GCHQ to help firms combat cybercrime


Francis Maude: "We're looking to develop hubs so knowledge can be brought together, enabling both private and public sector to protect themselves"

Related Stories

The government plans to share tactics and technology with businesses to combat cybercrime and protect the UK's growing internet economy.

Intelligence agency GCHQ will work more closely with firms and could share its technology commercially.

The government says internet business generates about 6% of the UK's GDP - more than agriculture or utilities.

Its Cyber Strategy also encourages courts to use powers to restrict computer use by cyber criminals.

Constant attacks by cyber criminals, activists, hackers and foreign states trying to steal official and commercial secrets mean cyber-attacks are now ranked on a par with international terrorism as a threat.

'World class expertise'

The government says there are more than 20,000 malicious emails sent to its networks each month, 1,000 of which are deliberately targeted.

Ministers have set aside £650m of new money to better protect key infrastructure and defence assets from "cyber warfare".

The strategy published on Friday says that about half of that money will go to the government's listening post - GCHQ - in Cheltenham to increase its ability to fight off cyber attacks.


The new cyber strategy makes clear that an effort is required from government, industry and the public working together.

The challenge will be co-ordinating that and driving the strategy through so that it actually delivers what it promises.

Even within government, the ministerial overlaps are complex with the Foreign Office, Ministry of Defence, Department for Business Innovation and Skills as well as the Cabinet Office and others involved.

Private businesses are sometimes nervous of sharing data about cyber attacks with others for fear of the impact on customers or the help it might give competitors.

And establishing where the balance of responsibility for security lies (and therefore the cost when things go wrong) between security companies, GCHQ, government departments, ISPs, businesses and individual internet users is no easy task.

Ministers say they are also looking at ways that GCHQ's "world class expertise" in the area might be used to help businesses - for example looking at whether encryption techniques and other expertise that is not considered top secret might have commercial applications.

The government also plans a new Defence Cyber Operations Group - which will include a unit at GCHQ which will develop "new tactics, techniques and plans to deliver military effects, including enhanced security, through operations in cyberspace".

Much of the strategy focuses on improving links with the private sector on the issue of cybercrime - with "hubs" to allow information to be shared on cyber threats and a pledge to look at new ways to bring together businesses, academics and government to exploit the latest innovations in tackling the threat.

The government says the internet is a growing part of the UK economy - predicted to create 365,000 jobs over the next five years. Cabinet Office Minister Francis Maude told the BBC the aim was to "make the UK one of the most secure places in the world to do business".

"The attitude at GCHQ, the willingness to collaborate with the private sector is very clear and evident ... we're looking for ways for GCHQ to collaborate with the private sector, looking at the commercial exploitation of some of their intellectual property and capability."


Individuals will be given more help to protect themselves, amid a warning from GCHQ that 80% of successful attacks could be thwarted by following simple steps like updating anti-virus software regularly.

The strategy suggests "kitemarking" cybersecurity software to help consumers and businesses avoid "scareware" - software which purports to be helpful but is, in fact, malicious.

But the strategy also urges police, prosecutors and the courts to use existing powers to restrict and monitor computer use by convicted cyber criminals, who are considered likely to strike again online.


Protecting your computer:

  • Install anti-virus and anti-spyware software, and turn on your firewall
  • Update your operating system
  • Use up-to-date applications, such as your web browser or word processing package
  • Encrypt your wireless network
  • Block spam emails

Staying safe online:

  • Use strong passwords
  • Do not give away too much personal information on blogs and social networking sites
  • Activate privacy settings on social networking sites
  • Do not open email attachments from people you don't know

Source: Get Safe Online campaign

The Ministry of Justice and Home Office will also consider whether orders restricting internet use can be enforced using "cyber tags", software which triggers automatic warnings to the police or probation service that a suspect is breaching an order.

And all police forces will be encouraged to follow the lead of the Metropolitan Police and train "cyber specials" with expert knowledge of cybercrime.

David Clemente, a cyber security expert at Chatham House, told the BBC the government's strategy was a "promising step" - but it would be a challenge to deliver the dozens of actions listed when government spending is so tight.

Earlier this month, Iain Lobban, the head of GCHQ, told a cyber security conference in London that a "significant" attempt was made to target the computer systems of the Foreign Office and other government departments over the summer.

Baroness Neville-Jones, the PM's special representative to business on cybersecurity, said Russia and China - who both attended the conference - were some of the worst culprits involved in cyber-attacks.

Foreign Secretary William Hague has said cyber-attacks could become a major threat to the country's economic welfare and its national infrastructure, such as electricity grids.


More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 116.

    Protecting information, even the information that is on or passes through IT systems, requires considering not only the technical threats but also the physical and people related aspects that could be exploited. Focusing solely on the technology will leave gaps that can be compromised. The new group must consider the overall picture not just one aspect. This is not just for IT techies.

  • rate this

    Comment number 113.

    The best security for public or private sector businesses is physical - do not have vulnerable or sensative data on a network that has any form of connection to the internet. You then only have to police what people bring to and from the system. With many cases reported in the media of data being left on usb sticks/laptops on the train: Why were they on there? They shouldn't leave the office.

  • rate this

    Comment number 20.

    The glory of the internet is its relative freedom from all those who want to protect us for everything 'not good for us'. Its up to individuals to take the simple steps necessary to secure their own systems. Soon after governments get involved they will be coming up with ways to stop us viewing adult sites, buying unhealthy food, and doing anything nayghty at all. Groan.

  • rate this

    Comment number 6.

    I spent a long career in an IT company. Whilst we thought the IT security rules they had were often overkill, the public sector in particular and public in general are at least 20 years behind when it comes to IT security and basic processes are poor (as the phone hacking episodes showed). Cyberthreats make the problem much more serious and threaten commerce as well as national security.


More Politics stories



Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.