GCHQ Prism allegations to be investigated by the Intelligence and Security Committee

ISC report details higher pay for GCHQ employees and slams debate of allocating counter-terrorism budget to cyber security

Parliament's Intelligence and Security Committee (ISC) is to investigate allegations that British spy agency GCHQ is tapping global internet traffic and phone calls for information that it is sharing with its US counterpart, the National Security Agency (NSA).

The probe comes after former NSA contractor Edward Snowden accused the US and UK spy agencies of snooping on phone calls and internet usage.

The ISC said it has taken evidence from GCHQ on the US Prism programme, with a particular focus on the allegations that the spy agency has "circumvented UK law".

"The committee will be investigating the actions of the intelligence and security agencies. We will publish our findings as soon and as fully as we are able, subject only to restrictions on grounds of national security or sub judice rules," the ISC said.

The committee's announcement coincided with the launch of the ISC Annual Report 2012/2013.

The report details the progress that the UK has made in its security efforts. One of the sections focuses on cyber security. The committee says that the Security Service has told it that foreign states currently pose the principal cyber threat to national security.

"While state actors continue to pose the greatest threat (China and Russia, for example, are alleged to be involved in cyber attacks), we have been told that a number of countries are also using private groups to carry out state-sponsored attacks," the ISC said.

But the ISC said that there does not yet appear to be a credible threat in cyberspace from terrorist groups such as Al-Qaeda.

Cyber defence: government and industry

The report claims that last summer over 200 email accounts across 30 government departments were targeted in an attempt to steal confidential information, while Whitehall's websites are constantly being targeted by distributed denial of service (DDoS) attacks.

The ISC claims that the government's systems' defences are "reasonably well developed", but that it is a constant challenge to ensure the appropriate cyber hygiene is maintained.

Government data could also be found with industry suppliers who have also been attacked, with cyber espionage resulting in Ministry of Defence data being stolen, the committee said it was told.

It pointed to a private firm that lost at least £800m as a result of cyber attacks, giving other companies an incentive to improve their defences.

"The threat that the UK is facing from cyber attacks is disturbing in its scale and complexity," the chairman of the ISC, the Sir Malcolm Rifkind, said.

[Turn to next page]

GCHQ Prism allegations to be investigated by the Intelligence and Security Committee

ISC report details higher pay for GCHQ employees and slams debate of allocating counter-terrorism budget to cyber security

"We support the government's efforts to raise awareness and, more importantly, to strengthen our nation's defences. The agencies continue to focus on countering hostile foreign activity and covert intelligence gathering. However, they acknowledge that much of their work remains preparatory. The scale of the UK's effort will need to be constantly reviewed against that not just of our adversaries but also our allies: the committee is concerned that this is an area where the UK cannot afford to fall behind," he added.

Resourcing cyber security

For the first time agencies have presented the ISC with figures showing the number of people involved in the cyber agenda. However, a Cabinet Office spokesperson confirmed to Computing that these numbers are not available to the public due to their sensitive nature.

Experts within the cyber field have long called for bigger pay packets to entice them to work for the government, and the ISC had previously recommended that the government re-examine what could be done to encourage retention of skilled individuals. It has now been informed that the GCHQ has implemented more flexible reward packages for "internet specialists".

The director of GCHQ, Sir Iain Lobban, said:

"Feedback from the opinion formers and some of the fiercest critics of the previous system has been very positive. We have had a couple of people withdraw resignations. We've had other people who have been adamant that they would leave now saying that they will stay."

He admitted that GCHQ would still never be able to compete with private firms in terms of salaries but he believes that there will be a much better pipeline of talent, and he thinks that people who GCHQ lose initially may even come back to work for the spy agency.

The ISC welcomed the decision in the recent Spending Review to extend funding for the National Cyber Security Programme into 2015/16, but it said that the extension was only for one year and called for the government to make its investment plans longer term.

"In order to plan effectively, the agencies will need assurances that this funding will continue beyond 2015/16 and crucially, that it will be incorporated into the agencies budgets rather than kept as a separate funding stream," the ISC said.

But the committee also slammed reports of a debate within government over whether funding for counter-terrorism should be reallocated to cyber security.

"There cannot be an either/or approach to addressing these significant threats: both areas must be adequately resourced," the ISC exclaimed.