Jeremy Fleming, Director of GCHQ, the UK intelligence and security organisation, is expected to tell an audience in Glasgow today that the nation’s best defence against cyber attack will be to “see further into the future than anyone else.”
In a speech to the CyberUK Conference, being held at the Scottish Event Campus, Fleming will outline his vision of GCHQ’s “cyber security mission” and underline the need for “continued and increasing” collaboration between government, academia, and industry in the UK and abroad.
“To make this a success,” he is scheduled to say, “our strongest defence and most powerful weapon will be our ingenuity – our ability to imagine what has yet to be imagined. To see further into the future than anyone else. Our vision for the next stage of the UK’s cyber security strategy aims to do just that. The prize is great – a safer, more successful UK.”
Fleming believes that the technological revolution is “providing extraordinary opportunity, innovation and progress – but it’s also exposing us to increasing complexity, uncertainty and risk.” And that it “brings new and unprecedented challenges for policymakers as we seek to protect our citizens, judicial systems, businesses – and even societal norms.”
Fleming will set out the need for new policies and new ways of thinking to complement existing approaches to dealing with these threats. He will cover the role of the citizen, GCHQ’s work to protect national infrastructure, and the need to expand the cyber security ecosystem.
Drawing on the recent results of the UK Cyber Security survey, which found that only 15% of people said they knew how to protect themselves online, he will outline how a plan “to do more to take the burden of cyber security away from the individual.
“We will continue to work closely with device manufacturers and online platform providers to build security into their products and services at the design stage. We will work with ISPs to enhance the security of internet-connected devices in the home. And we will share intelligence with banks to enable them to alert customers to threats in close to real time.”
Fleming will set out set out how the National Cyber Security Centre, part of GCHQ, will aim expand the cyber security ecosystem by using“its unique insights into the structural vulnerabilities of the internet in partnership with business to detect, disrupt and fix malicious online behaviour.”
As an example he will draw on the success of the Active Cyber Defence programme which uses automation to block attacks at scale in order to make the internet safer for people to use. Last month, the UK hosted share of global phishing dropped below 2% for the first time, down from 5.4% in 2016 when the programme began.
Fleming will point to the success gained from working in partnership with others: “HMRC is an excellent case study of a department leading the way in protecting its customers. In 2016, HMRC was the 16thmost phished brand globally, accounting for 1.25% of all phishing emails sent. Today, it is ranked 146th and accounts for less than 0.1% of all phishing emails. Our protective DNS system for the public sector blocked access 57.4 million times with malware such as Confiucker – malware from 2008 – still running in public sector networks.”
He will encourage businesses in all sectors to work with GCHQ to find new ways of incorporating these automated services “because if enough do, the results could be truly transformational – a whole-of-nation, automated cyber defence system.”
Improving the cyber security of the UK is only achievable if “we build a genuinely national effort – with more connections and deeper cooperation with the private sector and even closer working with our partners and allies.”
In order for this to work, Fleming believes, intelligence “must flow both ways”. For the first time, he will talk about how NCSC is sharing real-time cyber security information with industry. “We have made it simple for our analysts to share time-critical, secret information in a matter of seconds,” Fleming is expected to tell the audience of around 2,500 people.
“With just one click, this information can be shared and action taken. In the coming year, we will continue to scale this capability so – whether it’s indicators of a nation state cyber actor, details of malware used by cyber criminals or credit cards being sold on the Dark Web – we will declassify this information and get it back to those who can act on it.”