The National Cyber Security Centre (NCSC) was officially opened by Her Majesty The Queen Tuesday, February 14.
The NCSC brings together and replaces three existing cyber security organisations – the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and CESG (GCHQ’s information security arm) – and includes the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI).
The UK faces a growing threat of cyber-attacks from states, serious crime gangs, hacking groups as well as terrorists. The NCSC will help ensure that the people, public and private sector organisations and the critical national infrastructure of the UK are safer online.
The NCSC is at the cutting edge of proactively making Britain as safe as possible to both live and work online. Since launching in October 2016, the NCSC has already shown its huge value by working with the public and private sectors in building cyber security skills, developing innovative defences and helping to manage cyber incidents.
Ciaran Martin, former Director General Cyber at GCHQ leads it, while Dr Ian Levy, formerly Technical Director of Cyber Security at GCHQ, is Technical Director.
Speaking at the launch, the Chancellor announced the creation of Industry 100 – a pioneering initiative that will grant 100 highly competitive NCSC secondments to private sector staff who will work in the centre to bring innovation that wouldn’t have been possible without collaboration.
The Rt Hon. Philip Hammond MP, Chancellor of the Exchequer, said:
“As Chancellor I know how significant our digital sector is for the UK economy – worth over £118 billion per year.
“This cutting-edge centre will cement our position as world leader in cyber security and work carried out here will ensure our country remains resilient to potential attacks.
“Britain is transforming its capabilities in cyber defence and deterrence. It’s crucial we take action now to defend ourselves and protect our economy.”
The NCSC Industry 100 initiative will embed by open invitation up to 100 personnel from industry into the NCSC by the end of the FY17/18.
The aim being to bring government and industry expertise together to work collaboratively and at scale to improve the identification of threats and vulnerabilities, and to enable the development of mitigation advice to reduce the impact of future cyber attacks.
The NCSC says the UK is facing about 60 serious cyber-attacks a month. There were 188 attacks classed by the NCSC as Category Two or Three during the last three months. And even though the UK has not experienced a Category One attack – the highest level, there is no air of complacency at the NCSC’s new headquarters.
NCSC Technical Director Dr Ian Levy said:
“We’re actively working to reduce the harm caused by cyber attacks against the UK and will use the government as a guinea pig for all the measures we want to see done by industry at national scale.
“This includes everything from free website vulnerability scanning for public sector and proactively taking down tens of thousands of phishing sites, to our world leading CyberFirst campaign to encourage teenagers to become tomorrow’s cyber security pioneers.
“These initiatives illustrate the sort of cutting edge innovation the NCSC will spearhead to make Britain as safe as possible to both live and work online – and we’ll do it transparently, driven by evidence and publishing our results.”
Ciaran Martin gave the following speech at the official opening today:
Let me briefly say some words of thanks and then set out some plans.
Her Majesty The Queen and His Royal Highness coming to open our new headquarters is a very proud day for so many of us.
As a national centre, we are dependent on the skills and support of many others. I am delighted so many of you are here today. It is a pleasure to welcome:
- our partners from the rest of the intelligence community, the Security Service and SIS – probably the most integrated such community in the world
- our outstanding colleagues from the defence, military and policing communities
- our colleagues in government departments with whom we work to protect citizen data and expand the digital economy
- our academic colleagues
- our vital international partners
- and of course, our colleagues and friends in the private sector
And I would like to say a special word about my own team. Today’s event is an incredible effort from a brilliant bunch of people; the best I’ve ever worked with. The most exciting part of working with them is the visible commitment we all share to building something brilliant and enduring. It’s an exhilarating ride and it’s only just beginning.
We’re here to build a lasting national asset, supporting the No1 digital economy in the world. We want to write the next amazing chapter in the history of GCHQ, a world class organisation. Let me tell you what I think success looks like.
It doesn’t mean we have no cyber attacks. We’re a prosperous, digitally advanced, important country so people are going to attack us. That’s a fact of modern life. But when someone attacks the UK I want them to think of us as the hardest of targets. We’re good at cyber security in the UK. But we need to get even better.
Here’s what we want the future to look like. If you’re an attacker and you’re going to attack the UK, here’s what you’re going to face:
- you’re going to have to be pretty good – thanks to our technological improvements and higher cyber security standards across the whole country, we’ll have made sure that the basic attacks are no longer getting through
- if you do get through, there’s an even higher chance we’ll detect you and we’ll be able to advise the government quickly on how best to respond
- if you’re attacking a critically important system, you’ll have to get past the state-of-the-art-security we’ve helped the company or department build into the system – and we’ll be working seamlessly with people we already know in the organisation to kick you off the network
- and if you’re trying to harm British consumers, know that we’ll be out there, early and clearly, telling those affected by the attack what they need to do to deal with it
That means you’ll be able to do less harm. The hardest target for adversaries. Making us the best place to live and work online.
That’s our mission. It’s ambitious. We will make mistakes. Initiatives will disappoint. Things will go wrong. Bear with us, because we’ll make it work for the whole country.
As well as bearing with us, please work with us. All our government, security, military, law enforcement, and international supporters will have a critical role to play. But in particular this will be about business and the private sector. At our worst – and if we’re honest both government and industry can be as bad as each other sometimes – we can sit around at conferences, meetings and dinners admiring the problem and calling for more of the same.
At our best, our collaboration can be awesome. Let’s move into that new era of hard outcomes, innovation and collaboration.
That next phase of collaboration starts here today in London. Today, London becomes a key global player in the fight against the world’s biggest and fastest growing threat – and it is the perfect location for the National Cyber Security Centre. It was consciously chosen as the location for our operational nerve centre, as it is the perfect place to coordinate our cyber security and manage incidents across the UK. That is why we are here today, in a new building in the heart of London.
But we are a national centre and we will serve the whole country. We are pleased to welcome here today representatives of each of the devolved administrations. You’ll have seen the display of new software we’ve designed which will help local authorities work out how vulnerable their websites are and what they can do to fix them.
We look forward to planning the next phase of our agenda with you at the CyberUK event in Liverpool next month. Part of that agenda is skills. Our collective efforts require the best. And the best way to do that is to invest in the young.
You will have seen some of the future here today. Her Majesty the Queen just met Cerys – who turns 13 on Thursday. She responded to our CyberFirst competition asking schoolgirls to decrypt cyber puzzles by sending in her very own encoded messages, which were a challenge even for our most experienced cytographers.
Kimberley is here too – at 12 years old she’s too young to enter the competition so is passing the time setting up a really good website.
We also have Anthony, a CyberFirst bursary student. We have Aqeel our Arkright scholar. Cat, our apprentice. Ciara who is with us on an industrial placement. They are with us today and I hope part of our national effort for decades to come.
Finally, none of this can happen without the support of the leaders of our government. Without them we don’t have the money, momentum or powers to do what we need. My sincere thanks to the Chancellor, the Home Secretary, the Secretary of State for Defence, the Minister for the Cabinet Office and the Minister for the Digital Economy – not just for coming today, but for the considerable support each of them has given to the NCSC and the government’s commitment to cyber security. Thanks to the Prime Minister and the Foreign Secretary, who can’t join us today, for their unstinting support to GCHQ and British intelligence.
So it is fitting, and an honour, to ask a minister to provide the keynote of today’s proceedings who has been an outstanding supporter of GCHQ, the NCSC and our cyber security in three successive senior cabinet posts over more than half a decade. I speak of course, of the Right Honourable Philip Hammond MP, Chancellor of the Exchequer.
Thank you, and here’s to the NCSC.
As well as protecting against and responding to high-end attacks on government and business, the NCSC also aims to protect the economy and wider society. The centre will be working on a voluntary basis with political parties and giving advice to high-profile individuals – including MPs – on how to protect their sensitive data.
The UK is already targeting computers in other countries being used for cyber-attack, particularly if there is no possibility of prosecution or for co-operation with authorities where the hackers are based.
The NCSC aims to be more public facing and accessible. It will also protect a far wider range of sectors, rather than just government and national security-related industries, like defence. GCHQ will still be the parent body for the NCSC, meaning it can draw on the intelligence agency’s skills and capabilities.
Get the latest news and information directly on your Android, BlackBerry, iOS or Windows smartphone and join us on BBM Channel C00040F5B. We also have a brand new Facebook page here.