GCHQ has continued its programme of reaching out the cyber-security community with the launch of two initiatives yesterday at the IA15 conference.
The secret signals intelligence agency has been seeking to play down what some see as it's bad guy image in a series of public outreach programmes.
Firstly, £6.5 million has been invested by the government in CyberInvest, a scheme to bolster world-class UK cyber-security research. Launched by GCHQ and the Department for Culture, Media and Sport, the scheme aims to allow industry to draw on the expertise of GCHQ, EPSRC and leading academics and encourage them to invest in strategically important research areas.
Second, CESG – the information security arm of GCHQ – has unveiled a new website containing cyber-security advice aimed at the general public and industry. Containing more than 430 pages of cyber-security advice, the site is set to grow to several thousand pages by the end of the year.
CESG has, of course, been issuing guidance for a long time but prior to this only accredited users were allowed to access it, but the new site is available to anyone in the world and contains advice for everyone from home users to large organisations.
GCHQ staff were presenting these new initiatives at IA15, GCHQ's annual Information Assurance event in London. In its 15th year, the event draws an audience from central government, public sector, industry and academia.
CyberInvest aims to build a community of industry, government and academia to invest in cyber-security research and attempts to address what the government sees as a lack of visibility and focus in the private sector when it comes to targeting the right opportunities.
CyberInvest is also a response to the critically low level of investment in cyber-security, according to Ed Vaizey MP, minister for culture and the digital economy who spoke at the launch.
The government has been investing £20 million a year in cyber-security research through the National Cyber security programme over the past four years.
“It is important to recognise that CyberInvest is a new programme but we are not starting with a blank canvass,” Vaizey said. “It's a new programme to provide additional, targeted investment over and above the wider investment that the government is going to continue to support through the research councils.”
“But we know that the UK is one of the leaders in cyber security and one of the reasons is because of the excellent research in this area from the universities,” he said.
He praised in particular the work of UK academics and CESG on revised password guidance.
“In an environment in which there is a degree of suspicion when a government agency issues advice on cyber-security, I'm pleased to see that this advice has been warmly welcomed. That wouldn't have happened without the open and positive relationship that already exists between government, business and academia – and that's what CyberInvest is designed to foster and encourage.”
To underscore the new relationships, The University of Southampton signed an MOU with four leading companies straight after the launch of CyberInvest. “The parties clearly recognise the synergy and value of active collaboration between the commercial and academic sectors in advancing cyber-security,” Vaizey commented before the signing.
Prof Angela Sasse, also speaking at the launch of CyberInvest, said: “Those of my colleagues who study the behaviour of attackers in the cyber, online world will tell you that they got organised and started to work together quite some time ago and what we are doing here today is showing that on the side of the defenders there is great advantage in doing the same.”
She said: “To do effective research we need access to data and test beds in order to study the impact of the new ideas and new technologies that we are developing which is why this partnership is so incredibly important.”
Mark Hughes, president of BT security, said his company will put £500,000 into CyberInvest. He quoted several examples of why collaborations such as those CyberInvest seeks to foster will benefit cyber-security efforts, including GeoLang – a novel system for finding intellectual property on the internet based on research carried out at the University of Surrey – and BT's work with Toshiba and Imperial College London on quantum key distribution over fibre optic cables.
Professor Sir Christopher Snowden, vice-chancellor of the University of Southampton, told SCMagazineUK.com: “It's rare to have an initiative where you get such broad interest from so many organisations that are willing to come together, you can really see how you can achieve a great deal doing that. On top of that, it's a sort of area where universities and young people are very excited about, for obvious reasons. And intellectually it has some interesting problems. So it has something for everybody: real impact and applications, really interesting problems to solve and the net result is that an industry-academic partnership is perfect.”