News Article

GCHQ Director speaks at the launch of the National Cyber Security Centre's second Annual Review

Last Updated: 16 Oct 2018
Topics: Cyber security
Director marked the achievements of the NCSC as it strives to make the UK the safest place to live and do business online.

News article - 16 October 2018

At the launch of the NCSC Annual Report, the Director spoke about the need for technology to be made automatically safer, the patterns the NCSC is seeing in cyber threats, how we disclose threats, the importance of partnerships, innovation and new ways of working, and how the UK must continue to think strategically about our national response to the new generation of technology. 



Jeremy stands at a lectern, speaking
Jeremy Fleming speaks at the NCSC 2nd Annual Review. ©GCHQ/NCSC 2018
Director Jeremy Fleming, Director GCHQ, said:

"Thank you to the Minister, and for his support both to NCSC and to GCHQ as a whole. It's a pleasure to have him here today to mark the second year of the NCSC and the launch of the Annual Review.

"It's also a proud moment for me as Director of GCHQ to mark the team's achievements – I want to thank them for all of their efforts in striving to make the UK the safest place to live and do business online.

"That's a powerful vision and a stretching target – but I think you can see today that we are making real progress. And in doing so, we are having measurable impact on the cyber health of the nation. So, thank you to Ciaran and the whole NCSC team.

"But of course, one of the cornerstones of our approach is that we in the NCSC, in GCHQ and in wider Government can't deliver that alone. We have to do it with a new range of partnerships. These are international, national, regional and local. They span the public sector, private sector, academia and professional bodies. And many of you are in the room today – I'd like to thank you for all of your support and especially for the sense of partnership in which you have approached our shared task.

"It's great to see you all here today.

"The Minister talked powerfully about the need for technology to be made automatically safer.

"The NCSC is leading the world in this. It is drawing on the wider expertise of GCHQ and of business to support the Government's ambitions to be a first rate digital power. It aims to make the cyber environment safer for business and for the consumer in ways they won't necessarily notice. But it will remove large chunks of cyber threat from their on-line experience.

"The details are in the review before you today. But I'd like to single out the work on what we call 'Active Cyber Defence'. In February, we set out a detailed public report on the evidence of the first set of these initiatives. We showed that as a result of some relatively simple, strategic approaches more than four and a half million malicious emails were being automatically blocked every month; more than 2,000 urgent problems in public sector websites were being identified and fixed; the UK's share of phishing sites had halved - it's now at just 2.4 per cent against more than 5 per cent two years ago.

"This is real, measurable, verifiable progress. It's being delivered openly and transparently. And it's setting an international standard for what's possible if we think about cyber threats in a strategic way.

"And we need a strategic response because the threat is not going away.

"We've tracked its development over the last two decades. It's accelerating and diversifying. And with two years of operational work behind it, the NCSC is seeing patterns in its development.

"Some of the numbers are stark. We've seen 1,100 incidents since the NCSC was established. That's just under 10 a week.

"And the majority of these come from states who seek to do us harm. Some of this has played out in a very public way over the last few months. The statecraft for pushing back on this activity is developing. But it's become obvious that one of the most important tools in our armoury is the work happening here. We're attributing attacks and providing detailed guidance to industry and the public sector to help them get ahead of the threat.

"That's why the Foreign Secretary's attribution of half a dozen serious cyber attacks to Russia was such an important moment. That it was so closely coordinated with American and Dutch and other allies, and accompanied by eight pages of detailed technical indicators, made it even more effective.

"This is the whole of GCHQ at its best: high-level detection supported by public disclosure of real evidence that leads to real action. This is an approach that goes way beyond Russia: it goes to tackling the many other forms of cyber threat to the UK.

"It also points to two things that are critical to our future success:

"The first is the importance of Partnership. The successes of recent months came from a collective effort across the intelligence, law enforcement and wider cyber defence communities here and overseas.

"So much of what the NCSC does depends on someone else – some of these are established relationships. But many are new. This isn't rocket science. It turns out that when industry, academia, policing and business are invited into the security tent, the very fact of the new connections and communities that creates leads to better cyber security.

"And that's why we are ambitiously expanding our partnerships in everything we do. From having law enforcement integrees here at the NCSC, to doing joint advisories with the Department of Homeland Security, and to establishing an academic centre of excellence in every part of the UK.

"The second factor I'd highlight is the need to put technology expertise at the heart of policy making. This requires yet more innovation and new ways of working.

"Clearly technology is now at the heart of our society. It's creating massive opportunities, and new risks. It's also moving at a pace where we know we have to be more agile and responsive – to operate at internet speed – if we're serious about keeping the country prosperous and safe.

"And that includes public policy. This is another area where the NCSC is leading the way.

"Whether that's in thinking strategically about our national response to the new generation of technology - 5G and quantum computing come to mind – or in helping to evolve thinking about AI and security. The NCSC is bringing real world expertise, new partnerships and a very practical approach to delivery.

"As Director of GCHQ I am passionate about making sure as a nation we get technology right in the years and decades ahead. The NCSC is showing how this can be done. We can be proud of what's been achieved in only two years and determined to build on that strong platform.

"Thank you for your support.

"It gives me great pleasure to hand over the baton to Ciaran to talk about our plans for the next phase of the NCSC."