Two years ago, GCHQ’s annual sports day took place on Wednesday, 15 June at the Civil Service Sports Club in London. A mixed six-a-side football tournament was the centrepiece of the day, with matches kicking off at 11am sharp.
The event was a jolly for those routinely cooped up in the agency’s distinctive doughnut-shaped headquarters in Cheltenham, and they were furnished with six pages of rules and regulations to ensure fair play.
“Each team MUST field at least ONE lady player at all times,” the note said. “Appropriate footwear shall be worn. No crocs, sandals or flip-flops will be allowed. The wearing of shin-pads is COMPULSORY.”
Of all the highly classified documents about GCHQ revealed by the whistleblower Edward Snowden, this has to be one of the least sensitive. But it offers a glimpse into the world of the 6,100 people crammed into the open-plan and underground offices at GCHQ; the fact there is a sports day at all reveals something about the agency which most people outside their bubble could not appreciate.
Staff date themselves on the internal directory, “GCWiki”, by their “internet age”, a measure of how many years they have been adept on the web.
They make friends during annual family open days, or via messages on the agency’s internal version of MySpace, which they have called SpySpace.
Colleagues are likely to find people cut from the same cloth. The agency’s 2010/11 recruitment guide says GCHQ needs high-calibre technologists and mathematicians familiar with the complex algorithms that power the internet. It has room for a sprinkling of accountants and librarians. Classicists need not apply.
Nobody at Cheltenham is particularly well paid, compared to the private sector at least – a junior analyst might earn £25,000. “We can offer a fantastic mission but we can’t compete with [private sector] salaries,” one briefing note lamented.
In a world of its own, GCHQ is a complex, secret community, which is tightly bound by its location outside the capital, the nature of its people, and the secrecy in which their work has to be done.
When it was built in 2002 the “doughnut” was the biggest construction project in Europe. It is now home to a parallel world – one that mirrors the society around it while being set apart by high walls of secrecy and the vastly superior technology concealed within.
Today this intensely private organisation is under a spotlight it has never had to face before, as its methods and practices come under unprecedented scrutiny, thanks to the release of files that would otherwise have been locked away for another 30 years.
Snowden wanted to reveal the extent of the surveillance activities being undertaken by GCHQ and its American equivalent, the National Security Agency (NSA), and the stories published by the Guardian have certainly done that.
Before the 30-year-old analyst turned whistleblower, only a few people outside GCHQ had heard of “Tempora”, the programme that gives the agency access to the fibre-optic cables which carry the world’s phone calls and web traffic; only they knew it had developed an ingenious way of storing this material for up to 30 days.
Only those in the intelligence community had heard of “Prism”, another initiative that has given the NSA – and GCHQ too – access to millions of emails and live chat conversations held by the world’s major internet companies, including Google, Facebook, Microsoft and Apple.
Teams of analysts at GCHQ now have the authority and the technical capacity to tap directly into the nervous system of the 21st century and peer into the lives of others. Dig deeper into the drily worded, acronym-filled files, and there are other insights about the challenges faced by GCHQ, and its own anxieties about meeting them.
And while politicians, including the prime minister and William Hague, the foreign secretary, have led the defence of the agency from the questions posed by the recent revelations, the papers show the agency is not always at ease with itself. There is understandable concern about being left behind by technology, and a desire to drive itself on so it can continue to feed high-quality intelligence to the “customers”.
They include the government, the domestic security service, MI5, and the Secret Intelligence Service, MI6.
But the “customer” the agency frets about most is the NSA. In numerous papers, GCHQ reveals its need to keep the Americans happy, and how it regards this as an overriding priority.
It is not hard to see why; the Guardian has discovered GCHQ receives tens of millions of pounds from the NSA every year, money it has come to rely upon to build and maintain its collecting and decoding capabilities. In turn, the US expects a service, and, potentially, access to a range of programmes, such as Tempora.
Those campaigners and academics who fear the agencies are too close, and suspect they do each other’s “dirty work”, will probably be alarmed by the explicit nature of the quid-pro-quo arrangements.
Though there is evident excitement within GCHQ that new responsibilities in recent years have made it Britain’s pre-eminent intelligence agency, it has been accompanied by occasional pauses for reflection, and worry that the agency cannot cope with those demands.
In an internal document published in August last year, one of GCHQ’s most senior officers set out his fears. The officer, one of the team responsible for managing the Tempora project, used a power-point presentation to explain to colleagues the far-reaching way GCHQ’s “mission role had changed”.
He reminded his team that new techniques had given it access to vast amounts of new data or “light” – emails, phone calls and Skype conversations garnered from internet cables. But the officer was obviously disconcerted.
“Over the last five years, GCHQ’s access to ‘light’ [has] increased by 7,000%,” he explained. The amount of the material being analysed and processed had increased by 3,000%, he said – another startling admission.
“GCHQ is breaking new ground and in doing so, testing our systems and processes to the full. Our challenge today is to achieve success against tomorrow’s demands starting from yesterday’s capability.”
But he warned the agency was ill-equipped to do this: “The complexity of our mission has evolved to the point where existing mission management capability is no longer fit for purpose.”
New threats, new enemies, new challenges – the rise and rise of GCHQ
Perhaps it isn’t surprising such concerns have been raised in private around the corridors of GCHQ. Over the past decade, the agency’s portfolio has evolved into something barely recognisable to its most celebrated alumni – the Nazi code-breakers of Bletchley Park.GCHQ’s core business was always the “gathering intelligence based on intercepted communications”. It still does this, but the days of putting “clips on copper wires” to hear phone conversations are long gone.
The world has embraced –computers, tablets and mobile phones, and the need to find valuable information amid vast amounts of digital traffic created by them has become more difficult.
GCHQ has been tasked with finding the solutions, mindful that the potential rewards are high; never before has the agency had the opportunity to build such a complete record of someone’s life through their texts, conversations, emails and search records.
The use of cyberspace by criminal networks and other states to attack government departments and British businesses has opened a new dimension of silent warfare. With its technological and computing background, GCHQ has been told to defend the nation – and to develop the means for counter-attack.
Once a niche area, this is regarded by Downing Street as a “Tier One” national security priority because of the damage being done to the UK economy, and the danger of British defence secrets being stolen by stealth through sophisticated hacking attacks.
The pressure on the agency to deliver on all these fronts was made clear in GCHQ’s corporate plan for 2009, the first year in which Sir Iain Lobban was director. In his foreword, he warned colleagues the agency had to do more.
“This needs to be the year when we achieve real traction with our internet age transformation so we can continue to deliver in the future what HMG [Her Majesty’s Government] and our allies have come to expect of us.
“Over the last five years we have seen GCHQ change from being simply an intelligence producer into a genuine operational partner for the military and civilian customers.”
The report added: “Put simply, HMG expects value from GCHQ which at least matches the £1bn a year that is being invested in us each year.”
With so much now resting on the agency, its influence has spread across Whitehall. GCHQ now has liaison officers working inside MI5, MI6 and the Soca, the serious and organised crime agency. It takes the lion’s share of the £1.9bn budget for Britain’s intelligence services, and has a staff that is more than twice the size of the combined workforces of MI5 and MI6.
GCHQ also has a hefty presence in the Cabinet Office, which is responsible for setting the UK’s cyber security strategy. Defending the nation is the Cabinet Office’s priority – but from whom?
In an internal report in 2010, GCHQ described with remarkable candour the threats posed to the UK from cyberspace, eschewing the mealy-mouthed formulations adopted by ministers – and Lobban – in public.
The government has consistently maintained it is too difficult to point the finger at any particular country when it comes to cyber attacks. The 33-page report written by GCHQ’s Cyber Security Operations Centre makes a nonsense of that. Beijing is to blame, it says.
“China has a capable and very wide-ranging cyber programme targeting the full spectrum of governmental, military, and commercial targets. The Chinese mount a large number of relatively unsophisticated attacks, often using publicly known vulnerabilities and have successfully compromised networks globally.
“This assessment is based only on the attacks that have been detected, and does not preclude more sophisticated and targeted attacks from China.”
The report adds: “Allegations of Chinese involvement in cyber attacks are unlikely to deter China from carrying out similar attacks in future, or from censoring its population’s access to the internet.
“China is a major player in the global telecommunications market. In addition to the threat of industrial espionage to sustain this position, there is an inherent risk of Chinese equipment being used for intelligence purposes.
“Chinese industrial espionage comprises the single greatest threat to US technology … Various UK companies have also been targeted and large amounts of data have been lost.”
Insisting that British interests are “under sustained attack”, the paper is highly critical of Russia. It says Moscow “operates a sophisticated, mature and successful cyber programme, using an extensive global internet-based infrastructure”.
“The programme employs a wide variety of malicious software, and poses a significant threat to UK networks.
“Targeting of UK government departments is assessed to be a priority for Russia, and is likely to be ongoing. Governments, industry and academic institutions across a range of sectors have been targeted. Russia is judged to pose a threat to UK communications in a variety of countries, and UK data may be at risk due to compromises of networks outside of UK control.”
But the document says the UK has started a fightback of sorts.
“The UK is developing and testing offensive cyber capabilities, although policy is not yet in place to underpin all potential opportunities.”
No comments:
Post a Comment