The UK's new National Cyber Security Centre (NCSC) officially opens for business today as a public-facing part of GCHQ that acts as a focal point for the government to deliver authoritative advice on tackling cyber-security issues. It will be based in the Nova office and shopping complex near Victoria Station in London, not in Cheltenham at GCHQ, as originally announced last year, though it will also have offices there..
While this operational centre will focus on defensive work, it will be able to call on offensive capabilities developed by GCHQ and the Ministry of Defence.
According to Evening Standard reports, the NCSC will have a staff of 700, more than half of whom will be based in the new HQ, moving in to the building later this year and in early 2017. It will have specialist teams for the City, Whitehall, intelligence and security services, energy, telecoms and other parts of the critical national infrastructure.
It is led by CEO Ciaran Martin who was director general cyber at GCHQ, with Dr Ian Levy, former technical director of cyber-security at GCHQ, becoming technical director at the NCSC. The NCSC's website is scheduled to go live tomorrow (4 October).
The launch of the organisation was announced by the former Chancellor George Osborne last year then confirmed by Matt Hancock, minister for the Cabinet Office and Paymaster General. Its remit is to ensure the online safety of the general public, both public and private sector organisations as well as the UK's critical national infrastructure. Objectives include raising awareness of government intent; undertake genuine dialogue that shapes service delivery; demonstrate serious commitment to listen; and develop sustainable engagement channels to provide structured consultation with the private sector.
One of its first tasks is to work with the Bank of England to produce advice for the financial sector to manage cyber-security effectively.
Minister for the Cabinet Office and Paymaster General, Matthew Hancock commented: “In establishing the National Cyber Security Centre we are creating a body devoted to cyber-security and this will transform the UK's approach to an issue that affects us all.
“This important work with the Bank of England is paramount to ensuring that businesses of all shapes and sizes understand the threats and what they can do to mitigate them.
“We'll do this by informing the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online.”
In an official statement Robert Hannigan, director GCHQ said: “Given the industrial-scale theft of intellectual property from our companies and universities, as well as the numerous phishing and malware scams that waste time and money, the National Cyber Security Centre shows that the UK is focusing its efforts to combat the threats that exist online.
“Ciaran will be an excellent Chief Executive who will ensure that the NCSC will continue the outstanding work done by all of the existing organisations to protect national security and our economic success.”
Ciaran Martin stated: “I'm very pleased to have the privilege of leading a world class team to get ahead of one of the most important threats of our time.” Echoing Osborne's comments last year, he told ES, “Our role is helping t make the UK the safest place to live and do business online,” noting that this would range from tackling hostile states, criminal gangs, to smaller scale attacks.
In an email to SCMagazineUK.com, David Damato chief security officer, Tanium
Offered his advice for the new NCSC: “The new National Cyber Security Centre will provide an important bridge between business and government, but it cannot succeed if it does not urgently address the accountability gap that sees board members and executives too often without the information and tools they need to take responsibility for cyber security.
“Discussions on cyber-security rarely reach corporate boardrooms, leaving many of the UK's biggest businesses dangerously exposed. Only a third of the leaders of UK's top 350 companies say they understand the threat of a cyber-attack and even fewer are regularly updated about security threats.
“If the UK wants to stem the tide of cyber-crime, the National Cyber Security Centre must make closing the corporate accountability gap its first order of business.”
According to its prospectus, The National Cyber Security Centre will have four key objectives:
• To understand the cyber security environment, share knowledge, and use that expertise to identify and address systemic vulnerabilities. The NCSC will be the centre of government expertise on what is happening in cyberspace, combining the knowledge gathered from incidents and intelligence with that shared through the close relationships with industry, academia and international partners. That knowledge will be used to provide best practice advice and guidance, and to tackle systemic vulnerabilities to enhance cyber security for all.
• To reduce risks to the UK by working with public and private sector organisations to improve their cyber security. The NCSC will support the most critical organisations in the UK across government and the private sector to secure and defend their networks. It is planned that this will include the provision of bespoke advice and guidance, help to design and test networks, and exercise response arrangements.
• To respond to cyber-security incidents to reduce the harm they cause to the UK. It is recognised that despite all the efforts made to reduce the risks and enhance security, incidents will still happen. When a serious cyber incident occurs, the NCSC will work with victims to minimise the damage, to help with recovery, and to learn lessons to reduce the chance of recurrence and minimise future impact. Often this will entail helping by connecting victims with commercial companies known to be excellent at cyber incident response. At the same time the NCSC will ensure that the wider response of government and law enforcement is well co-ordinated. And in the case of very serious incidents this might mean communicating publicly about consequences and the steps people and businesses should take to protect themselves.
• To nurture and grow our national cyber security capability, and provide leadership on critical national cyber security issues. Cyber security and information technology continues to develop and evolve at a rapid pace. As the Centre within government for cyber-knowledge, the NCSC will have the best possible visibility of what is happening today – in terms of threats, vulnerabilities and technology trends. This means cutting edge technical research teams, combining the best of government, industry and academic expertise, scanning the horizon and helping plan for what could challenge us tomorrow. The NCSC will lead the UK's thinking across the range of initiatives and developments, ensuring that the UK Government, organisations and the public can harness the advantages that new technologies bring in a safe and secure manner.