June 17, 2014 12:00 am

GCHQ to pass data to companies to fight cyber spies

  • Share
  • Print
  • Clip
  • Gift Article
  • Comments
GCHQ (government communication headquarters) in Cheltenham©PA

GCHQ in Cheltenham

GCHQ, Britain’s electronic spy agency, is to begin regular, bulk sharing of classified intelligence material with some of the UK’s biggest companies in an effort to combat the digital espionage threat.

The scheme will be announced on Tuesday by Sir Iain Lobban, GCHQ’s director, at a private conference with business leaders called IA14, hosted by the agency in London.

Underscoring the scale of the challenge posed by cyber attack, Francis Maude, Cabinet Office minister, will reveal at the conference that a “state-sponsored hostile group” hacked into the government’s intranet system and gained access to a system administrator’s account – giving them wide-ranging powers to target classified information and systems.

The attack was “discovered early” by GCHQ and damage was mitigated, Mr Maude will say.

According to a national security risk assessment produced by the National Security Council, cyber attacks by foreign states or organised criminal organisations are a top-level risk to the country, alongside terrorism.

Many of the UK’s biggest companies are scrambling to shore up their digital defences after a drive from the government to improve awareness of the threat posed to British businesses.

Officials from the Cabinet Office, which has been charged with co-ordinating the UK’s national cyber security efforts, and security agencies, including GCHQ and MI5, have been visiting City boardrooms to brief company directors on the digital threats they face.

But even the largest businesses, though well defended technologically, lack the intelligence-gathering capabilities in cyber space that allow them to safeguard their operations against new attacks or work out where they may come from.

GCHQ’s plan to share classified intelligence with the private sector “at scale and pace” will begin with companies who have already been vetted as suppliers to government networks.

Pending a security review of the arrangement, the Cheltenham-based agency will roll out the programme to provide intelligence to other companies whose business forms part of the UK’s vital national infrastructure, such as banks.

“We want to use our global intelligence capability [to] illuminate threats and allow effective actions to be taken to combat them,” a senior official at GCHQ said, underscoring a growing threat to UK interests through private-sector organisations.

“When I started we would talk about what adversaries could do. Now we are talking about what they are doing,” he added.

High-profile international incidences of internet crime and espionage have been made public.

US law enforcement agencies indicted five Chinese military officers with cyber spying in May, accusing them of hacking into the computer systems of large US companies and stealing sensitive trade secrets.

At the beginning of this month, UK and US authorities announced a global operation to disrupt one of the biggest internet malware operations, the GameOverZeus botnet. The network has infected more than 1m computer systems and is designed to allow its operators to steal banking credentials or demand ransoms to unlock frozen machines.

Related Topics

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.

  • Share
  • Print
  • Clip
  • Gift Article
  • Comments


Sign up to UK Politics, the FT's daily briefing on Britain.

Sign up now


Sign up for email briefings to stay up to date on topics you are interested in