Ciaran Martin to leave after ‘privilege of a lifetime’ setting up NCSC
Departing chief executive of cyber security centre recognised in New Year’s Honours list
Ciaran Martin will step down as chief executive of the National Cyber Security Centre, which he recommended to ministers and established.
GCHQ said it will appoint a replacement by the end of summer 2020. Martin will join King’s College, London as a visiting professor this autumn, with other positions to be announced later due to procedures governing the departure of senior civil servants.
“It has been the privilege of a lifetime to set up the NCSC and lead its brilliant people,” Martin said. “When we created the NCSC we set out to achieve something truly special, and I hope and believe we are leaving UK cyber security in much better shape. Challenges around securing technology are only going to get ever more complex so it’s right that after six and a half years that someone else takes this world-class organisation to the next level.”
- Life hacks – a year at the National Cyber Security Centre
- ‘The prospect of a category-one cyberattack is not receding’
- Five Eyes cyber summit – five things we learned
Martin, a career civil servant, joined the board of the UK’s signals intelligence agency GCHQ in December 2013 as head of cyber security. In 2015 he recommended that NCSC be set up as a division of GCHQ, a job he undertook the following year.
GCHQ had previously supported national cyber security in a low-key fashion through its information assurance arm CESG. NCSC took over this work and adopted a higher profile, with a head office in Victoria in London and a website featuring practical advice for individuals and organisations, including convention-busting advice on re-using and writing down passwords.
The organisation now employs around 1,000 staff with an annual budget of more than £250m, and has so far dealt with more than 2,000 cyber security incidents affecting the UK. Last October, Martin said the organisation could point to “a three-year record of strong, practical success”. In the 12 months ending August 2019, its incident-management professionals supported nearly 900 organisations after they had suffered cyberattacks, with the public sector needing the most attention.
Martin said that the public sector needs to continue to work hard to protect itself, due to a technological legacy he described as “accidentally insecure”. He added: “No one in public policy in the '90s saw the internet coming in the way that it did. We need to look at these ageing, clunky, legacy systems that run so many critical services and try and build in protection into the next generation.”
Earlier in 2019 at NCSC’s annual CyberUK conference, Martin told PublicTechnology that a category-one cyberattack causing a ‘national cyber emergency’ was “a matter of when, not if”. The event included the first British public appearance of officials from all members of the Five Eyes intelligence alliance, which comprises the UK, the US, Australia, Canada and New Zealand.
The announcement came as Martin was appointed a Companion of the Order of the Bath in the New Year's Honours for services to international and cyber security.
Former Ofcom head Sharon White was made a dame in the honour's list for her work at the telecoms regulator, while Tim Robinson, chair of the Department for International Development's digital advisory panel and chief executive of scientific analysis company LGC, was named a CBE for services to digital technology.
Government attributes 2018 campaign to Moscow and claims more assaults were planned for cancelled 2020 summer games
Tax agency says freshers could be even more vulnerable to scams as teaching moves online
Department’s annual report shows, for the first time in many years, documents or data lost from a secure government building had to be reported to the ICO. PublicTechnology finds out more...
Russia and China are increasingly operating in a ‘grey zone between war and peacetime’, according to the government
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from...
CyberArk's John Hurst argues that protecting privileged access is the best defence against unexpected cyber attacks
SAP Concur says it's time for the public sector to embrace more efficient invoice management technology
Steve Blow, tech evangelist at Zerto, explains why digital transformation efforts could be futile if local authorities don’t address and improve their IT resilience