‘Free market failing cyber security industry,’ warns GCHQ chief

© Dado Ruvic
Britain’s electronic spy chief has called on the government to intervene in the cyber security industry after admitting the free market is failing to meet the needs of businesses at risk of attack.

GCHQ Director Robert Hannigan told an audience on Tuesday at IA15, the government’s information assurance event, that the global cyber security market is “not quite right” and that standards need to be improved.

Speaking at the same event, GCHQ’s Director-General for Cyber Security Ciaran Martin warned major cyber-attacks on energy supplies, nuclear power stations, and the defense industry are expected in the near future.

His warning comes two weeks after British telecoms firm TalkTalk was targeted by hackers, who exposed thousands of customers’ personal details. In the words of government officials, this served as a “wake up call” for organizations with weak security.

Speaking at the government’s annual information security event, Hannigan said the free market is failing to meet the security needs of nation states.

It is time to take a hard look at whether the international market for cyber security is working sufficiently well … something is not quite right here. What is also clear is that we cannot as a country allow this situation to continue,” he said.

Standards are not yet as high as they need to be. The global cyber security market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear. The normal drivers of change, from regulation and incentivization through to insurance cover and legal liability, are still immature.

Those charged in government with national security have worried about the top-end threats for some time … there is no doubt — significant cyber-attacks will become more common, not less in the coming period,” he added.

Hannigan said the UK is lucky to have avoided a serious incident, like the cyber-attack on Sony Pictures last year, which the US government alleges was committed by North Korea.

He added it was up to businesses to improve their security and that GCHQ is not responsible for protecting private infrastructure.

GCHQ’s cyber-security chief Ciaran Martin gave a talk at the same conference in which he warned the cyber-threat to critical infrastructure in Britain is “chronic, advanced and persistent.”

Martin said the spy agency is identifying 200 cyber-attacks every month, twice the number reported last summer.

These are attacks that are of significance to national security. That is either because of who the aggressor or the victim is or because of the nature of the attack,” he said.

GCHQ has come under fire in recent years after revelations of its extensive bulk spying programs were revealed by former NSA contractor Edward Snowden.

In June, the listening post was found to have illegally spied on two human rights groups by the Investigatory Powers Tribunal (IPT).

Legislation introduced to Parliament last week, dubbed the ‘new snooper’s charter,’ seeks to grant the spy agency legal authority to hack smartphones and computers operated by British citizens.

The government admitted in February that MI5, MI6 and GCHQ were hacking into computers, servers, routers and mobile phones using the Intelligence Services Act 1994, which does not give explicit authorization for such practices.