Breaking News Emails
LONDON — The Government Communications Headquarters, Britain's code-breaking, eavesdropping equivalent to the U.S. National Security Agency, was once so secret an American journalist was expelled from the country for just naming the agency in a story.
For visitors who know this history, it's somewhat jarring to walk into the gleaming London offices of Britain's National Cyber Security Centre, a relatively new agency responsible for protecting Britain from cyberthreats. A sign at the entrance — just off a major London thoroughfare — proclaims the center a "part of GCHQ."
The cyber center is the answer to a problem Britain faced that is similar to one bedeviling the U.S.: No single entity was in charge of cybersecurity. And the best expertise resided in intelligence agencies, where most of the input and output is highly classified.
The center, which is celebrating its second anniversary Tuesday, seeks to fulfill its mission of keeping British consumers, companies, and government agencies safe in cyberspace by giving advice, helping mitigate hacks, and doing battle online with nation-state adversaries that deploy far more resources on cyber offense than any single company can match on cyber defense.
The agency makes use of classified threat information from GCHQ but finds a way to push it out, sanitized of sources and methods, to the business community and the public.
"The U.K. government is now routinely the first in the world at advising our own citizens how major global cyber incidents affect them," the center's director, Ciaran Martin, said during a press event Tuesday. "We get advice out literally within the hour. We have dealt with more than 1,100 incidents since the NCSC was formed."
Several other Western countries, including Australia and Canada, have created similar agencies. American officials say a one-stop-shop approach would make sense here, where the Department of Homeland Security, the FBI, the NSA and the military each have a role in cyber defense. But it would require the sort of political compromises that don't seem possible right now in Washington.
"I think it's a wonderful idea," said John "Chris" Inglis, who served for seven years as the top civilian at the NSA. "They've cracked the nut on collaboration because they do it at the lowest possible level."
He is referring to a huge problem that often hampers U.S. cyber defense: The NSA, FBI and DHS observe daily hacks by foreign adversaries, but the details are often classified because of the way they are obtained. Victims may or may not be notified. Corporate executives aren't sure who to call if they are hacked by a suspected foreign adversary such as China or Russia. DHS is supposed to protect critical infrastructure from cyberattacks but has a huge portfolio of other responsibilities; the FBI investigates cyber crime, often secretly; and the NSA faces severe restrictions on what it can do involving Americans.
A painful example occurred back in 2015, when the FBI first saw signs that the Democratic National Committee had been hacked by Russian military intelligence agents. The FBI case agent called the DNC and was transferred to a contractor on the help desk.
That contractor, according to multiple published accounts, was not quite sure he was dealing with an actual U.S. government employee. He saw no evidence of a hack, and took no action. The FBI failed initially to sound the alarm at higher levels. It wasn't until eight months later that DNC officials were convinced they had a problem — too late to stop the Russians from stealing a vast trove of emails later leaked in an effort to sway voters. What the NSA knew has never been made clear. DHS was not in the picture.
In Britain, the idea is that the National Cyber Security Centre would consider it part of its mission to make sure that a large organization such as the DNC was fully aware it had been penetrated by the Russians, and offer advice about how to mitigate the attack.
The agency also takes down malicious web sites and blocks dangerous domains.
In the past year, according to its annual report, the center has handled 557 incidents, shut down 139,000 phishing sites and produced more than 130 pamphlets or blog items offering cybersecurity advice. All told, in its two years the center has responded to more than 1,100 significant incidents, officials told NBC News.
Last year, the agency won plaudits for its response after Wanna Cry ransomware, developed in North Korea, hit Britain's National Health Service.
It happened late on a Friday, and the agency swung into action, successfully mitigating the damage with warnings, patches and other steps to block the malware, officials say.
Last week, the agency publicly accused Russia of being behind four major cyberattacks, including the DNC attack and one against an anti-doping agency in Montreal.
"That sends out a message that if you attack the U.K., we are going to hold you to account, and we are going to show people how to make your attacks less damaging. That's progress," Martin said.
In an interview with NBC News, he added, "At the top end of the threat, we're able to use world-class intelligence capabilities to detect and call out Russia on its malign behavior in cyberspace — and that's not just powerful diplomatically, it equips our companies with the evidence they need to go and look for intrusions, and to root them out."
A British intelligence official joked that because of the center the country had share more intelligence secrets with the public in the last 12 months than it had in the entire history of GCHQ, which famously broke German codes in both World Wars.
Still, British cybersecurity officials acknowledge they have a way to go in building public awareness about their agency.
According to the U.K. government's "Cyber Security Breaches Survey" for 2018, only 3 percent of businesses said they recalled relying on government information, advice or guidance.
Sometimes, when the center calls a company, the executives on the other end of the line aren't sure it's a real government agency, a senior official said. Brand awareness will take time.
In an effort to show the public what it does and how, the agency released a podcast Tuesday detailing how it responds to a major cyber incident.
"Our job is to make the U.K. the hardest target possible," said Paul Chichester, the agency's director of operations.