Industry weighs up GCHQ cyber protection plans


Industry watchers have cautiously welcomed plans to get GCHQ to advise private sector firms on how to protect themselves from cyber attacks.

According to a report in the Guardian newspaper, the government surveillance agency will provide the bosses of some of Britain's biggest firms with advice on protecting their online services from cyber criminals.

"GCHQ now sees real and credible threats to cybersecurity of an unprecedented scale, diversity, and complexity", said GCHQ director Ian Lobban.

The Guardian report cites figures from a new GCHQ publication, Executive Companion - 10 Steps to Cyber-Security, which claims that "thousands" of IT systems are compromised by hackers for commercial reasons every day, jeopardising Britain's economic security.

The government can't just give advice it needs to give practical help.

News of the initiative won the support of a slew of security industry watchers, although some have aired concerns over how effective GCHQ's attempts to educate businesses will be.

Rob Cotton, chief executive of information security specialist NCC Group, said GCHQ should provide training and support for businesses, not just advice on avoiding cyber threats.

"The government can't just give advice it needs to give practical help [in the form of] training for employees to reduce the social engineering risk, grants for businesses in need to bolster their security, and mandatory transparency to reduce the stigma of suffering a breach," said Cotton.

Orlando Scott-Cowley, security technologist at cloud-based email archiving vendor Mimecast, said GCHQ should also widen its remit to include a wider range of firms.

"There has always been a threat of cyber-attacks [against] UK businesses, but while it used to be the case that only high value organisations like banks or those dealing in intellectual property were at risk, today all businesses face this threat," he said.

"Being security-conscious' is the job of all companies, their management and their staff."

Mark Brown, director of information security at advisory firm Ernst & Young, added: "This is an appropriate short term solution, [but] the longer term cure for this problem surely involves re-evaluating the skills and knowledge gap in industry rather than government intervention."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.