Feeds

Spooks want backdoor into your network

Mission creep mucho?

High performance access to file storage

GCHQ, the UK's signal intelligence agency, may get an expanded role in preventing attacks against the networks of key private firms under new government plans.

The Communications-Electronics Security Group (CESG) at the UK's Government Communications Headquarters (GCHQ) has historically only provided best practice guidance and security product certification to the private sector, while taking a more active role in helping government departments defend their networks against cyber attacks.

Security chiefs are now pushing to get an expanded role in "monitoring unusual network traffic" and repelling cyber attacks at critical national infrastructure firms, the Daily Telegraph reports.

Under the plans, an expanded national cyber-security hub at GCHQ would monitor network traffic from "major communications, power and transport providers for evidence of hacking", a big expansion of the current role of the small team at the Cyber Security Operations Centre, which provides online intelligence about threats to national security.

The planned expansion comes against the backdrop of an increased volume of cyber-espionage attacks, such as the attacks in France in the run-up to the G20 conference in Paris and against oil and gas conglomerates, as well as the Stuxnet worm, which is blamed for disrupting the control systems and thereby sabotaging kit at Iranian nuclear processing plants.

The UK government recently named cyber attacks as a Category One threat in its recent Strategic Defence and Security Review, with the Cameron administration pledging £650m over the next four years to boost the UK's cyber-security efforts.

At the same time, resources for policing cyber-crime in the UK – which demonstrably poses a severe and growing economic threat – have been reduced to around £63m.

Government fears, in the UK and elsewhere, centre on concerns that hostile powers might cripple communication or banking systems or disrupt the delivery of utilities.

But many observers, most notably a recent OECD-sponsored study, have criticised such "cyber-war"-related fears as overblown.

The Daily Telegraph reports that the prime minister summoned blue chip firms including British Airways, BT and National Grid to Downing Street to discuss plans to expand GCHQ's role in cyber-defence. Firms such as BT, following its acquisition of security services firm Counterpane, and Symantec have a healthy and growing business selling security monitoring and response services for corporates.

BT, in particular, is likely to oppose any expanded role for GCHQ in the private sector. Security minister Baroness Neville-Jones said the government's critical infrastructure plan had not yet achieved "buy in" from some of the relevant corporations. "What we need is greater situational awareness," she said.

The UK plans are comparable to critical national infrastructure "Perfect Citizen" project conceived by the National Security Agency (NSA), GCHQ’s US counterpart, last year and opposed by critics as a move that would give the signals intelligence agency the ability to spy on private communications. The NSA firmly denied any such intention.

Baroness Neville-Jones offered similar assurances against concerns that GCHQ's plans would carry privacy drawbacks. "What this partnership will not do is start breaking boundaries that we have around privacy and personal data," she said. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.