UK security bodies need more agility, says ex-GCHQ CIO

Former spy agency boss explains that real-time data-sharing is paramount to enabling fast response to cyber threats

The ability of the UK to defend itself against cyber attack is suffering due to a lack of real-time data-sharing, according to a former GCHQ CIO.

Nick Hopkinson, now head of cyber at outsourcing firm CSC, told Computing that timeliness is paramount when it comes to cyber security.

"The quicker you respond, the quicker you limit or prevent damage. It's no good responding to an attack that happened weeks ago. By that time your data has long gone."

Hopkinson explained that the US benefits from quicker response times, thanks to its ability to rapidly share threat information between public and private sector organisations.

"The US has mechanisms designed to promote real-time data-sharing. This protects both commercially sensitive and nationally sensitive information.

"It enables a reasonably full level of information-sharing on potential mitigation strategies and, of course, details of the threats themselves. This intelligence is immediately shared around the entire network."

He added that hackers, whether well-funded criminals or nationally sponsored groups, are able to modify their attacks quickly, meaning that any information-sharing must happen equally quickly for it to be of value.

He also conceded that it can be impossible to defend against a sufficiently persistent and well-funded attacker, but a prompt realisation that a successful attack has happened can help to limit potential damage.

"There is no perfect defence against being penetrated by a persistent attack, but the key is being able to respond quickly once you've been breached."

Hopkinson also stated that the government's cyber security hub, which is designed to enable data-sharing between the UK's public and private sectors on cyber security issues, has some way to go before it is capable of allowing sufficiently fast communication.

"I'm sure that fast communication is the goal of the cyber security hub, but it still has hurdles to overcome before it enables real-time data-sharing."