Robert Hannigan served as director general of GCHQ, the UK government’s largest intelligence and cyber agency, from 2014-17.
Hannigan has a long history of involvement in cybersecurity and technology, having drawn up the UK’s first Cyber Security Strategy and outlined the government’s ambition of making the UK ‘the safest place to live and do business online.’ He set up the UK’s National Cyber Security Centre (NCSC) as part of GCHQ, which was officially opened by Queen Elizabeth II in 2017, and launched the active cyber defense program for the UK in 2016.
Before that, Hannigan served as security adviser to the UK Prime Minister from 2007-10 and as head of intelligence, security and resilience in the UK Government’s Cabinet Office, was responsible for the funding and oversight of the three UK intelligence agencies.
He also took to the keynote stage at Infosecurity Europe 2018, and after speaking, he sat down with Infosecurity to discuss his time at GCHQ, evolving threats and security challenges.
What were the biggest security challenges during your time as director general of GCHQ?
The two big ones were the rise in terrorism (particularly ISIL) and cyber-attacks, which were rising rapidly and exponentially, which is why we decided to create the NCSC. We looked at what might be coming and thought there could be a national-level [cyber] attack within a few years. The Russia threat was also starting to really grow too, but I’d say terrorism and cyber were the two big ones.
How have you seen the security and threat landscape change since leaving GCHQ?
Terrorism is obviously changing; with the defeat of ISIL on the ground and the end of the physical caliphate, terrorism is more distributed, but it’s still a big problem here in the UK and it’s still a big problem online. Also, the Russian threat has grown because of its aggressive intent, and of course cyber-attacks in general are growing – in volume and sophistication.
"The next challenge is to make sure the next generation is better protected"
What do you think is the biggest challenge currently facing the security industry?
The key challenge for the security industry is to keep doing what we’re already doing, which is to tackle the basics of cybersecurity and to tackle the existing threats. The next challenge is to make sure the next generation is better protected, and emerging hot topics like IoT, cloud services and others are secured before they become absolutely dominant; we need to make sure we don’t repeat the mistakes of the past.
Lastly, you mentioned mistakes of the past, what do you think are the key security mistakes that need to be avoided in the future?
Mistakes were not deliberate errors, it’s just nobody thought, when the internet was designed, that there would be these hostile actors trying to either make money out of it or subvert it. None of the engineers who designed the internet were really thinking of those kind of cynical things, which has led us to some of the vulnerabilities we face online.