Alex Younger appointed as next Chief of the Secret Intelligence Service

With the agreement of Prime Minister David Cameron, Foreign Secretary Philip Hammond has announced that Alex Younger is appointed as successor to Sir John Sawers as Chief of the Secret Intelligence Service. Younger will take up the appointment in November.

The Secret Intelligence Service (SIS), often known as MI6, collects Britain’s foreign intelligence. The Service is based at Vauxhall Cross in London and provides Her Majesty’s Government with a global covert capability to promote and defend the national security and economic well-being of the United Kingdom.

Philip Hammond stated: “I’m pleased to announce that Alex Younger has been appointed as the next Chief of the Secret Intelligence Service. The work of MI6 is world class and its operation vital to the safety and security of the United Kingdom. Alex brings a wealth of relevant experience to the role, including his work in Afghanistan and helping keep the country safe during the London 2012 Olympics.”

Hammond added: “I’d also like to thank Sir John Sawers for his strong leadership and personal commitment to a modernising agenda. I wish him well for the future.”

Alex Younger: the next Chief of MI6

Commenting on his appointment, Alex Younger said: “I’m delighted and honoured to become Chief of the Secret Intelligence Service and lead one of the best intelligence agencies in the world. Our dedicated staff work tirelessly against an array of threats that this country faces. They do so in close partnership with both MI5 and GCHQ with whom I’m looking forward to co-operating very closely.”

Younger also commented: “I would like to pay tribute to John Sawers for his lifetime’s dedication to the country and particularly to his time as Chief of MI6. He brought us into a new era, and I’m determined to build on this and bring my ideas for a modern Service to life.”

In response, Sir John Sawers said: “I’m delighted that my colleague and friend is taking over from me. He has played a vital part alongside me in modernising the SIS and ensuring that the Service is in the best possible shape to play its part in defending the country’s security and our values.”

Alex Younger: the Curriculum Vitae

Alex Younger is a career SIS officer and has been in the Service since 1991.

For the last two years he has been overseeing the Service’s intelligence operations worldwide. Younger has held overseas postings in Europe and the Middle East and was the senior SIS officer in Afghanistan.

He has filled a variety of operational roles in London, including leading the Service’s work on counter-terrorism in the three years running up to the 2012 Olympic Games.

Before joining the Service, Younger – an economics graduate – served as an officer in the British Army.

National Strategy for Maritime Security launched by Ministry of Defence

The strategy outlines, for the first time, the UK’s approach to delivering maritime security at home and internationally, setting out how the UK organises and uses its extensive national capabilities to identify, assess and address maritime security challenges.

The strategy highlights the importance of the maritime domain to UK prosperity and security. It sets out how, through effective collaboration across Government, with industry and international partners – and through the integration of assets and personnel wherever possible – the UK will deliver maritime security.

Maritime security is a cross-Government activity which brings together 16 Government departments and agencies. At the forefront of these are the Foreign and Commonwealth Office, the Ministry of Defence, the Home Office and the Department for Transport.

Philip Hammond MP: Secretary of State for Defence

Five key priorities outlined

The National Strategy for Maritime Security outlines five main priorities. These are to:

• promote a secure international maritime area where international maritime laws are upheld
• help other nations develop their own maritime security
• protect the UK and the Overseas Territories, their citizens and economies by supporting the safety and security of ports and offshore installations as well as passenger and cargo vessels
• assure the security of vital maritime trade and energy transportation routes
• protect the resources and population of the UK and the Overseas Territories from illegal and dangerous activity

The strategy also introduces a robust Government approach to maritime security decision-making and confirms a commitment to both preserving the flow of maritime trade and upholding international maritime law.

Read the National Strategy for Maritime Security in full

Britain will build “dedicated capability to counter-attack” in cyber space

The Defence Secretary has announced that Britain will build a dedicated capability to counter-attack in cyberspace and, if necessary, to strike in cyberspace.

As part of the MoD’s full-spectrum military capability, Philip Hammond MP has announced that the department is set to recruit hundreds of computer experts as cyber reservists in order to help defend the UK’s national security, working at the cutting-edge of the nation’s cyber defences.

Hammond confirmed the creation of a new Joint Cyber Reserve which will see reservists working alongside regular forces to protect critical computer networks and safeguard vital data.

Defence Secretary Philip Hammond MP

“In response to the growing cyber threat,” said Hammond, “we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK’s range of military capabilities. Increasingly, our defence budget is being invested in high-end capabilities such as cyber and intelligence and surveillance assets to ensure we can keep the country safe.”

He added: “The Cyber Reserves will be an essential part of ensuring we defend our national security in cyberspace. This is an exciting opportunity for Internet experts in industry to put their skills to good use for the nation, protecting our vital computer systems and capabilities.”

Creating the Cyber Reserve

Creation of the Joint Cyber Reserve will represent a significant increase in the number of reservists employed in cyber and information assurance.

Members of the Joint Cyber Reserve will provide support to the Joint Cyber Unit (Corsham), the Joint Cyber Unit (Cheltenham) and other information assurance units across defence.

Recruiting for the Joint Cyber Reserve will begin next month and target three sectors: regular personnel leaving the Armed Forces, current and former reservists with the necessary skills, and individuals with no previous military experience but with the technical knowledge, skills, experience and aptitude to work in this highly-specialised area.

All personnel applying to join will be subject to a security clearance process.

Response from the security sector

Speaking about this Government move, Peter Armstrong (director of cyber security at Thales UK) commented: “By re-skilling its existing force in cyber security, the Ministry of Defence has addressed the blurring of the lines between physical and virtual defence which has become prevalent over the past decade. With the advent of cyber espionage and attacks which threaten CNI, the need for an holistic approach to national security is long overdue. It’s great to see the Ministry of Defence taking its share of responsibility for this alongside its traditional physical defence remit.”

Armstrong also explained: “In addition, and just as importantly, this move will help enormously in positioning public sector cyber security as an attractive career prospect for the next generation.”

Graeme Stewart, director of UK public sector strategy at McAfee, said: “This latest development shows that Government is taking the necessary steps to protect the UK against a very real cyber treat that’s now on par with physical threats. With greater connectivity comes a far greater risk of cyber attacks on the very foundations of the UK’s infrastructure. In the case of the country’s energy supply, for example – and the UK’s apparent intention to rely on a single, centralised smart grid – a single attack could affect the entire country and, as a worse case scenario, leave the UK without power.”

Stewart continued: “Our priority should be to ensure that the networks and devices securing our critical infrastructure are totally secure, which not only requires physical security but also a complete shift in the mindset of UK organisations. The top level attention to cyber security has to be adopted throughout organisations and individuals as a joint responsibility. Government and citizens need to work together to move from a ‘digital-by-default’ to ‘security-by-default’ scenario, ensuring that the basic knowledge needed to protect against the ever-growing threat is ingrained in our national consciousness.”

Neil Thacker, the information security and strategy officer (EMEA) at Websense commented: “In light of the House of Ccommons Defence Select Committee highlighting weaknesses in the MoD’s cyber incident response strategy, as well as the news in July that the UK is losing the fight against cybercrime, this is welcome and timely news to offer additional resources to aid cyber defence.”

Thacker went on to state: “Highly sophisticated, targeted attacks are occurring every day and are focused on both small and large organisations, with UK businesses being named by cyber crime organisations as their Number One target. Like the Government, UK businesses cannot take their eyes off the ball and need to put in place the right defences to protect their employees and the organisation’s critical data.”

Continuing the theme, Hacker explained: “It’s more crucial than ever that UK businesses place data security higher up the agenda and spend IT security budgets on the right and relevant technology. Proactive defences against targeted attacks and new variants of malware are key. Adding the ability to detect, contain and mitigate against the attacks is a responsibility of the IT and security teams by applying real-time malware analysis while simultaneously protecting against internal and external breaches and data theft. Detection only is not sufficient to counter this threat.”

Finding enough experts to build an effective force

Ruby Khaira (regional manager for the UK, Northern Europe and India at FireMon) said: “The new cyber defence force being announced by the MoD and Philip Hammond is an important step forward in protecting the UK’s computer networks from cyber attacks. The UK already has good protection in place, but cybercrime is a continuously growing threat and to build on existing defences is both necessary and logical.”

Khaira continued: “As I see it, the real issue here is being able to find enough computer experts to build an effective force. With a distinct shortage of security personnel within the private sector, this could be a very real problem. Therefore, the MoD will likely need to have a robust training plan in place to instruct those they hire for the cyber defence force, and will then need to offer a good enough package to keep those security professionals from moving to the private sector.”

Khaira also stressed: “Along with finding and retaining talent, it’s important that the new cyber defence force can effectively monitor and proactively identify areas of risk, which requires implementing security technologies that can automatically identify security gaps and prioritise remediation according to the level of risk to critical assets.”

David Emm, the senior security researcher at Kaspersky Lab, has also offered his views on the Government’s latest move.

“The British Government has for some time been indicating that it is keen to ramp up the overall defence posture of British companies in order to reduce the risk of attacks thereon,” said Emm. “This is something which Eugene Kaspersky has long been calling on all Governments to do, but it now seems that the Government is saying it considers ‘offence to be the best form of defence’.”

Emm then stated: “While it’s understandable that Governments might want to adopt such a position, doing so introduces a very real possibility of a cyber arms race and, accordingly, increased risks to Internet-based systems everywhere. After all, if one Government decides to openly engage in cyber offence, others will be sure to follow suit. Any cyber offence escalation would increase the risk of the technologies involved ending up in the wrong hands, possibly to be manipulated for malevolent ends. Unlike traditional weapons, tools used in cyber warfare are very easy to clone and reprogram by adversaries or other threat actors such that they can be used in sustained strikes.”

On that basis, Emm said: “It’s imperative for countries to understand the possible consequences – the specific dangers and potential damage – of cyber war before developing offensive cyber weapons. The only effective way to counter this trend is for Governments to work together towards the establishment of a cyber arms limitation agreement that prevents the continued escalation of cyberattacks.”