Feeds

Spooks want backdoor into your network

Mission creep mucho?

Internet Security Threat Report 2014

GCHQ, the UK's signal intelligence agency, may get an expanded role in preventing attacks against the networks of key private firms under new government plans.

The Communications-Electronics Security Group (CESG) at the UK's Government Communications Headquarters (GCHQ) has historically only provided best practice guidance and security product certification to the private sector, while taking a more active role in helping government departments defend their networks against cyber attacks.

Security chiefs are now pushing to get an expanded role in "monitoring unusual network traffic" and repelling cyber attacks at critical national infrastructure firms, the Daily Telegraph reports.

Under the plans, an expanded national cyber-security hub at GCHQ would monitor network traffic from "major communications, power and transport providers for evidence of hacking", a big expansion of the current role of the small team at the Cyber Security Operations Centre, which provides online intelligence about threats to national security.

The planned expansion comes against the backdrop of an increased volume of cyber-espionage attacks, such as the attacks in France in the run-up to the G20 conference in Paris and against oil and gas conglomerates, as well as the Stuxnet worm, which is blamed for disrupting the control systems and thereby sabotaging kit at Iranian nuclear processing plants.

The UK government recently named cyber attacks as a Category One threat in its recent Strategic Defence and Security Review, with the Cameron administration pledging £650m over the next four years to boost the UK's cyber-security efforts.

At the same time, resources for policing cyber-crime in the UK – which demonstrably poses a severe and growing economic threat – have been reduced to around £63m.

Government fears, in the UK and elsewhere, centre on concerns that hostile powers might cripple communication or banking systems or disrupt the delivery of utilities.

But many observers, most notably a recent OECD-sponsored study, have criticised such "cyber-war"-related fears as overblown.

The Daily Telegraph reports that the prime minister summoned blue chip firms including British Airways, BT and National Grid to Downing Street to discuss plans to expand GCHQ's role in cyber-defence. Firms such as BT, following its acquisition of security services firm Counterpane, and Symantec have a healthy and growing business selling security monitoring and response services for corporates.

BT, in particular, is likely to oppose any expanded role for GCHQ in the private sector. Security minister Baroness Neville-Jones said the government's critical infrastructure plan had not yet achieved "buy in" from some of the relevant corporations. "What we need is greater situational awareness," she said.

The UK plans are comparable to critical national infrastructure "Perfect Citizen" project conceived by the National Security Agency (NSA), GCHQ’s US counterpart, last year and opposed by critics as a move that would give the signals intelligence agency the ability to spy on private communications. The NSA firmly denied any such intention.

Baroness Neville-Jones offered similar assurances against concerns that GCHQ's plans would carry privacy drawbacks. "What this partnership will not do is start breaking boundaries that we have around privacy and personal data," she said. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.