GCHQ’s National Cyber Security Centre opens for business following delays

Organisation arrives to help public sector ‘manage cyber security effectively

THE MUCH DELAYED National Cyber Security Centre officially opened on Tuesday 14th February 2017 by the Queen, this Centre has been in the planning since June 2009 by Gordon Brown.

Ciaran Martin is heading up this centre based in London, near Victoria, he was formerly director general for cyber at GCHQ.

The National Cyber Security Centre is intended to be “the authoritative voice on information security in the UK”, said Matt Hancock back in March 2016 (when the government made another announcement about the NCSC), when he was a minister at the Cabinet Office.

Back then, Hancock had promised that the NSCS would open in October 2016, and added: “It will bring the UK’s cyber expertise together to transform how the UK tackles cyber security issues.

“It will be the authoritative voice on information security in the UK and one of its first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively.”

According to its chief architect, part of the reason for such a long delay in opening this new centre was due to the design and development of the Centre’s IT architecture.

The system has been built from the Government’s Technology Code of Practice with a ‘cloud first’ approach, however the provider of the cloud has not been revealed.

“The NCSC formed from several different organisations, including CERT-UK, CESG, the Centre for Cyber Assessments and part of CPNI,” he wrote in a Gov.uk blog post.

“None of the existing IT systems designed for working with OFFICIAL information met the needs of the new organisation. Nor did they strike the right balance of security, usability, and functionality required by our new mission. So we had to build something new.”

The Government Digital Service (GDS) has been asked to assist in the development, it was largely dispatched using an agile development methodology.

In terms of security, the infrastructure deployed NCSC’s own advice on securing enterprise technology, and uses the native IPsec virtual private networking clients on end-user devices, configured to use PRIME.