GCHQ launches pilot to share cyber threat intelligence

GCHQ is to help critical national infrastructure firms defend against cyber attack in a pilot for sharing threat intelligence

UK intelligence agency GCHQ is to help providers of critical national infrastructure defend against cyber attacks by sharing threat intelligence, says outgoing director of the agency Iain Lobban.

He announced the launch of a pilot initiative to enhance the protection of UK networks from threats in cyberspace in the closing keynote of the private government IA14 security conference in London.

“Ultimately, we’re seeking to use our unique capabilities and the range of insights gleaned from our intelligence and security work to offer – at scale and pace – classified information about threats to the UK’s most critical networks,” he said.

News of the planned pilot emerged ahead of the annual conference that brings together decision-makers from across central government, the wider public sector, industry and academia. 

Filling in some of the missing detail, Lobban said security-cleared personnel entrusted service providers will receive “timely and usable” intelligence in an effort to boost national and economic security.

“They will be able to use this privileged awareness to take early action on the networks they manage, whether government or other critical UK networks.

“Armed with this high-end insight, we want them to act as the UK's first line of defence in countering cyber threats to the nation from state actors and cyber criminals,” he said.

The first phase of the initiative is to engage communications service providers (CSPs), but GCHQ plans to expand this intelligence sharing to more partners in future.

“We need to ensure the benefits that government gets from these partnerships are available to a broader community, ultimately raising the protection of the UK as a whole,” said Lobban.

He said the pilot marks the start of using unique and sensitive expertise and knowledge for the defence of the UK's networks at scale.

The initiative is intended to be part of a wider defencive in-depth approach by individual organisations and aims to build on the threat intelligence that is already available from industry and government.

“In particular, the Cybersecurity Information Sharing Partnership, now part of CERT-UK, has already delivered valuable support to industry in sharing general threat awareness and advice – making a tangible difference to mitigating threats,” said Lobban.

However, he said the newly announce initiative takes that sharing beyond current partnerships, to a more automated, “net speed” enterprise that cyberspace demands.

“Only then can we realise the benefits of making the UK one of the most secure places in the world to do business in the internet age as well as protecting our critical national infrastructure,” he said.

Commenting on the pilot scheme, Martin Sutherland, managing director of BAE Systems Applied Intelligence said sharing relevant intelligence and information is a vital part of collective security.

“The growth of systematic digital criminality means that this is exactly the right time for GCHQ to launch this scheme to share its classified cyber threat information,” he said.

Sutherland said the initiative could well provide industry with a much richer and more valuable set of threat information than has ever been available to date.

“It is essential that we continue to improve the ways in which government and industry work together and we welcome this bold step by GCHQ to improve the quality of threat intelligence that the private sector has access to – it will help to protect consumers, businesses and the economy as a whole,” he said.

Lobban also used the closing keynote to highlight the contributions that GCHQ is making to support the UK’s digital economy.

This included GCHQ’s role in the recent international action to disrupt the criminal infrastructure supporting the GameOver Zeus Trojan and Cryptolocker ransomware.

“GCHQ’s part in all this included analysis of the malware characteristics, complementary to industry’s own analysis,” said Lobban.

“Our technical experts used this to build a detailed understanding of the threat posed, then worked with National Crime Agency (NCA) to develop the best mitigation plan,” he said.

GCHQ also provided near real-time technical advice to both NCA and US counterparts as the operation advanced, as well as intelligence on the criminals behind the malware threat.

Lobban said GCHQ also supported colleagues in government to protect online government services where “eye-watering amounts of money” will be handled.

“This work saves the UK taxpayer many hundreds of millions of pounds every year as well as protecting our businesses and citizens,” he said.

In an oblique reference to the revelations of GCHQ’s internet surveillance programme by NSA whistleblower Edward Snowden, Lobban said that while GCHQ has some world-class intellectual property, “even in these revelatory times we really do need major parts of that to remain secret.

“But we are working to share where we can, including contributing it to the open-source community to encourage further development,” he said.

Lobban said GCHQ has worked hard to express some of its key challenges in unclassified form to enable its experts to engage with academia and industry on a greater scale.

“We made contact with hundreds of companies, mostly SMEs and ended up sponsoring a few dozen ‘seedcorn’ tasks to take an initial idea through to a proof of concept,” he said.

In another reference to criticism of GCHQ following the Snowden revelations, Lobban said that “despite the best efforts of some of the media”, the agency’s reputation is helping UK industry.

“Allies around the world want to talk to us about cyber security and they want to do business with companies that we can vouch for.

“Other international companies are investing in UK facilities specifically to gain access to UK expertise,” he said.

Lobban concluded by saying GCHQ has a strong role to play in supporting the UK digital economy in helping citizens be safer on-line, investing in the UK’s future capability and supporting UK industry.

Read more on Hackers and cybercrime prevention