maintain international communities of interest and trust that foster vital information sharing, broad awareness and application of the most innovative technologies of both nations to enable a safer and more secure homeland for the United States, the United Kingdom and their trusted allies.

The US Department of Homeland Security Science and Technology Directorate supports this event along with Her Majesty’s Government as the UK representative.

Representatives attending the 2014 Summit included Sir Iain Lobban (director of GCHQ), Douglas Maughan (Cyber Security Division director at the US Department of Homeland Security) and senior members of leading cyber companies from both the UK and the US.

Cyber security: key facts and figures for the UK

*One in six businesses are not confident they’ll have sufficient security skills to manage their risks in the next year
*81% of large organisations have suffered from an information security breach in the past year
*60% of small businesses experienced an information security breach in the last 12 months
*Anywhere from £600,000 to £1.15 million is the average cost to a large organisation of its worst security breach of the year (up from £450,000 to £850,000 a year ago)
*£65,000 to £115,000 is the average cost to a small business of its worst security breach of the year (up from £35,000 to £65,000 a year ago)

BBC News: Business secretary Vince Cable warns of cyber vulnerabilities for Britain’s essential services

Leave a comment

Filed under Risk UK News

UK civilians and military personnel learn to defend against online attacks at cyber training camp

After two days of intense hands-on training and development, a new potential generation of UK cyber security defenders (including members of the public and military personnel) have been tested to see if they have what it takes to protect their country from online attacks.

Held at the Defence Academy in Shrivenham, the Cyber Security Challenge UK’s new cyber camp was delivered by a number of the UK’s most prestigious cyber defence companies to help attendees gain foundation skills and confidence to take their first steps into the cyber security profession.

The assessment on Friday 29 August was devised by cyber security operatives from GCHQ and witnessed brave candidates assemble a cyber team battling to overcome the threat of a cyber terrorist group, the Flag Day Associates, who have been staging a number of attacks in the UK over recent months.

The latest incident was reported by the central security team at Parliament Square, a large central London meeting and conferencing space known to host classified gatherings characterised by high secrecy and sensitivity. The team confirmed that the web-based application that controls their intelligent building management software had been targeted and successfully compromised.

The cyber students in action

The cyber students in action

Under the guidance of mentors from GCHQ and other industry experts, as well as previous Challenge candidates, the cyber camp recruits were assessed on their ability to run penetration testing as part of a full security assessment of the web application in order to identify the vulnerabilities that may have been exploited by the attackers.

To prepare them for this test, the cyber camp recruits were taken through two days of training administered by some of the country’s leading cyber security experts.

Content details of the cyber camp

The cyber camp programme was put together by the Challenge with the support of C3IA Solutions (who provide information risk management training and cyber security services for the MoD, the Government and industry) and included:

• Defence, aerospace and security expert QinetiQ introducing cyber camp attendees to the principles of risk assessment and management
• Forensic technology teams at PricewaterhouseCoopers running lessons on digital forensic analysis
• Introductions to business continuity management and security architecture provided by worldwide information security training and education company Infosec Skills (two further modules were completed online ahead of the cyber camp)
• Web application security testing instruction courtesy of cyber security services and solutions specialist IRM
• A module on vulnerability research from Raytheon, the technology and innovation leader specialising in defence and national security
• An interactive session on legal and ethical practice within cyber security delivered by the National Crime Agency

The final stage of the cyber camp witnessed candidates sitting their first professional qualification – the Certificate in Information Assurance Awareness (CIAA) – free of charge. This came courtesy of InfoSec Skills and its examination provider, the Global Certification Institute (GCI).

Cyber camp attendees who performed particularly well were granted places on the new CESG-accredited Cyber Scheme Team Member course.

Growing skills gap in cyber security

The Cyber Security Challenge UK began in 2010 as three competitions run by a small group of supporters from industry, Government and academia designed to address the growing skills gap in the UK cyber security profession.

Now in its fifth year, the Challenge has grown its range of competitions to better represent the variety of skills currently demanded within the profession and is backed by over 75 sponsors from across UK Government (including through its National Cyber Security Programme) as well as major names from industry and academia.

Challenging cyber attackers in among the tanks at Shrivenham

Challenging cyber attackers in among the tanks at Shrivenham

The cyber camps are a more recent addition to the Challenge competition programme. They sit alongside a variety of exciting virtual competitions and provide a first opportunity for candidates to begin crafting their skills.

Stephanie Daman, CEO of the Cyber Security Challenge UK, commented: “Last year’s inaugural cyber camps showed the demand from amateurs to be given the opportunity to break into this field. The camps afford everyday civilians the chance to see what it’s really like to work as a professional in this sector, and what’s involved in defending the UK from ever-growing cyber attacks.”

Daman added: “Talented individuals learn from the best in the industry and, by dint of receiving a qualification for their efforts, they’re provided with a genuine career-enhancing experience. This sector needs more people with talent and skills and all of those involved in this cyber camp will have enjoyed a truly unforgettable experience.”

Kevin Williams, head of partnerships at the National Crime Agency’s National Cyber Crime Unit, stated: “We are proud to be part of this year’s cyber security camp and help to inspire the next generation of specialists to think about a career in cyber security. Our officers tested the skills, technical ability, knowledge and understanding of the candidates to see whether they have what it takes to defend the UK and its citizens from cyber-related attacks. We look forward to continuing our support for the Cyber Security Challenge UK over the coming months.”

Virtual competitions and foundation modules

Terry Neal, CEO at InfoSec Skills, explained: “We’re delighted to support the Challenge through our virtual competitions and foundation modules in IA Governance and IA Architecture delivered during the cyber camp. We hope to inspire the next generation of cyber specialists and help to get them started on their career paths in Information Assurance.”

Charles White, CEO of IRM, said: “Watching the cyber camp recruits learn and compete while surrounded by the physical history of the British Armed Forces illustrates the extent to which the Internet has transformed our lives and how, as a society, we must respond to that change. Where once we had tanks and large armies to defend our nation, we now have skilled and tenacious individuals who thrive on a technical challenge – the UK’s Armed Forces for a Digital Age, if you like.”

On an equally serious note, White also commented: “At this time there is a severe deficit of qualified individuals who are capable of assessing and improving our cyber security defences. If our citizens, Government and businesses want to stay safe in cyber space while also continuing to reap the economic and social benefits it brings then more effort has to be invested in nurturing cyber security talent.”

Leave a comment

Filed under Risk UK News

GCHQ and Cyber Security Challenge UK test public’s ability to prevent cyber terror attack

GCHQ is today calling on the UK public to protect a fictitious aerospace technology company threatened by imminent attack from cyber terrorists.

‘Assignment: Astute Explorer’ is the latest game to be devised by the Cyber Security Challenge UK, the Government-backed project designed to run an inspirational series of national competitions aimed at attracting talented people into the profession and informing them about cyber security careers.

The latest process affords members of the public a chance to act like a GCHQ operative, using their cyber security skills to investigate and attempt to fix the vulnerabilities of a global defence company ahead of a forewarned cyber attack.

Earlier this year, the Cyber Security Challenge UK launched its 2014-2015 programme of online and face-to-face cyber games by introducing a new enemy, The Flag Day Associates, via a threat video that warned of future cyber attacks against the UK. The Challenge’s first recurring characters, the investigation and defence against this new nemesis forms the basis of this year’s competitions.

The Cyber Security Challenge UK: testing the public's cyber skills

The Cyber Security Challenge UK: testing the public’s cyber skills

‘Astute Explorer’ follows on from an assignment set by global security software vendor Sophos which, over this past weekend, tasked the public to analyse a hard drive recovered from The Flag Day Associates. The hundreds of candidates who tackled the Sophos-devised competition revealed plans for a future attack on ‘Ebell Technologies’ – described as an aerospace and electrical engineering company who are world leaders in the production of military and civilian aircraft, green energy technologies (such as wind turbines) and a variety of electronics products.

In launching its new game, the Challenge has revealed that Ebell Technologies is understandably concerned about the threat of an imminent attack and has thus approached GCHQ to assess its susceptibility to being compromised. As part of the analysis, GCHQ’s ‘Astute Explorer’ – an automated code scanning tool after which the game is named – has returned various snippets of code that may contain vulnerabilities. Those who take up the challenge will be asked to identify these vulnerabilities, explain why and how they could be exploited and suggest appropriate fixes.

Need for a skilled cyber security workforce

“As the UK’s National Technical Authority for Information Assurance (NTAIA), GCHQ is pleased to have been able to develop an original game for the Cyber Security Challenge UK,” explained Chris Ensor, deputy director for the NTAIA. “We have designed ‘Astute Explorer’ to really test candidates’ cyber security skills. We absolutely recognise the need for a skilled workforce which is why we’re delighted to once again support the Cyber Security Challenge UK and help inspire the next generation of cyber security talent.”

Those who register will be competing to book their place at the Challenge’s first of a series of reconnaissance meet-ups organised as part of ‘Operation: Flag Day’. Here, the most impressive candidates from the virtual assignments will be asked to report for duty in person at secret locations around the UK to carry out investigations face-to-face in teams.

As well as uncovering vital clues on the objectives and identities of The Flag Day Associates, these gatherings will ultimately determine the final line-up of online defenders to take on the cyber terrorist group at next year’s Masterclass final.

“There’s no doubt that ‘Astute Explorer’ is an ingenious game from GCHQ which will not only provide an enjoyable challenge but also test skills that are in high demand by employers in this sector,” said Stephanie Daman, CEO of the Cyber Security Challenge UK. “I would encourage anyone with an interest in how IT systems and the information they hold can be protected to sign up and give it a go.”

Series of national competitions

As stated, the Cyber Security Challenge UK runs a series of national inspirational competitions aimed at attracting talented people into the profession and informing them about cyber security careers and learning opportunities.

Now in its fourth year, the Challenge is running an ambitious programme of competitions and activities designed to spread the word about why cyber security is such a fulfilling and varied career and help talented people obtain their first cyber security job.

The Challenge is sponsored by some of the UK’s most prestigious public, private and academic sector organisations and already making a notable difference to the career prospects of those with the talents and aptitude to become cyber security professionals.

Further detail is available at: https://cybersecuritychallenge.org.uk/

GCHQ is, of course, one of the three UK intelligence agencies. Further information on its work can be found at: http://www.gchq.gov.uk

Leave a comment

Filed under Risk UK News