Ciaran Martin to leave after ‘privilege of a lifetime’ setting up NCSC
Departing chief executive of cyber security centre recognised in New Year’s Honours list
Ciaran Martin will step down as chief executive of the National Cyber Security Centre, which he recommended to ministers and established.
GCHQ said it will appoint a replacement by the end of summer 2020. Martin will join King’s College, London as a visiting professor this autumn, with other positions to be announced later due to procedures governing the departure of senior civil servants.
“It has been the privilege of a lifetime to set up the NCSC and lead its brilliant people,” Martin said. “When we created the NCSC we set out to achieve something truly special, and I hope and believe we are leaving UK cyber security in much better shape. Challenges around securing technology are only going to get ever more complex so it’s right that after six and a half years that someone else takes this world-class organisation to the next level.”
- Life hacks – a year at the National Cyber Security Centre
- ‘The prospect of a category-one cyberattack is not receding’
- Five Eyes cyber summit – five things we learned
Martin, a career civil servant, joined the board of the UK’s signals intelligence agency GCHQ in December 2013 as head of cyber security. In 2015 he recommended that NCSC be set up as a division of GCHQ, a job he undertook the following year.
GCHQ had previously supported national cyber security in a low-key fashion through its information assurance arm CESG. NCSC took over this work and adopted a higher profile, with a head office in Victoria in London and a website featuring practical advice for individuals and organisations, including convention-busting advice on re-using and writing down passwords.
The organisation now employs around 1,000 staff with an annual budget of more than £250m, and has so far dealt with more than 2,000 cyber security incidents affecting the UK. Last October, Martin said the organisation could point to “a three-year record of strong, practical success”. In the 12 months ending August 2019, its incident-management professionals supported nearly 900 organisations after they had suffered cyberattacks, with the public sector needing the most attention.
Martin said that the public sector needs to continue to work hard to protect itself, due to a technological legacy he described as “accidentally insecure”. He added: “No one in public policy in the '90s saw the internet coming in the way that it did. We need to look at these ageing, clunky, legacy systems that run so many critical services and try and build in protection into the next generation.”
Earlier in 2019 at NCSC’s annual CyberUK conference, Martin told PublicTechnology that a category-one cyberattack causing a ‘national cyber emergency’ was “a matter of when, not if”. The event included the first British public appearance of officials from all members of the Five Eyes intelligence alliance, which comprises the UK, the US, Australia, Canada and New Zealand.
The announcement came as Martin was appointed a Companion of the Order of the Bath in the New Year's Honours for services to international and cyber security.
Former Ofcom head Sharon White was made a dame in the honour's list for her work at the telecoms regulator, while Tim Robinson, chair of the Department for International Development's digital advisory panel and chief executive of scientific analysis company LGC, was named a CBE for services to digital technology.
Prime minister plans to backtrack on previous decision to allow Chinese giant to play a role in next-generation telecoms
Coronavirus could be a boon for cybercriminals, but could also be an ideal time for organisations to tune up their security, writes Henry Asson of the PublicTechnology events series
Report commissioned after New Year Honours blunder cites need for greater senior accountability and finds widespread use of free consumer tools
Department says it was necessary to skip competitive process and award contract – which includes early access to Microsoft products – directly to vendor
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
CyberArk's John Hurst looks at the true cost of GDPR breaches