GCHQ says market isn't coping with siege of 'chronic' cyber threats

With the UK alone facing about seven significant attacks a day, spy agency GCHQ is using its annual security conference to convince companies to beef up computer defences.

GCHQ reckons company security standards are not good enough to counter threats. Image: Crown Copyright

The time for staying calm about cybersecurity threats is over, according to UK spy agency GCHQ.

In the wake of the combined DDoS and hack of UK ISP TalkTalk, a senior official at GCHQ has revealed it's identifying 200 significant cyber attacks a month, up from 100 a month last year.

GCHQ is using its annual IA15 conference to hammer home the message that the UK faces unprecedented online attacks against private-sector organisations that threaten to undermine national security.

Officials are also attempting to convince business leaders to take security more seriously, without introducing new laws or regulations that force change.

Ciaran Martin, director general for cybersecurity at GCHQ, told conference attendees that the UK faced a "chronic, advanced and persistent" threat from hackers, warning that attacks on critical infrastructure could bring the nation to a standstill.

Robert Hannigan, director of GCHQ, will tell business leaders at the conference today that "something is not quite right" with the international market for cybersecurity, according to a transcript obtained by the Financial Times.

​Poacher turned gamekeeper? GCHQ issues advice on safer passwords

UK surveillance and intelligence agency GCHQ has come up with a list of best practice advice on the use of passwords.

Read More

According to Hannigan, security standards in the private sector are not as high as they need to be to counter the threats it sees, yet demand for cybersecurity remains patchy.

"The global cybersecurity market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear. The normal drivers of change, from regulation and incentivisation through to insurance cover and legal liability, are still immature," he will say.

"Those charged in government with national security have worried about the top-end threats for some time... there is no doubt -- significant cyberattacks will become more common, not less in the coming period."

As the FT notes, GCHQ has warned the UK prime minister that it is very likely the private sector will face an attack on the scale of that levelled against Sony Pictures in the US, yet the danger is not taken sufficiently seriously by companies.

It appears there's little appetite in the UK government for new laws or regulation that force companies to change their attitude.

However, following the TalkTalk breach, the UK's former counter-terrorism minister Hazel Blears said the government could require private-sector firms to have taken "necessary measures" before it would agree to contract with them.

GCHQ and the Department for Culture, Media and Sport yesterday announced a £6.5m ($9.8m) scheme to encourage more cybersecurity research and foster better connections between industry, government and academia.

Read more about cybersecurity