Threat Management, Threat Intelligence, Network Security

CyberUK 2017: GCHQ director explains NCSC ethos in parting interview

Robert Hannigan (left) and Lionel Barber at the NCSC's CyberUK 2017 event

Robert Hannigan, the outgoing head of GCHQ, spoke today about the formation of the NCSC and the role that it will play in combating cyber-crime and terrorism in the UK.

He was being interviewed live, on stage, by Financial Times editor Lionel Barber at CyberUK 2017 in Liverpool, organised by the freshly-minted National Cyber Security Centre (NCSC).  

Hannigan has been involved in the development of a national cyber-security strategy since at least 2007 when he was head of security, intelligence and resilience at the Cabinet Office and helped draft a scoping document under Prime Minister Gordon Brown.

Out of this document would come the National Cyber Security Strategy and the NCSC, pushed by William Hague and George Osborne who were both “passionate” about addressing cyber-security on a national scale.

Industry criticism

Hannigan has been a strong critic of the tech industry. Following the revelations about NSA and GCHQ surveillance capabilities, leaked by Edward Snowden, Hannigan wrote an article for the Financial Times which claimed that technology companies were in effect aiding and abetting terrorist groups such as ISIL because they were failing to cooperate with the intelligence community.

Hannigan was heavily criticised in certain quarters for the article but it generated a great deal of debate – “which is what I wanted,” he said. He still considers it to be a problem but not to same extent that it used to be. “Arguably the greatest impact of Snowden was to poison the relationships between government and silicon valley. That was a real problem at the time – it has calmed down and got better,” he said.

However, now he says the intelligence community has to build bridges with the tech industry because only together can they tackle the problems of crime and terrorism on the internet.

To achieve this aim, both the intelligence community and tech will have to adapt.

For GCHQ this has meant coming out of the shadows, to take a more public facing role. The NCSC, as an arm of GCHQ, achieves this for the organisation without it having to compromise its covert operations.

The government in consultation with GCHQ took the very deliberate choice, he said, of putting the NCSC in the heart of London in a public, commercial building, to underscore the new organisation's accessibility to the public.

“This was a big step for GCHQ,” Hannigan said. “Having a headquarters in Victoria [London] was a very deliberate choice by [then chancellor] George Osborne and others because it had to feel like it was joined with industry, because a key insight of the [National Cyber Security] Strategy was we cannot do this as government. It's too big and the internet is not run by government – which is a good thing – so it has to be [in cooperation with] industry.”


Of course, by setting up the NCSC, the government hopes to focus attention on the issue of cyber-security, drawing attention to vulnerabilities and building the case for software and hardware design that takes account of security. The challenge for the tech industry will be to adapt to the new expectations which the NCSC hopes to foster among the users of their technology.

“One of the reasons we rushed to set up NCSC is because we could see, and in fact our own intelligence committees were predicting, a major incident, a state level incident,” Hannigan said, before adding in reference to the audience of cyber-security practitioners: “And meanwhile, we could see on a commercial level a rising tide of [less severe] incidents which people in this room will be very familiar with – some of which made the press and others that didn't.”

He revealed that the NCSC dealt with 188 incidents in its first three months which were graded C2 and C3, serious threats but below a C1 incident which might be an attack on a major piece of infrastructure such as the National Grid.

“If anything, we underestimated the early uptake in the first three months,” he said, “and I think that gives you a sense of how busy it was.”

The NCSC, he said, is taking some of the best people from GCHQ as it builds its capacity, something which causes some consternation to those left behind, but as Hannigan heads for the exit door (as soon as a replacement director can be found), he said that it's important to remember that since its founding in 1919 as the Government Code & Cypher School, the agency has practiced both offence and defence.

The decision to split GCHQ into two separate organisations, then, can perhaps be seen as the obvious response to a communications environment that has grown increasingly complex and ever more vital to the nation's economic, social and political well-being.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.