Sergey Nivens - Fotolia

National Cyber Security Centre to be UK authority on information security

The UK’s National Cyber Security Centre (NCSC) is to be the UK's one-stop authority on infosec, based in London and led by GCHQ's Ciaran Martin

The UK’s National Cyber Security Centre (NCSC) – announced by chancellor George Osborne in November 2015 – will focus on the financial sector as a top priority.

One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively, the government announced.

“This important work with the Bank of England is paramount to ensuring that businesses of all shapes and sizes understand the threats and what they can do to mitigate them,” said Matthew Hancock, minister for the Cabinet Office.

“We’ll do this by informing the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online,” he said.

The NCSC one-stop-shop was announced as part of the government’s National Cyber Security plan for the next five years, supported with £1.9bn funding.

The last five-year plan failed to deliver the return on investment that the government had hoped, Alex Dewdney, director of cyber security at CESG, told RSA Conference 2016 in San Francisco.

“We are starting to think about the extent to which government needs to be more interventionist and active in how it takes on some of these [cyber security] challenges – still with industry, but doing more than providing threat information and expecting companies to deal with it,” he said.

Hancock said that forming a body devoted to cyber security and bringing together the UK’s cyber expertise will “transform the UK’s approach” to tackling cyber security issues.

Read more about cyber security

The shape of GCHQ's involvement

Announcing plans for the NCSC, Osborne said it will host a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”.

He also said the centre will be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact.

The NCSC – which is set to open in October 2016 – is to be based in London and will be led by Ciaran Martin, currently director general of government and industry cyber security at GCHQ.

He is responsible for shaping and directing GCHQ’s engagement with government, industry and academia on cyber security and information risk.

Martin also develops and sustains GCHQ’s international engagement for information assurance.

Ian Levy, currently technical director of cyber security at GCHQ will also join NCSC in the role of technical director.

Focusing on the online threat

In setting up the NCSC, the government said it will adopt “structured consultation” with the private sector to raise awareness of government intent, to undertake “genuine dialogue” that shapes service delivery, to demonstrate serious commitment to listen, and to develop “sustainable engagement channels”.

Robert Hannigan, director of GCHQ, said that – given the industrial-scale theft of intellectual property from UK companies and universities – the NCSC shows that the UK is focusing its efforts to combat the threats online.

“Ciaran will be an excellent chief executive who will ensure that the NCSC will continue the outstanding work done by all of the existing organisations to protect national security and our economic success,” he said.

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

The active involvement of GCHQ and CESG in addressing the systemic impersonation and fraud that threaten to cripple confidence in the security of UK-based Fintech is welcome .... But not if it means blocking the use of deploying technologies which cripple national cyberwarfare capabilities (including our and those of our current allies) by blocking zero day exploits or checking the device used and its location before using a variety of techniques to confirm the identify of the individual supposedly using it. The City of London is a global hub where Chinese, Indian and South American, French and German security experts work alongside Britons and Americans to protect their employers clients, including from surveillance by nation states which are supposedly our allies. That will require the Leopard to change more than its spots. If it can succeed in doing so, it will, however, greatly improve its value to UK plc.