Feeds

Spooks want backdoor into your network

Mission creep mucho?

Protecting against web application threats using SSL

GCHQ, the UK's signal intelligence agency, may get an expanded role in preventing attacks against the networks of key private firms under new government plans.

The Communications-Electronics Security Group (CESG) at the UK's Government Communications Headquarters (GCHQ) has historically only provided best practice guidance and security product certification to the private sector, while taking a more active role in helping government departments defend their networks against cyber attacks.

Security chiefs are now pushing to get an expanded role in "monitoring unusual network traffic" and repelling cyber attacks at critical national infrastructure firms, the Daily Telegraph reports.

Under the plans, an expanded national cyber-security hub at GCHQ would monitor network traffic from "major communications, power and transport providers for evidence of hacking", a big expansion of the current role of the small team at the Cyber Security Operations Centre, which provides online intelligence about threats to national security.

The planned expansion comes against the backdrop of an increased volume of cyber-espionage attacks, such as the attacks in France in the run-up to the G20 conference in Paris and against oil and gas conglomerates, as well as the Stuxnet worm, which is blamed for disrupting the control systems and thereby sabotaging kit at Iranian nuclear processing plants.

The UK government recently named cyber attacks as a Category One threat in its recent Strategic Defence and Security Review, with the Cameron administration pledging £650m over the next four years to boost the UK's cyber-security efforts.

At the same time, resources for policing cyber-crime in the UK – which demonstrably poses a severe and growing economic threat – have been reduced to around £63m.

Government fears, in the UK and elsewhere, centre on concerns that hostile powers might cripple communication or banking systems or disrupt the delivery of utilities.

But many observers, most notably a recent OECD-sponsored study, have criticised such "cyber-war"-related fears as overblown.

The Daily Telegraph reports that the prime minister summoned blue chip firms including British Airways, BT and National Grid to Downing Street to discuss plans to expand GCHQ's role in cyber-defence. Firms such as BT, following its acquisition of security services firm Counterpane, and Symantec have a healthy and growing business selling security monitoring and response services for corporates.

BT, in particular, is likely to oppose any expanded role for GCHQ in the private sector. Security minister Baroness Neville-Jones said the government's critical infrastructure plan had not yet achieved "buy in" from some of the relevant corporations. "What we need is greater situational awareness," she said.

The UK plans are comparable to critical national infrastructure "Perfect Citizen" project conceived by the National Security Agency (NSA), GCHQ’s US counterpart, last year and opposed by critics as a move that would give the signals intelligence agency the ability to spy on private communications. The NSA firmly denied any such intention.

Baroness Neville-Jones offered similar assurances against concerns that GCHQ's plans would carry privacy drawbacks. "What this partnership will not do is start breaking boundaries that we have around privacy and personal data," she said. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.