Edited highlights from Sir Iain Lobban's presentation:
The purpose of this event - IA14: “Cyber Security underpinning a leading information economy - and the series of IA events over the years, is to share, to inform and to look to the future, bringing together government, business and academia as equal partners: this is exactly what cyber security is all about now.
We seek to reap the economic benefits of being a world leader in cyber security, (developing) the skills, professionalism and training required in the UK digital economy. It's not all opportunity though. The world of cyber is full of threats which range in complexity and come from both cybercriminals and state actors. GCHQ plays its part in a joined up approach with law enforcement partners to investigate and mitigate cyber crime threats to the UK with the National Crime Agency and we have already got a great story to tell.
The Game Over Zeus threat is an excellent cyber crime example – this sophisticated malware was designed to extract money from victims across the globe. Tackling such complex threats requires a joined-up approach to disrupt infrastructure, to bring key perpetrators to justice, and to clean up infections.
The joint operation was spread over a staggering eleven countries, led by the FBI in the US and by the National Crime Agency in the UK. The Game Over Zeus malware was described by the FBI as the most sophisticated cyber crime operation they had ever attempted to disrupt: particularly pernicious, waiting silently on your infected machine, monitoring user activity until the opportunity arises to capture banking or other private information. And where an infected computer turns out not to offer a significant financial reward, it can ‘call in' a second malware attack in the form of Cryptolocker, a ‘ransomware programme' which encrypts a user's files until a ransom is paid, to give the criminal controllers a second opportunity to acquire funds from the victim. It is estimated that this malware had infected over 500,000 users worldwide, including at least 15,000 in the UK. This had led to an estimated financial loss to victims estimated to be hundreds of millions of pounds globally.
Despite the complexity of this case, action by worldwide law enforcement led by FBI has seen it significantly disrupted with Game Over Zeus activity at a fraction of what it was and Cryptolocker stopped in its tracks, at least for now. GCHQ's part included analysis of the malware characteristics, complementary to industry's own analysis. Our technical experts used this to build a detailed understanding of the threat posed, then worked with NCA to develop the best mitigation plan. We provided near real time technical advice to both NCA and US counterparts as the operation advanced. And GCHQ's role was not limited to technical advice; we were also able to provide intelligence on the criminals behind the malware threat.
The NCA worked with the FBI and industry partners to disrupt the complicated command and control system used by the infected computers to communicate with each other, and the criminals controlling them, at least for now. This really was a team effort: the public and private sectors internationally, successfully reducing the malware's effectiveness, warning the public of its presence, and advising on how to clean up systems before the malware is reactivated or similar vulnerabilities are exploited: a key component is increasing public awareness so as to change behaviours to cyber security.
The criminal fraternity will learn from this and move on hence we need strategic defence as well as operational pursuit. GCHQ has been working closely with industry partners to scope and pilot a new initiative to enhance the protection of UK networks from threats in cyberspace, formally launching today. We're seeking to use our unique capabilities and the range of insights gleaned from our intelligence and security work to offer – at scale and pace – classified information about threats to the UK's most critical networks.
Security-cleared personnel in trusted service providers will receive timely and usable intelligence. They will be able to use this privileged awareness to take early action on the networks they manage, whether government or other critical UK networks. Armed with this high-end insight, we want them to act as the UK's first line of defence in countering cyber threats to the nation from State actors and cyber criminals.
The first phase of this initiative is to engage the Communications Service Providers who are vital to delivering HMG's Public Services Network. W e need to ensure the benefits that government gets from these partnerships are available to a broader community, ultimately raising the protection of the UK as a whole.
It aims to build on, not replace, some excellent threat intelligence that is already available, in particular, the Cybersecurity Information Sharing Partnership, now part of CERT-UK, which has already delivered valuable support to industry in sharing general threat awareness and advice.
But this new initiative takes that sharing further than ever before, well beyond our current partnerships, to a more automated, “net speed” enterprise that cyberspace demands. Only then can we realise the benefits of making the UK one of the most secure places in the world to do business in the internet age as well as protecting our critical national infrastructure”. This is about national and economic security and it's achieved by developing real, meaningful partnerships across government and industry.