Sergey Nivens - Fotolia
Protecting the UK’s critical information has always been an essential part of what GCHQ does, said Jeremy Fleming, the agency’s director, in his first public speech in the role.
“In the cyber age, this has never been more important,” he told the CyberUK 2018 conference in Manchester, describing it as the UK’s pre-eminent cyber leadership event.
Fleming said the speech was aimed at describing how cyber threats developing, how GCHQ is approaching this challenge, how the agency is taking the fight against terrorism online, how adversaries are becoming more tech savvy, and how GCHQ is responding, operationally technologically.
The huge strides being made in information technology, he said, have both enabled what intelligence services do and made the business of intelligence and security much harder.
“Hostile states, terrorists and criminals are emboldened and assisted by technology. They’re early adopters of new products and services, investing heavily in strategies and tactics to further their causes,” he said.
Some nation states, Al Qaeda, Daesh, criminal groups and paedophiles are all exploiting developments that in many cases have been designed to make data and users safer, he said. “Whether it’s tools that anonymise use, obscure locations or even popular platforms offering end-to-end encryption – their hijacking by criminals is something that we work hard to combat.
“And encryption is of course a vital cornerstone of the internet. However, it is clear that our adversaries take advantage of these positive features to pursue their damaging and criminal ends,” he said.
Singling out Russia, Fleming said GCHQ has monitored and countered the growing cyber threat they pose to the UK and its allies.
“And it looks like our expertise on Russia will be in increasing demand. We’ll continue to expose Russia’s unacceptable cyber behaviour, so they’re held accountable for what they do, and to help government and industry protect themselves.
“The UK will continue to respond to malicious cyber activity in conjunction with international partners such as the United States. We will attribute where we can,” he said.
However, Fleming said it was not “all doom and gloom” because the past 50 years have seen huge progress in the eradication of disease, the spread of knowledge and freedom, and the prevention of conflict.
“The last decade has witnessed technology transform the way we live. There’s much, much more to come. Even so, I think we can all appreciate the current landscape is both difficult and fast moving,” he said.
To deal with these challenges, Fleming said the intelligence community will have to do things differently. “In particular, we must take more active steps to counter those who misuse the power of the internet and modern communications,” he said.
Daesh, said Fleming, has devoted much time and energy to technology and the creation of media content, and understands the value of strategic communications, the power of social media, and of messaging apps to radicalise and scare.
“But the UK’s CT [counter terrorism] team – led by MI5 and the police, supported by GCHQ, MI6 and the Military – is evolving fast to match this threat.
“For GCHQ, this expansion of the terror threat means more investment in our people and our capabilities,” he said, adding that for well over a decade, starting in the conflict in Afghanistan, GCHQ has pioneered the development and use of offensive cyber techniques.
“And by that I mean taking action online that has direct real world impact. In recent years, we’ve worked closely with the Ministry of Defence and key allies to grow these capabilities at pace,” he said. “Much of this is too sensitive to talk about in detail, but I can tell you that GCHQ, in partnership with the Ministry of Defence, has conducted a major offensive cyber campaign against Daesh.”
These operations, he said, have made a significant contribution to coalition efforts to suppress Daesh propaganda, hindered their ability to coordinate attacks, and protected coalition forces on the battlefield.
“Cyber is only one part of the wider international response. But this is the first time the UK has systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign,” he said.
This approach, said Fleming, has worked against Daesh and could work against other national security challenges too.
“We know that these capabilities are very powerful. The international doctrine governing their use is still evolving. And as with all of our work we only use them in line with domestic and international law, when our tests of necessity and proportionality have been satisfied, and with all the usual oversight in place.
“Speculation to the contrary fails to understand the true values of my organisation, our military, and this country,” he said.
The other protagonists, said Fleming, include hostile states and criminal gangs that use the enabling power that the internet and modern communications provides to “spread their ideology” and to “peddle their lies – and the harm they cause is on a large scale”.
But, he said, recent prosecutions show GCHQ can really make a difference. “And yesterday you heard the home secretary set out the next stage of the government’s campaign against cyber crime, including of this most pernicious sort.
“GCHQ looks forward to supporting that endeavour and working with our partners to deliver it. Hostile nation-states are rapidly building and enhancing their cyber tools to stay ahead in the global race. Whether it’s stealing another government’s secrets or the IP from a defence contractor – some states are willing and very able to do it,” he said.
Making use of cyber capabilities
Returning to Russia, Fleming said the government widely uses its cyber capabilities. “Whether that’s NotPetya against the Ukraine’s financial, energy and government sectors, which eventually spread across the world, or the use of industrial scale disinformation to sway public opinion.
“They’re not playing to the same rules… they’re blurring the boundaries between criminal and state activity. And they’re not alone. We’ve seen state-sponsored hackers conducting cyber-attacks to avoid sanctions – the release of WannaCry by North Korean cyber actors last year, is a good example.”
However, Fleming highlighted that although some of their malware tools are highly complex, using extensive infrastructure and advanced tradecraft, most cyber threats are not that sophisticated.
“Even the best-equipped actors will use simple tools and techniques if they work. This means that implementing basic cyber security practices remains the best way to tackle the majority of cyber threats,” he said.
Cyber, said Fleming, has become an indispensable part of modern national security statecraft, and the cyber security element of it critical to organisations of all sizes in all sectors. “The UK cannot face this alone. Across all of GCHQ’s work, partnerships are critical to success. The fast changing world of cyber security is driving us to build new relationships and work in different ways,” he said.
In conclusion, Fleming said the challenges are vast. “But, I hope I have also given you a sense of the breadth of excellence and expertise that we can call upon to meet these challenges. Whether that’s within GCHQ, with our vital intelligence, military and law enforcement partners here in the UK, and overseas, or with all of you in the wider public and private sector.
“We’re building a strong and confident GCHQ. It’s transparent and open when it can be. It always acts lawfully. It’s committed to attracting and developing the most diverse workforce. And it’s using cutting edge technology and technologists to meet the challenges the second century of our service to this country will bring,” he said.