Potential of ‘formidable’ Five Eyes alliance hailed by intelligence chief

The “enormous” potential of the Five Eyes alliance to work together to improve cyber security has been hailed by an intelligence chief as he attended a major conference.

UK, US, Canada, Australia and New Zealand representatives have all been meeting at the National Cyber Security Centre (NCSC) annual conference CYBERUK in Glasgow on Wednesday.

They have been discussing their experiences and how they work together to defend against shared cyber security threats during public sessions at the Scottish Event Campus – the first time the five members of the alliance have done so in the UK.

Ciaran Martin, CEO of the NCSC, said the intelligence alliance has been brought into the public sphere by the modern digital world and the need to engage with a range of people and organisations.

Speaking to Press Association Scotland at the conference, Mr Martin said: “I think it’s exciting to show off this formidable powerful alliance, not just in terms of what we’ve achieved in the past but our plans for the future in cyber security.

“I think we’ve been brought out into the open by the modern digital society and the need to engage with industry, the need to engage with other international partners, the need to engage with victims of cyber attacks.

“And I think the potential for us to work together to secure our digital futures is absolutely enormous.”

He told how the alliance faces common problems.

“We did an interesting study recently which showed that we’ve detected the breach of the password “123456” was made 23 million times across the world. That didn’t just happen in the UK, didn’t just happen in the Five Eyes.

“But I think what it shows is that at one end of the worry spectrum you’ve got highly-sophisticated state actors threatening us and threatening our interests and our common values across the Five Eyes, but in other respects you’ve got basic vulnerabilities in the way digital technology works and the way people use it that leave us all more vulnerable than we should be.

“We can work together on both to make sure we’ve a more digitally secure future.”

He said that people are more aware of cyber security than they used to be, but added that “sometimes we’ve made it too hard as government or as technology providers for them to use technology safely in a way that’s easy for them”.

Mr Martin said: “We have to spend more time than I think we’d like dealing with some of the more basic attacks – but those basic attacks hurt people, they hurt organisations and they hurt our economy and our society.

“One of the exciting things about this conference is we’re looking at things where, for example, it used to be the case that UK Government brands like HMRC the tax authority were one of the most spoofed in the world – it was in the top 20 most spoofed brands. It’s now away outside the top 100 because we’ve done some really clever things.

“What about if we scale that up not just in bits of the UK Government but everywhere in the UK, everywhere in the Five Eyes, everywhere in the allied world? It would be enormously powerful and keep us all safer.”

Meanwhile, the head of GCHQ has made the case for a “genuinely national effort” to help improve the UK’s cyber security.

Director Jeremy Fleming stressed the need for continued and increasing collaboration between government, academia and industry partners in the UK and abroad when he addressed the conference.

The director of the agency often referred to as Britain’s listening post argued that the technological revolution brings with it “increasing complexity, uncertainty and risk”.

He told the audience that “getting cyber security right is critical for the UK’s future”.

“Whilst I think we’ve made a good start, the next stage of our strategy is even more critical. And it’ll need a national effort if it’s to succeed,” he said.

He called for deeper cooperation with the private sector and closer working with partners and allies, but added that “knowledge sharing must go two ways”.

He said: “A fundamental principle of the NCSC has always been to be more open, more transparent with the information we obtain.

“We’re already doing that and are committed to share even more in real time, to help business and Government defend themselves and the UK.”