The UK government’s much-trailed National Cyber Security Centre has opened for business, with new headquarters to be established in an office development in Victoria, London.
The new location will be in addition to GCHQ’s Cheltenham base – Photo credit: Press Association
The centre, which was announced in April this year, aims to bring together the UK’s cyber security expertise and is being led by Ciaran Martin, the former director general for cyber at the signal intelligence agency, the Government Communications Headquarters.
The centre begins work as an organisation today, but its London HQ has not yet opened. According to a report in the London Evening Standard, the centre will be based in a new office development in Victoria, close to numerous government offices in Whitehall, and staff will move in towards the end of this year and the start of 2017.
The HQ will be in property developer Land Securities’ Nova development, where the Standards said that the rents range from £72 to £87.50 per square foot. The paper said that the government has signed a lease for two floors at Nova, which is part of Land Securities’ £2bn investment in the area.
GCHQ’s HQ is in Cheltenham, but the new national centre plans to have a more outward-facing role, and will work with businesses as well as government departments.
In his first speech in the role of leader of the centre, given at a conference in Washington last month, Martin said that it would aim to carry out “active cyber defence”, by working with industry to address large-scale, unsophisticated attacks that are prolific and doing a lot of damage.
“The great majority of cyber attacks are not terribly sophisticated. They can be defended against,” Martin said. “But far too many of these basic attacks are getting through. And they are doing far too much damage. They’re damaging our major institutions.”
Martin acknowledged that it was open to debate whether the government should get involved in countering attacks that target companies, but said that there was a legitimate role for it to take the lead. This, he said, would boost businesses’ and consumers’ confidence in the digital economy.
The National Cyber Security Centre will look at using a series of automated measures to make UK government networks the most secure, with the aim of demonstrating their efficacy so others take them on.
Martin listed some examples, which included work to stop people spoofing GOV.UK domains by updating its DMARC – Domain-based Message Authentication, Reporting and Conformance – policy to stop emails from the wrong IP sets.
Although his speech did not directly reference local government, the centre has previously said that it would work across all levels of government, and has come under pressure from local authorities to make sure that they are included in the plans. Earlier this year, local government representatives told PublicTechnology that councils must not be the “weak link” in cyber defence in the UK.
As part of the move, a number of smaller bodies, including information security arm CESG, the national computer emergency response team CERT-UK, and the Centre for Cyber Assessment, will be brought under the national centre’s remit.
This will see their websites merged into the national centre’s site and the transfer of social media feeds to @ncsc – however, at the time of writing, the new website was not active and the Twitter account is protected, meaning only users that are confirmed by the people behind the account can see the centre’s tweets.