At CYBERUK 2017 in Liverpool Lionel Barber, editor, Financial Times, interviewed Robert Hannigan, director of GCHQ.
Day one of the conference, hosted by the National Cyber Security Centre (NCSC), was focused on the theme of strategy and briefed cybersecurity and IA leaders from across government, CNI, Industry and Academia.
Barber opened the discussion by citing an article written by Hannigan not long after taking up his role as director of GCHQ, in which he was critical about the way some big tech big companies had been “acting beyond control” and not cooperating efficiently with intelligence agencies to share certain information, asking Hannigan whether he thought his article had any impact.
“It certainly did, and it generated a lot of debate, which is what I wanted,” Hannigan said. “It was a real problem at the time, which has calmed down and got better. I think I was trying to touch on the much bigger issue which is that the internet is new, these companies are relatively new, they’re trying to cope with the problem of wanting to be neutral conduits and gradually realized that they are responsible. This is evolving, and it’s a debate that is still going on, it will continue to evolve and reflects the fact that the internet is a relatively new creation, it’s a gloriously chaotic thing, and society is still trying to cope with how we deal with it and security.”
Moving the conversation on to more recent times, Barber asked Hannigan about his thoughts on the key threats and incidents that manifested in the information security world last year, and the impact they had on GCHQ’s work the National Cyber Security Centre.
Hannigan said that one of the reasons government wanted to act swiftly in setting up the NSCS was that they could see, at a commercial level, the rise in data threats was a real issue, but admitted that, if anything, they underestimated the early take-up.
“In our first three months, the incident management bit of the NCSC was much busier than it expected to be. That gives you a sense of the scale. There’s a lot of focus on state incidents, and with those affecting the financial sector, but a lot of it, as we often discuss, is about the delivery [of attacks].”
Barber then asked Hannigan to shed some light on the key things that GCHQ has changed in its strategy for defending against cyber-threats.
Hannigan said this was the adoption of more innovation. “If we’re not innovative and looking at the threats of the next 10 to 20 years we’re not doing the job for the country,” he said. Also, he added, there is a need to get more women into the technology industry to help the current skills and resource gap, and GCHQ is focused on helping that at the education level, particularly with a new competition for girls aged 13 to 15 which encourages females to get involved with cyber.
Lastly, Barber asked Hannigan what had been his biggest challenge whilst working with GCHQ.
“I think the biggest challenge is gaining people with a baseline understand of the problems, there aren't enough, and we need to change that.”
Image credited to @BobsBusinessUK