- GCHQ, the top secret Government agency which taps communications
and collects data from spy satellites, has set up a team to market its
services to industry and the public sector.
- GCHQ's Communications-Electronics Security Group (CESG)
has advertised in the trade press, set up stands at exhibitions and produced
several glossy brochures to attract customers. Services offered include
access to the expertise of CESG's professional computer "hackers",
who can carry out "hits" on clients' systems to identify any
weaknesses which might be exploited by infiltrators.
- John Doody, the CESG's head of customer services, said:
"We've come out of the dark. We shouldn't be seen as part of the secret
state. Our business is overt. How we do some of it is covert, but we have
thrown open the curtains. Our public profile is as high as it's ever been.
People are knocking on our door."
- CESG, based at GCHQ's Cheltenham site, helps to produce
ultra-secret cryptographic products which protect sensitive Government
computer and telecommunications systems. Much of its work is for the Ministry
of Defence. It also assists other agencies in fighting computer viruses
and data espionage. Its most secret work will remain highly classified,
but the organisation has formed partnerships with the private sector to
- The move is partly intended to help cover the agency's
costs, but it also reflects the fact that many critical national services,
such as public utilities, are now provided by the private sector. Mr Doody
said: "Government no longer sits within a nice white picket fence.
It has connections to all sorts of other utilities, and if we and they
haven't got our acts together, the national interest is at risk."
- The agency uses a team of about a dozen "superhackers".
Mr Doody said: "Let's say that they are good lateral thinkers - they
don't necessarily follow the predicted paths through a system." They
are "very carefully vetted" and - unlike in the United States
- the Government refuses to use "turned" ex-hackers for the job.
With the consent of their "victims", they test systems by trying
to break in and obtain information.
- From October, they will be available to instruct commercial
customers and do some inspections of sensitive commercial systems with
the launch of the CESG's "IT Healthcheck" service. Other services
already available from CESG include risk assessment, advice on cryptographic
equipment and training for private computer security consultants. Mr Doody
said: "It's been a big cultural change for us. We're trying to get
past the picture of security as men who only say no."
- The change has been made more urgent by Tony Blair's
recently-stated wish to have at least a quarter of all Government business
undertaken electronically within the next decade. Mr Doody said: "We're
at a watershed. The more we do things electronically, the greater our vulnerability
is if we don't grasp the problem of security up front. It may come to a
point where it takes a major incident to get us to take the issue seriously."