The NHS hack and GCHQ

It looks like the worldwide ransomware attack on Windows XP machines originates from one of the exploits in the so-called Shadow Brokers dump, a collection of exploits developed or bought by the NSA. Oliver Rivers asks: Where was GCHQ?

Well, the answer is more like: Where was CESG? Or LCSA? Through the Second World War and the Cold War, the UK maintained a structural distinction between the agency responsible for collecting signals intelligence on its enemies, and the one responsible for protecting its own systems from them. During WW2, the centre of offensive signals intelligence was at Bletchley Park, as everyone knows. It drew on resources from the secret services, from the Foreign Office, from the RAF Signals Branch’s Y Service, and from the Royal Navy. Army SIGINT became more important in the cold war.

There was also, however, a centre in London devoted to what we would now call security assurance. This agency, known as the London Communications Security Agency (or Group, or Service, or Centre – it got reorganised a lot), had the job of verifying the security of cryptographic systems developed by everyone else. As it happened, the biggest such project of the war was Rockex, created by the radio-focused Section VIII of Special Operations Executive to communicate with their spies in occupied Europe and the Far East. Rockex turned out so well that the military turned to it to distribute the intercepts from Bletchley Park to commanders in the field, and the Foreign Office used it for diplomatic communications worldwide.

We kept going rather like this. The development, and operation, of cryptographic systems was decentralised. The military, and the secret services, and industry built things, while the defensive security group (whose name changed all the time) defined standards they had to comply with and provided expert support. On the other hand, the offensive GCHQ spied on HM Enemies, however defined.

There is not a hard line between their functions. For a start, they share common technology. If you want to provide information security assurance, you need to be able to test it, which means you’re capable of spying. The technology of information security is supremely dual-use. But this is also true of classical intelligence. Kim Philby headed the counter-intelligence branch of MI6, the spies responsible for spying on the other lot’s spies. The defensive side would like to know about the attackers; the attackers often find out first from the defence.

Classical human intelligence agencies usually are divided up this way. SIGINT agencies are a bit different. GCHQ has, since 1941, had the sole right to brief the prime minister outside the Joint Intelligence Committee process with a selection of its choicest takes. This reflects an important truth about its work. SIGINT is the steroid of intelligence – whatever you think of it, whatever it does to your democratic health, it makes you stronger. It may not make you smarter, but if there is an effective crypto break of some sort, it will deliver you the other side’s literal words. Also, it can deliver quickly. One of the greatest achievements of Bletchley Park was to deliver decrypts in close to real time. In a nuclear world, this is desperately valuable.

As a result, they have always wanted to be an integral fourth service, pulling all the resources together, making their unique access and capability worth something. This was consummated in the UK when the London-based security functions were rolled into GCHQ when the new building in Cheltenham opened back in the Blair years. Terribly, something similar has happened in NSA since Edward Snowden went on the run.

The problem here is that the two missions conflict. When the offensive mission discovers something, its incentive is to hoard it. This is the hoard recently leaked. When the defensive mission discovers something, its incentive is to fix it. But only the offensive one gets to brief the prime minister. Only the offensive one drops startling insights into startling people onto the prime minister’s desk. The defensive mission can hope only for peace, and the appreciation of its professional peers so long as it is allowed to tell them. Its world is more adult, more intrinsic in motivation, more genuine in its commitment to public service. It is like the justification that the offensive side uses for its sins.

It is fairly clear that the offensive side will win the agency’s internal politics so long as the two are forced to live in the same fishtank. This cohabitation is, however, optional and somehow we did without it when it mattered most. Free CESG!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.