The head of GCHQ is to make the case for a “genuinely national effort” to help improve the UK’s cyber security.
Director Jeremy Fleming will stress the need for continued and increasing collaboration between government, academia and industry partners in the UK and abroad when he makes a keynote speech in Scotland on Wednesday.
He will argue that the technological revolution brings with it “increasing complexity, uncertainty and risk”, telling an audience in Glasgow it brings “new and unprecedented challenges for policymakers as we seek to protect our citizens, judicial systems, businesses – and even societal norms”.
The director of the agency often referred to as Britain’s listening post is one of the main speakers at the CYBERUK 2019 conference at the Scottish Event Campus.
He is expected to tell an audience of 2,500 people from across the tech community about the need for new policies and new ways of thinking to complement existing approaches to dealing with cyber security threats.
The GCHQ chief is due to highlight the impact of the Active Cyber Defence programme, saying that by last month the UK-hosted share of global phishing dropped below 2% for the first time, down from 5.4% in 2016.
Also that year, HM Revenue & Customs (HMRC) was the 16th most phished brand globally, but today it is ranked 146th and accounts for less than 0.1% of all phishing emails.
“Our protective DNS system for the public sector blocked access 57.4 million times with malware such as Confiucker – malware from 2008 – still running in public sector networks,” Mr Fleming will tell the audience.
He will encourage businesses in all sectors to work with GCHQ to find new ways of incorporating these automated services, saying: “If enough do, the results could be truly transformational – a whole-of-nation, automated cyber defence system”.
He will also talk about how National Cyber Security Centre (NCSC) analysts are now sharing time-critical, secret information with the private sector in a matter of seconds.
Mr Fleming will say: “In the coming year, we will continue to scale this capability so – whether it’s indicators of a nation state cyber actor, details of malware used by cyber criminals or credit cards being sold on the dark web – we will declassify this information and get it back to those who can act on it.”
He is to make the case that improving the cyber security of the UK is only achievable if we “build a genuinely national effort – with more connections and deeper cooperation with the private sector and even closer working with our partners and allies”.
He will add: “To make this a success, our strongest defence and most powerful weapon will be our ingenuity – our ability to imagine what has yet to be imagined. To see further into the future than anyone else.
“Our vision for the next stage of the UK’s cyber security strategy aims to do just that. The prize is great – a safer, more successful UK.”