Analytical Review of the Public-Private-Partnership Model of the National Cyber Security Centre; a part of the United Kingdom’s Government Communication Headquarters

(1)

!

FACULTY OF GOVERNANCE AND GLOBAL AFFAIRS

INSTITUTE OF SECURITY AND GLOBAL AFFAIRS

CRISIS & SECURITY MANAGEMENT MASTER PROGRAMME

2017-2018

Master Thesis

Submitted to

Thesis Supervisor: Prof. dr. Paul H.A.M. Abels

Second Reader: Sergei Boeke LL.M

Homeland Security & Intelligence Services

The British Intelligence Security Network

Analytical Review of the Public-Private-Partnership Model of the National Cyber Security Centre; a part of the United Kingdom’s Government Communication Headquarters

Prepared by: Al Zadjali Ayoob

Student ID: s1667173

Word Count: 19.442

(Excluding Cover Page, Foreword, Table of Contents, Acronyms, Footnotes & Bibliography)

January 25, 2018

(2)

its own. It has to be a team effort. It is only in this way that we can stay one step ahead of the scale and pace of the threat that we face.”

The Right Honourable Philip Hammond, Chancellor of the Exchequer 14 February 2017 

(3)

Foreword

This Thesis has been prepared for a completion of the Master programme Crisis and Security Management at Leiden University. The Thesis analyses the network form of organisation that was invented by the government of the United Kingdom to tackle cyber security attacks against its national security.

The National Cyber Security Centre - a part of GCHQ - is the United Kingdom’s shield against cyber threats. The main motives that led me to write about this topic were several. At first, the rapid emergence of the digital world in our lives and the importance to learn from world-leading industrial countries in the mechanisms of protecting ourselves against cyber threats. Second, the personal preference of researching about topics that are relevant to national security, secret intelligence services and cyber security. Third, understanding the importance of security networks within the field of security in general, and discussing whether it is more efficient than the classical hierarchal models of leadership. Besides other minor reasons, these were basically the main factors I was driven by in choosing this Thesis topic.

The Master programme Crisis and Security Management has equipped me with a rich theoretical knowledge and analytical instruments, in order to finalise this Thesis. The courses

“Governance through Cyber Security”, “Security Networks” and “Privatisation of Crisis and Security Management” were the main subjects that created a basis for this Thesis. As these

courses taught me to think critically about the new emergence of threats, partnerships between public and private sectors and collaboration models within the field of security and crisis management.

Herewith, I would like to express my gratitude to my Thesis supervisor at Leiden University Professor Dr. Paul H.A.M. Abels for his continued supervision, guidance and patience in leading me to this stage of my academic career. His endless constructive remarks and generous critical insights were crucial in improving this Thesis, and ultimately finalising the research. I am also grateful for Mr. David Willems, Head of Monitoring and Response at the National Government of the Netherlands for generously accepting to participate in providing his tremendous insights about several topics of this study. Last but not least, I would like to thank my family and the Ambassador of Oman to the Netherlands for their endless support on many aspects.

Al Zadjali Ayoob The Hague

,

25 January 2018

(4)

Acronyms

---

6 Introduction

---

1

A. Why is the Model of NCSC Interesting? 2

B. Research Question 3

C. Societal and Scientific Relevance 4

D. Theoretical Framework and Literature 5

E. Research Concepts 6

F. Research Methods 7

G. Research Design 9

H. Thesis Structure 10

1. The Organisational Structure of GCHQ

---

11

1. GCHQ and Security Networks 12

2. Security Network Definition and the Reflection upon NCSC 13

3. The History of Cyphered Coding of GCHQ 14

Post-WWII 15

Post-Cold War 16

The Crucial Emergence of the Internet within GCHQ’s Organisational Sphere 16

4. GCHQ Organisational Structure 18

4.1. Collaboration with Governmental Partners 18

4.1.1. MI5 18

CYBER 19

4.1.2. MI6 20

Cyber Security 21

4.1.3. Public Sector Partnerships 22

4.2. Collaboration with International Partners 23

4.3. Partnering with Academia 23

4.4. Community Partnerships 23

5. GCHQ Legitimacy Assessment 24

2. NSCS a part of GCHQ - How is The United Kingdom defended from Cyber

Threats?

---

26

1. NCSC Role in the Realm of Cyber Security 27

2. NCSC Four Key Objectives 28

3. How Does NCSC Work? 29

4. How does the Partnership of NCSC Perform 32

4.1. DEFEND 32

4.1.1. Active Cyber Defense (ACD) 33

(5)

4.1.2. Building a More Secure Internet 34

Partnership Approach 35

4.1.3. Protecting Government 35

4.1.4. Protecting Critical National Infrastructure and other Priority Sectors 35

4.1.5. Changing Public and Business Behaviours 36

4.1.6. Managing Incidents and Understanding the Threat 36

4.2. DETER 38

4.2.1. Reducing Cyber Crime 38

4.2.2. Countering Hostile Foreign Actors 39

4.2.3. Preventing Terrorism 39

4.2.4. Enhancing Sovereign Capabilities - Offensive Cyber 39

4.2.5. Enhancing Sovereign Capabilities - Cryptography 40

3. Whelan’s Theory: Analytical Review of the Public-Private-Partnership of NCSC

41

1. Understanding Security Networks 42

2. Whelan Methodological Framework 43

Network Structure 44 Network Culture 45 Network Policy 46 Network Technology 47 Network Relationships 49

Conclusion

---

51 Bibliography

---

52 Appendix

---

57

(6)

(ACD) Active Cyber Defense (BHT) Barts Hospital Trust

(BIS) Department for Business, Innovation and Skills

(BJ) Blue jacket' file for signals intelligence or an individual intercept  (CBRN) Chemical, Biological, Radiological and Nuclear Weapons (CCA) Centre for Cyber Assessment

(CERT UK) Computer Emergency Response Team UK (CESG) Communication-Electronics Security Group (CiSP) Cyber Security Information Sharing Partnership (CNE) Computer Network Exploitation

(CO) Cabinet Office

(CPNI) Protection of National Infrastructure

(CW) Cold War

(DDCMS) Department of Digital, Culture, Media and Sport (DHA) Australian Department of Home Affairs

(FBI) Federal Bureau of Investigations (FCO) Foreign and Commonwealth Office (FVEY) Five Eyes

(GC&CS) Government Code and Cypher School (GCHQ) Government Communications Headquarters (GCT) GCHQ Certified Training

(GDPR) General Data Protection Regulation (HMG) Her Majesty’s Government

(HMRC) Her Majesty's Revenue and Customs (HUMINT) Human Intelligence

(IA) Information Assurance

(ICT) Information and Communication Technology (IRA) Irish Republican Army

(IS) Islamic State

(ISC) Intelligence and Security Committee of the United Kingdom

(KGB) The Intelligence & Internal Security Agency of the former Soviet Union (MI5) Security Service

(MI6) Secret Intelligence Service

(MOD) Ministry of Defence in the United Kingdom (MP) Members of Parliament

(NATO) North Atlantic Treaty Organization (NCA) British National Crime Agency

(NCSC) National Cyber Security Centre in the United Kingdom (NCSS) National Cyber Security Strategy of the United Kingdom (NCCU) National Cyber Crime Unit

(NHS) National Health Service

(NOCP) National Offensive Cyber Programme (NSA) National Security Agency

(NSC-THRC) The National Security Council for Threats, Hazards, Resilience and Contingencies (NSC-THRC-O) NSC-THRC-Officials group

(NSS) The National Security Strategy in the United Kingdom (NTA) National Technical Authority

(OCSIA) Office of Cyber Security and Information Assurance (PPP) Public-Private-Partnership

(ROCUs) Regional Organised Crime Units (SIGINT) Signals Intelligence

(SSC) Secret Service Committee

(SU) Soviet Union

(UCC) United Cyber Caliphate (UK) The United Kingdom (USA) The United States of America (WMD) Weapons of Mass Destruction (WMF) Whelan Methodological Framework 

(7)

Introduction

The model of the Public-Private-Partnership (PPP) has significantly been implemented by various governments including the United States of America (USA) and the United Kingdom (UK), as a model to transact with a large-scale of security-related matters. The practice became more intense in the beginning of the 90's, when the privatisation of the critical infrastructure was referred to be economically beneficial to the state, contributing in liberating capital and aiming considerably on the efficiencies and business practices of the private sector. 1

Cyber security has been emerging as one of the main disciplines in the arena of information technology for policy makers and scholars. Various governments have initiated programmes, in order to 2 establish coherent national cyber security strategies that specify new manners of resolving diverse wicked problems. In order to clarify the direction this Thesis aims at, the research question is addressed 3 as follows: What are the advantages and disadvantages of the Public-Private-Partnership organisational model of the Government Communications Headquarters in dealing with national cyber security affairs, on the basis of Whelan's framework of analysis?

As any country in this interconnected globe, the UK’s prosperity relies on the Internet. The successes of the public and private sectors rely on the capability to function effectively and safely online. The Internet is connected to invisible number of networks, which constitute important aspects of people’s daily lives. Nevertheless, the dark side of the Internet should not be marginalised. The diversity of risks some Internet users impose, varies from stealing bank accounts details or valuable intellectual property from UK corporations to the dissemination of terrorist propaganda and spread of false intelligence through digital means. This will inevitably cause considerable losses on the UK economy 4 and national security. As a consequence of this, cyberspace offences have been categorised as a Tier one threat in the UK’s 2010 National Security Strategy, beside Terrorism, War and Natural Disasters. As a 5 result, and in October 2016, the Government Communications Headquarters (GCHQ) in the UK invented the National Cyber Security Centre (NCSC) to seek to identify and tackle cyber threats through a PPP model between different actors through different techniques from different disciplines. The agency prevents variety of risks that threaten national security of the country. 6

In countries where critical infrastructure systems in areas such as utilities, finance and transportation have been privatised, it has been evidenced that the notion of PPP plays a key role in mitigating different forms of threats. In the UK, the PPP has frequently been referred to as the 7 “cornerstone” or “hub” of cyber security strategy. Nevertheless, inquiries have been addressed 8 regarding the potential chances of having a conflict of interests under PPPs between both sectors by policy-makers and market traders. The main idea of applying the PPP model was to establish a new mechanism for addressing both traditional and non-traditional security threats. In the cyber security 9 context, this arrangement is uniquely problematic, because the parameters of such a model of a partnership have persistently been vague and overlapping concerning the public and private interests. 10 This is owing to the fact that policy-makers insist state authorities to rigorously enhance cyber security

Madeline Carr, “Public-private partnership in national cyber-security strategies,” International Affairs 92, no. 1 (2016): 48

1

Carr, “Public-private partnership in national cyber-security strategies,” 43

2

3

Francis Maude, The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world (London: Cabinet Office, 2011), 15

4

David Cameron and Nick Clegg, A Strong Britain in an Age of Uncertainty: The National Security Strategy (London: Parliament Office,

5

2010), 27

Sir Malcom Rifkind, Intelligence and Security Committee: Annual Report 2010-2011 (London: Cabinet Office, 2011), 17

6

7

Maude, The UK Cyber Security Strategy, 28

8

Max G. Manwaring, “ The New Global Security Landscape: The Road Ahead,” Low Intensity Conflict & Law Enforcement 11, no. 2-3

9

(2002): 198

10

(8)

measures by law, and this simultaneously contradicts with the private sector’s aversion of accepting accountability for national security. This lack of harmony consequently makes the lines of the PPP model blurry and overlapping.

President Obama reflected on this lack in harmony and raised questions regarding the effectiveness of a market-driven concept method to cyber security. He was questioning to what extent states can be perceived to be relinquishing not only the authority but the responsibility for national security. Providing security for states inhabitants is a core value of the state. Thus, it is a delicate issue 11 for the government to pass on its responsibility in this area partially to the private sector as well. 12 Fundamentally, this attracts additional questions regarding what extent states own the necessary apparatus to afford national security in this context. Also, how far the existing policies and practices of homeland security are skilled to encounter these new concepts of threats. Such questions have been frequently asked in political debates.

For this Thesis, Whelan’s Methodological Framework (WMF) of analysis of security networks will be applied to examine the model of NCSC. Whelan represents an innovative qualitative study of networks in national security, where he develops his network literature from disciplines such as organisational theory; Whelan uses a methodological framework that involves five interdependent levels of analysis. These levels of analysis are Structure, Culture, Policy, Technology and Relationships that are applied, in order to account for the internal dynamics that promote the effectiveness of networks. This 13 methodological framework will be applied for this research; however, the two main differences will be first, studying the British case study, and secondly, examining national cyber security as a research subject, rather than the Australian counter-terrorism security networks strategy that was examined by Whelan. Moreover, this paper will shed the light on the leading role the NCSC is playing collectively with its partners from the public and private sectors in constituting a security network, to help and protect the UK from any threats internally and externally. By discussing the advantages and disadvantages of this collaborative approach, the final outcome of this paper will depict on what is deemed as a successful common ground of collaboration of institutional security networks, through the analysis of the potential risks and/or uncertainties.

A. Why is the Model of NCSC Interesting?

The people across the UK significantly depend on the services and information that exist in cyberspace. Moreover, it is an important component of a number of inhabitants’ jobs, and many of them rely on cyberspace for commerce, research, and social activities. Modern businesses, government, and critical national infrastructure are similarly dependent on this new domain activity. The partnership framework 14 of NCSC is a unique practical recent national experience that was invented to deal with cyber threats. And after completing the first anniversary of it last October, it is worth to be examined academically.

In order to counter threats that are integrated into these areas, the NCSC on behalf of GCHQ works collectively with different groups of organisations internally and externally. Generally speaking, it works with the following:

Barack Obama, “Remarks by the President on Securing Our Nation's Cyber Infrastructure,” broadcasted May 2009 at the White House,

11

Washington DC . [Accessed October 17th, 2017], https://obamawhitehouse.archives.gov/the-press-office/remarks-president-securing-our-nations-cyber-infrastructure

Myriam Dunn-Cavelty, and Manuel Suter, “Public–Private Partnerships Are No Silver Bullet: An Expanded Governance Model for

12

Critical Infrastructure Protection,” International Journal of Critical Infrastructure Protection 2, no. 4 (2009): 181

Chad Whelan, “Network Dynamics and Network Effectiveness: A Methodological Framework for Public Sector Networks in the Field of

13

National Security,” The Australian Journal of Public Administration 70, no. 3 (2011): 275

Gordon Brown, The National Security Strategy of the United Kingdom: Update 2009 Security for the Next Generation (London: Cabinet

14

Office, 2009), 102

(9)

• Academia, in order to establish the cyber competencies required in protecting the UK on a daily basis;

• Public and private sectors, in order to provide threat intelligence and expert advice on keeping information safe;

• Law enforcement to identify online crime and make the digital world safer for users daily lives; • Those who own and function the British critical national infrastructure, in order to assert the

persistence of the crucial services that depend on digital networks. For instance, by providing 15 intelligence and working closely with the British National Crime Agency (NCA) and the Federal Bureau of Investigations (FBI), GCHQ contributed in the distortion of a sophisticated criminal conspiracy known as “GAME OVER ZEUS”, which had negatively impacted almost a half millions of Internet consumers globally, including 15,000 in the UK. 16

B. Research Question

The research funnel was derived from a number of factors. First, a research was conducted about the historical background of PPP in the field of national cyber security, specifically in a number of neoliberal democratic states. Second, the emergence of the PPP in the realm of cyber security was overviewed. Third, the idea of security networks was studied through the course of Security Network in the Master program of Crisis and Security Management at Leiden University. Fourth, a sharp idea was evolved around the model of NCSC, the recent organ of GCHQ in the UK. The roles, responsibilities and the objectives of NCSC were investigated. Sixth, WMF was selected chosen to be the main perspective of analysing the findings. As a result, these accumulated components have yielded to the research question and the subquestions as its shown in Figure 1.

Research Question

What are the advantages and disadvantages of the Public-Private-Partnership organisational model of the Government Communications Headquarters in dealing with national cyber security affairs, on the basis of Whelan's framework of analysis?

Sub-questions

a. What does the organisational structure of GCHQ consist of in the United Kingdom?

b. How does GCHQ benefit from and incorporate the intelligence of cyber security provided by public and private parties?

c. What are the tasks and responsibilities of the NSCS and its partners in terms of discovering and defending cyberspace against threats?

d. To what extent the five interdependent levels of analysis of Whelan's methodological framework of security networks contribute to understanding the effectiveness and dynamics of NCSC as a security network?

“What we do,” The cyber threat, GCHQ, [Accessed October 14th, 2017], https://www.gchq.gov.uk/features/cyber-threat

15

GCHQ, “What we do.”

16

(10)

C. Societal and Scientific Relevance

Societal Relevance

The decreased demand for defense research after the Cold War (CW) that made homeland security a less compelling reason to support technology research and developments. President Clinton’s 17

administration foreign and economic policies were about to initiate an innovative collaborative methodology. The main notion behind this collaborative approach was to expand his democratic ideas through commerce, the promotion of human rights, as well as internationalising and liberating trade markets collectively, in order to create a model of ideological/economic grand strategy. As a 18

consequence of this shift, and by the year 1992, President Clinton declared how these ideas should be implemented by declaring that “Every dollar we take out of military research and developments (R&D) in the post-CW era should go to the R&D for commercial technologies, until civilian R&D can match and eventually surpass our CW military R&D commitment.” Considering these facts, Stiglitz and 19

Joseph E. Stiglitz and Scott J. Wallsten, “Public–private technology partnerships: promises and pitfalls,” American Behavioral Scientist

17

43, no. 35 (1999): 57

Carr, “Public-private partnership in national cyber-security strategies,” 46.

18

William J. Clinton, “Remarks at Wharton School of Business, University of Pennsylvania, 16 April 1992, http://www.ibiblio.org/nii/

19

econ-posit.html [Accessed October 15th, 2017]

Page ! of !4 60

Historical Background of Public-Private-Partnership in National Security Emergence of Public-Private-Partnership in Cyber security Domain

Security Networks NCSC a part of GCHQ

Roles, Responsibilities and Objectives

Application of WMF

RQ

(11)

Wallsten explained that the President’s vision regarding these conditions has led to the idea of PPP, which aimed to contribute in the commercial sector. They also added that the common practical ground 20

regarding these PPPs has been laid out in the 80’s; however, President Clinton's initiative made them “the centrepiece of its technology programs.” 21

In the realm of cyber security, the PPP has significantly been implemented by a various number of governments including the USA and the UK, as a model to transact with a large-scale of security-related matters. The practice became more intense from in the beginning of the 90's, when the 22

privatisation of the critical infrastructure was considered as economically beneficial to the state, liberating capital and aiming considerably on the efficiencies and business practices of the private sector. 23

Therefore, the societal relevance of this Thesis is mainly to assess the approaches that are attributed by NCSC a part of GCHQ, in terms of dealing with cyber threats through the exchange of information and expertise in a neoliberal country such as the UK. The security network of NCSC is a modern example of PPP that aims at maintaining the national security and preventing cyber security threats. Hence, t24 his paper will attempt to comprehend the mechanisms of this collaboration between agencies based on WMF. The roles of each agency, regulations, limitations and partnership methods will extensively be analysed and discussed, in order to obtain a clear overview before representing the advantages and disadvantages of this partnership.

Scientific Relevance

The scientific relevance of this paper is to explicitly analyse the organisational structure of GCHQ and therefore, the security network of NCSC that deals with national cyber security affairs, as it has been frequently mentioned so far, on the basis of WMF.

Whelan argues that both public administration and security increasingly take place with and through networks and that insufficient information is known about security networks. In his analysis, Whelan analysed the dynamics and effectiveness of the Australian Department of Home Affairs (DHA) strategy as a network. He studied the organisational structure of counterterrorism from the new 25 American re-organised perspective of homeland security that followed the 9/11 attacks, which has changed the entire structure into the “inter-agency” collaboration approach in the US Homeland Security.

Owing to the insufficient literature, the knowledge gap that will be accomplished is to study a new country through WMF, with a specific area of study on Britain’s GCHQ regarding national Cyber security. More specifically, from five interdependent levels of analysis, structure, culture, policy, technology and relationships.

D. Theoretical Framework and Literature

Intelligence

The main mission of the British Intelligence is to afford the British government with a global covert capability. In the context of cyber security, Intelligence is gathered clandestinely, in order to prevent and

Stiglitz and Wallsten, “Public–private technology partnerships,” 57

20

Stiglitz and Wallsten, “Public–private technology partnerships,” 58

21

Stephan H., Linder, “Coming to Terms With the Public-Private Partnership,” American Behavioral Scientist 43, no. 1 (1999): 43

22

23

24

Whelan, “Network Dynamics and Network Effectiveness,” 275.

25

(12)

detect serious crimes, promote and defend national security and economic assets of the UK from 26

“hostile actors”. Non-state actors who exploit cyberspace to execute espionage operations and/or launch damaging computer network attacks, through activities that are politically motivated, which ultimately endanger national security. The three primary agencies in the UK are GCHQ, the Security Service 27

(MI5) as well as the Secret Intelligence Service (SIS, commonly known as MI6). They operate under a strict legal framework. The nature of the secretive conditions of the intelligence agencies does not 28

disregard that operations are executed within fine lines of a legal framework and report to government mesenteries. 29

Cyber Security

The definition of cyber security includes “strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.” Owing to the non-existence of a fixed definition of cyber security in 30

the UK Government, the definition selected for this paper is influenced by the US notions. Nevertheless, the term had to be brought into a certain context that has a sense of alliance. In other words, the context of the Five Eyes (FVEY) can be referred as a focal perspective of identifying the term. Briefly speaking, FVEY is an intelligence agreement of alliance between USA, UK, Canada, Australia and New Zealand. Considering that FVEY represents an official agreement of alliance in intelligence exchange, 31

the US definitions are applicable to this case study in the British context.

Security Networks

“In network analysis, a network can be defined as a set of actors, or ‘nodes’, that have relationships, or ‘ties’. The ‘actors’ and ‘relationships’ are specified by the researcher. Actors can be people, groups, or organisations, for example. Relationships can be of any type, and each type can define a different network. Thus, in theory, a set of actors can have many different relationships that can be understood as separate networks even though there can be a correlation between them.” 32

E. Research Concepts

National Security in the Field of Cyber Security

The National Security Strategy of the UK, 2009; stated the importance of maximising UK’s competitive advantage through the protection of the digital and communication networks industries in the country, as main pillars of having a strong infrastructure that maintains national security and protects national interests from digital threats. Furthermore, discovering potential, genuine attacks and countering them 33

“Our Mission,” Our Operations, Secret Intelligence Service MI6, [Accessed October 19th, 2017],

https://www.sis.gov.uk/our-26

mission.html

“How We Work,” Gathering Intelligence, SecurityService MI5, [Accessed October 19th, 2017],

https://www.mi5.gov.uk/gathering-27

intelligence; “What We Do,” Cyber, SecurityService MI5, [Accessed October 19th, 2017], https://www.mi5.gov.uk/cyber

Mark Phythian, “The British experience with intelligence accountability,” Intelligence and National Security 22, no. 1 (2007): 75

28

MI6, “Our Mission.”

29

Barack Obama, CYBERSPACE POLICY REVIEW: Assuring a Trusted and Resilient Information and Communication Infrastructure

30

(Washington DC: Department of Homeland Security, 2009), iii

Andrew O’neil, “Australia and the ‘Five Eyes’ Intelligence Network: The Perils of an Asymmetric Alliance,” Australian Journal of

31

International Affairs 71, no. 5 (2017): 529

Chad Whelan, Networks and National Security: Dynamics, Effectiveness and Organisation (Deakin: Ashgate Publishing Ltd., 2012). 24

32

Brown, The National Security Strategy of the United Kingdom, 49

33

(13)

such as attacks launched by organised criminals, terrorists, foreign intelligence and in conventional state-led espionage and warfare, through the use of digital means like computers, smart devises, radio communications, supply chains and potentially high power radio frequency transmissions, to gather intelligence, spread false information, interfere with data or disrupt the availability of a vital system. 34

Public-Private-Partnership

The UK Cyber Security Strategy states that achieving the goal of safe, secure Internet will require everybody, the private sector, individuals and government to work together. Just as we all benefit from the use of cyberspace, so we all have a responsibility to help protect it. With specific reference to the 35 role of the private sector, it states that there is an expectation that private-sector entities will work in partnerships with each other, Government and law enforcement agencies, sharing information and resources, to transform the response to a common challenge, and actively deter the threats that are encountered in cyberspace. 36

Whelan’s Methodological Framework

Several attempts have been made to constitute a theoretical framework that bind inter-organisational networks, that attempt to reflect properties of coordination between numbers of networks. Whelan 37

draws an analysis on organisational theory, management and public administration to analyse the dynamics and effectiveness of networks, where he argues that a multi-disciplinary perspective on security networks is required, in order to analyse and understand security networks. He proposed a 38

multi-level theoretical framework that involves five interdependent levels of analysis: Network Structure, Network Culture, Network Policy, Network Technology and Network Relationship. Each of 39

these perspectives will be applied to the practices of the NCSC, in order to draw a comprehension of the security network from Whelan’s perspective regarding security network.

F. Research Methods

In this research, the data gathering method that will be conducted will be the triangulation method. This means that document analysis, desk research and interviews will be the approaches that will be validated through cross verification. In this manner, an elaborated and balanced structure will be formulated, which will gradually increase the internal validity. Furthermore, this research is a qualitative research that testifies an innovative analytical framework that was invented by Chad Whelan. Therefore, the research question will intend to testify his theory on a different case and in a different area of national security than what he represented in his literature of “Networks and National Security: Dynamics, Effectiveness and Organisation”.

Document Analysis

Documents will systematically be investigated on the basis of a critical examination. Policy and strategic documents will be analysed, as well as a literature review about GCHQ’s model of partnership in dealing with national cyber security threats.

Brown, The National Security Strategy of the UK, 102

34

Francis Maude, The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world (London: Cabinet Office, 2011), 22

35

Maude, The UK Cyber Security Strategy, 23.

36

Whelan, Networks and National Security, 91

37

Whelan, “Network Dynamics and Network Effectiveness,” 275

38

39

(14)

Desk Research

Desk research will be conducted on a number of literature that have been gathered from three digital libraries, such as Leiden University, Glasgow University and Fraser University in Canada. The reason for using more than one scholarly search engine is to gather as many academic sources as possible about the research topic and produce a research paper that will be beneficial for students as wells for practitioners in the field of security and crisis management.

Interview

An interview will be conducted with Mr. David Willems, who is Head of Monitoring and Response at the National Government of the Netherlands. Mr. Willems insights will be crucial in this research, owing to his background in the field of cyber security. Furthermore, a number of questions will be addressed in order to specify the common tensions that occur between security network members in establishing a functional common ground of cooperation. As well as adding diverse perspectives on this area of study to support and validate the findings.

(15)

G. Research Design

An overview of the research design can be examined in the visualisation as its shown in Figure 2. The reason for the selection of this type design will be explicitly explained in the following sections of this chapter.

Design

In order to answer the central research question, an explanatory-qualitative research will be conducted. The main motives for choosing this design is to conduct an explicit (in-depth) analysis of a certain national strategy in cyber security to have it as a reference for other nations. Furthermore, this paper will apply an embedded (multiple units of analysis) case study design. Both the Public and Private partnership of the GCHQ will be addressed; in order to apply WMF’s to test the effectiveness and dynamics of the security network. As a result, the conclusions regarding the unit of analysis can be addressed with more certainty, and thus add reliability to the internal validity.

Sampling

The type of sampling for this research paper’s sources is the “snowballing sampling” where the examination of the researcher will be addressed in evaluating the common ground the PPP of NCSC. The reason for choosing this type of sampling is to investigate the structure of the partnership NCSC is

Page ! of !9 60 Figure 2 - Research Design

(16)

providing on behalf of GCHQ and therefore, testifying WMF to this case study. Additionally, the method is cost-effective and time-effective as well.

Unit of Analysis and Unit of Observation

The NCSC is chosen as the unit of analysis, owing to the fact that it is one of the leading intelligence agencies in the world. Thus, analysing the model of PPP from a new aspect as WMF is offering will serve as a beneficial study regarding the PPP models in cyber security. Within the unit of analysis, the public and private sectors are chosen because they are the main actors of the security network. The indicators that were addressed earlier are beneficial in terms of comprehending the characteristics of the research concepts. Because of the inclusion of operationalisation, the internal validity is credible. Regarding the external validity, the form of partnership will be examined and the common ground of the partnership of the GCHQ’s security network will be discussed. Although the British experience cannot be generalised to the whole world, the external validity regarding the generalisation of the partnership model of such a security network of cyber security will be increased.

H. Thesis Structure

This Thesis will be divided into three chapters, excluding the conclusion. The four sub-question will be answered through the course of the chapters, which will eventually yield to answering the main research question.

The first chapter will answer to the first two sub questions: “What does the organisational structure of GCHQ consist of in the United Kingdom? and “How does GCHQ benefit from and incorporate the intelligence of cyber security provided by public and private parties?” The chapter will analyse the organisational structure of GCHQ as the main British Intelligence Agency. Owing to the two facts, first, the limitations of the Thesis word counts and, second, the significant events the GCHQ have gone through historically, the chapter will concentrate on the components and experiences that led the GCHQ administration to decide to establish the NCSC in October 2016. Tasks, responsibilities and actors involved in the organisational structure of the GCHQ will be illustrated explicitly.

The second chapter will answer to the third sub-question: “What are the tasks and responsibilities of the NSCS and its partners in terms of discovering and defending cyberspace against threats?” The main focus will be on the NCSC as a security network and its partners’ tasks and responsibilities as network members. In addition to that, the characteristics of the PPP model the security network resembles will be addressed thoroughly.

The third and final chapter will answer to the third sub-question: “To what extent the five interdependent levels of analysis of Whelan's methodological framework of security networks contribute in understanding the effectiveness and dynamics of NCSC as a security network?” This will be the analytical chapter where WMF will be discussed and thereafter applied to the unit of analysis, which is, in this case, the NCSC. Consequently, the advantages and disadvantages of this partnership will be addressed before concluding the research.

(17)

1. The Organisational

Structure of GCHQ

(18)

This chapter will illustrate upon GCHQ’s components as an organisational structure in general, and will eventually yield to how GCHQ, on behalf of the UK government, has decided to establish a single and central body for cyber security at a national level. In addition to that, the term “Security Network” and the typology of NCSC as a partnership model will be addressed. Moreover, the structure of GCHQ with its partners’ characteristics will be discussed. Finally, the legal framework of the intelligence operations of GCHQ will be examined.

1. GCHQ and Security Networks

In the field of criminological and security studies, networks are argued to be leading organisational paradigms from which to understand security. Furthermore, it is argued that security is increasingly 40 pursued through networks comprising several different actors. GCHQ is the leading British secretive 41 organisation. For many years, GCHQ has been the UK’s considerable and yet the most elusive intelligence service agency. During the course of these years, the agency has been leading a large number of employees than the MI5 and MI6 combined have had and had the privilege of the lion’s share of Britain’s secret service budget. Its outcome, as commonly known as signals intelligence (SIGINT), invented most of the clandestine information to policy-makers during the CW. Ever since; GCHQ became the most considerable in an increasingly “wired” globe. As it is positioning the main 42 leadership in structuring the nation’s clandestine state, GCHQ established a significant a new headquarter, which was considered the largest secret service building project in Europe in 2003. Whilst 43 the agency is becoming more important than ever nowadays, it is still the entity the public knows the minimum about until the Snowden’s revelations went viral in 2013. 44

Businesses and individuals are becoming reliant on cyberspace through the usage of their emails and other forms of communications such as Internet banking and shopping and so forth. In the last three months, the Office of National Statistics in the UK conducted a survey, which revealed that more than 45.9 million adults are daily Internet users. Nevertheless, they are unprotected from different forms of 45 threats. GCHQ referred to the popular domains where Internet users should consider having sufficient 46 knowledge and awareness about, in order to protect themselves from cyber attacks. These nine domains are parts of the Risk Management Regime of the NCSC, where the agency is providing educational materials for Internet users and organisations that function through cyberspace. These arenas and are addressed as follows: “Network Security, Malware Prevention, Removable Media Controls, Secure

Configuration, User Education and Awareness, Managing User Privileges, Incident Management, Monitoring and Home and Mobile Working Policy” Furthermore, the British Intelligence and Security 47 Committee (ISC) 2008-2009 report addressed concerns regarding the potential risks posed to the UK Government, critical national infrastructure as well as industries from cyber attacks, and suggested that the UK accord cyber security a significant attention as a national security issue. 48

David Willems, interview with Al Zadjali Ayoob, (The Hague, January 25, 2018)

40

41

Aldrich Richard, GCHQ: The uncensored story of Britains most secret intelligence agency (London: HarperPress, 2010), 1

42

Aldrich, GCHQ, 9

43

Edward Snowden is a former CIA employee who copied and then leaked classified information from the NSA in 2013 with an absence of

44

a legal permission. His has been referred to as a whistleblower when he revealed a significant amount of information the NSA and GCHQ were dealing with through their cooperation with telecommunication companies and European governments. For additional info about Snowden’s case: http://www.bbc.com/news/world-us-canada-22837100

“Internet users in the UK,” Office for National Statistics, Main points, [Accessed December 14th, 2017], https://www.ons.gov.uk/

45

businessindustryandtrade/itandinternetindustry/bulletins/internetusers/2016 Rifkind, ISC Annual Report 2010-2011, 53

46

“10 Steps To Cyber Security NCSC,” NCSC a part of GCHQ, 10 Steps: Executive Summary, [Accessed January 7th, 2018], https://

47

www.ncsc.gov.uk/guidance/10-steps-executive-summary

David Cameron, Government Response to the Intelligence and Security Committee’s Annual Report 2008–2009 (London: Cabinet Office,

48

2010), 2

(19)

The Cabinet Office (CO) announced the National Cyber Security Strategy of the UK (NCSS) for the first time in 2009. The strategy declared that cyber security is “an urgent and high-level problem 49 which cannot be ignored.” A year later, the chief of the MI6 informed the Committee that the entire 50 inquiry regarding cyber security is shooting up everybody’s agendas. The National Security Strategy 51 (NSS) in 2010 added that “hostile attacks on the UK’s cyber space by foreign states and a large scale

cyber crime” as a Tier one risk to the Kingdom. 52

Concerning the protection of information and technical assurance, the Information Assurance and Communication-Electronics Security Group (CESG), was the domestic technical authority for Information Assurance (IA) services for many years. CESG’s main objective was to complete GCHQ’s 53 missions in providing IA services to a growing customer base through different sources; nevertheless, CESG was mostly responsible for the protection of the banking transactions and transactions that are related to the private sector. 54

In October 2016, a new organ at GCHQ’s structure was invented named NCSC, which replaced CESG, the Centre for Cyber Assessment (CCA), Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the Centre for the Protection of National Infrastructure (CPNI). In order to strengthen the organisational impact in providing protection and guidance in 55 mitigating cyber attacks to the national interests in the UK, NCSC has initiated a partnership scheme called “Industry 100” where it clarified the roles and strategy to the organisations in the UK for further partnership between the public and private sectors. On the basis of this, it is essential to understand the 56 definition of the term “Security Network” to obtain an explicit idea about NCSC functioning.

2. Security Network Definition and the Reflection upon NCSC

Professor Chad Whelan, a senior lecturer whose expertise is oriented in areas of criminology and terrorism, risk and security claims that there is no global definition for the term. Nevertheless, he has 57 his academic definition where he refers to a security network as “a network in which a set of ‘actors’

have formed ‘relationships’ to advance security-related objectives”. Dupont had a more specific 58 perspective in the context of the security network definition than Whelan, as he defined security network as “A set of institutional, organisational, communal or individual agents or nodes … that are

interconnected in order to authorise and/or provide security to the benefit of internal and external stakeholders.” This definition includes institutions, organisations and individuals, to represent the term 59 “actors” that was used by Whelan. He also argues that security networks are formed in order to

distribute resources, responsibilities and risk more efficiently and effectively than hierarchical organisational designs. Although this Thesis will implement Whelan’s levels of analysis, Dupont 60 definition of security networks is the closest description of NCSC network structure.

David Cameron, Cyber Security Strategy of the United Kingdom safety, security and resilience in cyber space (London: Cabinet Office,

49

2009), 9

Rifkind, ISC Annual Report 2010-2011, 53-Cm 7807

50

51

52

Kim Howells, Intelligence and Security Committee: Annual Report 2009-2010 (London: Cabinet Office, 2010), 9

53

Howells, ISC Annual Report 2010-2011, 9-Cm 7807

54

Rifkind, ISC Annual Report 2010-2011, 17, 18

55

“What is Industry 100,” National Cyber Security Centre INDUSTRY 100, [Accessed November 30th, 2017], https://www.ncsc.gov.uk/

56

information/industry-100

Whelan, “Understanding networks,” 15

57

Whelan, “Understanding networks,” 19

58

Benoît Dupont, “Security in the age of networks,” Policing & Society 14, no. 1 (2004): 78

59

Chad Whelan, “Understanding Networks: Network Analysis, Network Organisations and Security Networks,” Networks and National

60

Security: Dynamics 1, (2012): 19

(20)

Moving further to the typologies of a security network and the reflection of that to NCSC. NCSC network acquires the majority of the characteristics that of an “Institutional Security Network”. However, it acquires and lack simultaneously some characteristics from the other three typologies described by Dupont as well “Local, International and Technological”. Regarding this overlap in definitions, Dupont argues that none of the existing security networks corresponds entirely to one of the four ideal-types and they share common features between each other. 61

Dupont description of institutional security networks is characterised to be elaborately targeting to facilitate inter-institutional bureaucratic projects or pool respires across governmental agencies, primarily found in decentralised policing systems, where local organisations lack the absolute resources to establish and maintain costly structures. He adds that private sector industries are less likely to be 62 involved within the institutional security networks. The difference with NCSC is that it is possible to 63 involve organisations from the private sector and these private industries will have to match certain regulations and bureaucracy to ensure the clandestine standards the GCHQ is requesting for. As a result, the technological services provided by these industries emerge as characteristics of NCSC. Dupont believes that the exponential development of the Information and Communication Technology (ICT) around the globe has been instrumental in the collapse of all sorts of barriers that previously corseted institutions, organisations, communities and individuals inside limited roles and responsibilities. 64 Therefore, it can be argued that NCSC shares features from the “Technological” typology of security network besides the institutional features as well.

Regarding the security-related issues, or what is so-called “wicked problems” NCSC is dealing with, it is essential to identify the term at first. O’Toole defines wicked problems as “Challenges that

cannot be handled by dividing them up into simple pieces in near isolation from each other.” On 65 behalf of GCHQ, the category of wicked problems the NCSC is dealing with are mainly related to cyber security. These issues cannot be divided into one cause, as they are a result of accumulative forms of 66 components. Therefore, they are referred to as wicked problems. An example of a wicked problem, where a number of security-related issues are emerged in was conducted by the Islamic State in Iraq and Syria (ISIS). The terrorist group uses cyberspace to commit attacks that threaten national security in the UK. In January 2016, ISIS published a video where their combatants were sending threatening messages to David Cameron and the speaker of the House of Commons John Bercow. Moreover, ISIS uses social 67 media platforms such as Twitter and Facebook in spreading their ideologies and messages, which attract individuals to join them and execute attacks in the West. 68

3. The History of Cyphered Coding of GCHQ

During WW1, the UK’s Navy and Army were relying on separated signals, where each of them had its own intelligence agency, MI1b and NID25, formally known as “Room 40”, respectively. In 1919, the 69 Secret Service Committee (SSC) suggested that a peacetime code-breaking agency must be established,

Dupont, “Security in the age of networks,” 79

61

Dupont, “Security in the age of networks,” 80, 81

62

63

64

Laurence J. O’Toole, “Treating networks seriously: Practical and research-based agendas in public administration,” Public

65

Administration Review 57, no. 1 (1997): 46 Rifkind, ISC Annual Report 2010-2011, 53, 54

66

The Times of India. “ISIS Threatens UK In New Propaganda Video With The Final Messages”. YouTube video, 1:11. Posted [January

67

2016]. https://www.youtube.com/watch?v=j5ESfLzFbjw

Kenza Berrada and Marie Boudier, Can ISIS’s cyber-strategy really be thwarted? (Paris: ESSEC Business School, 2016), 2

68

Aldrich, GCHQ, 14, 15

69

(21)

which was a task assigned to the Director of Naval Intelligence by then. Next, both MI1b and NID25 70 emerged into a new organisation named “Government Code and Cypher School (GC&CS)” which included approximately 30 officers and a similar amount of clerical staff members. The main function 71 of the new organisation was to provide guidance to the security regarding the codes and cyphers that were used by the governmental sectors and to assist in their provision. Nevertheless, the organisation 72 also had clandestine directives to examine the procedures of cypher communications implemented by foreign intelligence. On November 1, 1919, the GC&CS was officially invented and initiated its 73 premier decrypt on October 19. 74

Prior to WWII, GC&CS was an insignificant branch. In 1922, the prime concentration of the GC&CS was relevant to the foreign affairs. In 1925, GC&CS was co-located with MI6 “known as SIS 75 by then” at the same building. GC&CS’s main task was to decrypt messages and distribute them in

blue-jacketed (BJ) files. Ever since that period, GC&CS was successful in decrypting the Soviet Union 76 (SU) foreign intelligence cyphers.

While WWII was running, GC&CS was concentrating on the German Enigma machine and Lorenz cyphers besides other alternative systems. The Enigma machine was invented by Arthur 77 Scherbius at the end of WW1. The reason for this invention was to protect trade, diplomatic and military communications.. On the other hand, the Lorenzo cypher represents a series of rotor stream cypher 78 machines that were implemented by the German military during the WW1 as well. 79

Post-WWII

In 1940, GC&CS was dealing with the codes and cyphers that were used in the diplomatic sphere of more than 25 states, combatting over 150 diplomatic crypto systems, and in June 1946, GC&CS was renamed the Government Communications Headquarters. GCHQ was located in Eastcote in the 80 beginning and was transferred to the suburbs of Cheltenham, where the agency was setting the two locations of Oakley and Benhall. 81

The agency had an insignificant profile amongst the media until 1983, when the trial of Geoffrey Prime, the Intelligence & Internal Security Agency of the former Soviet Union (KGB) mole within GCHQ, established a significant media attraction. Ever since the period of WWII, a bilateral 82 agreement between the US and the UK intelligence agencies was put in place. This agreement was aiming at designing a framework for intelligence exchange where GCHQ shares its information whilst, simultaneously, obtaining intelligence from the National Security Agency (NSA) in the US. 83

In the beginning of the 70’s, the model for public key encryption was invented and approved by James H. Ellis, a GCHQ employee from 1952, who was lacking the required amount of theoretical Chris Christensen, “Review of Inside Room 40: The Codebreakers of World War I by Paul Grannon,” Cryptologia 35, no. 3 (2011): 284,

70

285

John Johnson, The Evolution of British Sigint: 1653–1939 (London: Her Majesty's Stationery Office, 1977), 45

71

Michael Smith and Ralph Erskine, Action This Day: Bletchley Park from the Breaking of the Enigma Code to the Birth of the Modern

72

Computer (London: Bantam Press, 2011), 16 Smith and Erskine, Action This Day, 17

73

Aldrich, GCHQ, xvii

74

Alastair Denniston, “The government code and cypher school between the wars,” Intelligence and National Security 1, no. 1 (1986): 48

75

Aldrich, GCHQ, 17

76

Aldrich, GCHQ, 21

77

Simon Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (New York: Knopf Doubleday

78

Publishing Group, 2011), 9, 10 Singh, The Code Book, 17

79 Aldrich, GCHQ, 28 80 Aldrich, GCHQ, 86 81 Aldrich, GCHQ, 382 82

Craig Murray, Dirty Diplomacy: The Rough-and-Tumble Adventures of a Scotch-Drinking, Skirt-Chasing, Dictator-Busting and

83

Thoroughly Unrepentant Ambassador Stuck on the Frontline of the War Against Terror (New York: Scribner, 2007), 332

(22)

specialisation that was necessary to establish a feasible system. As a result, a workable implementation scheme through an asymmetric key algorithm was created by another employee named Clifford Cocks, who was a mathematician. This entire factual remained classified until the mid of 1997. 84 85

Post-Cold War

In 1994, the Intelligence Services Act proposed the types of tasks and responsibilities to the intelligence agencies in a legal framework for the first time, outlining their objectives, and the Parliament’s ISC was given a remit to inspect the expenditures, administrations and policies of the three intelligence agencies, GCHQ, MI5 and MI6. GCHQ was formally assigned to work in interests of national security, with a 86 specific reference to the defense and foreign policies of Her Majesty’s Government (HMG) in the interests of the economic transactions of the UK, as well as an endorsement of the prevention and the detection of serious crime activities. This significant reshuffle of the organisational structure of GCHQ 87 was a response to the previous year’s Intelligence Services Act that reported a statement, where it expressed GCHQ as a “full blown bureaucracy”. Furthermore, the report also suggested that 88 intelligence agencies must inspect whether all the tasks GCHQ implement today are still essential, for the domestic stability of the nation. 89

In 1996, David Omand was assigned as the Director of GCHQ. He significantly reorganised the organisational structure of the agency, in order to create an internal setting that will allow the agency to encounter the new and changing objectives and rapid technological inventions. In that year, “Sienws” or

“SIGINT NEW” systems were introduced for the first time. Therefore, this incorporated a resilient 90 working approaches, avoiding overlaps in work by 14 disciplines, where each with a well-defined working scope. During his time in the office, Omand had witnessed the blueprints of the establishment 91 of the “Doughnut” GCHQ’s new building, which is currently located in Benhall. 92

The tasks and missions of GCHQ in the abroad station of Chum How Kwok, Hong Kong were terminated in 1994. The operations of GCHQ in Hong Kong were severely essential to their ties with 93 the NSA, who supplied investment and apparatus to the station. In 1997, the Hong Kong stations’ operations were relocated to Geraldton in Australia, after the transfer of Jong Kong to the Chinese government. 94

In the period of post CW, the operations that were making a use of GCHQ’s intelligence-collection capabilities involved the observation of the communications of the Iraqi Army in the second Gulf War, monitoring and tracking the Irish Republican Army (IRA). By the mid of the 90’s, GCHQ 95 conducted the first official investigation in cyber security. 96

The Crucial Emergence of the Internet within GCHQ’s Organisational Sphere

In the beginning of the millennium, the involvement of the Internet became significant, which has led to relevant events to cyber security within the organisation of GCHQ. An event that attracted considerable

Aldrich, GCHQ, 491

84

85

John Major, Intelligence Service Act 1994 (London: Cabinet Office, 1994), 3

86

Major, Intelligence Service Act 1994, 2, 3

87

Hansard, “Intelligence Service Bill,” Published in December 1993, London. [Accessed December 3rd, 2017], http://

88

hansard.millbanksystems.com/lords/1993/dec/09/intelligence-services-bill-hl Hansard, “Intelligence Service Bill.”

89 Aldrich, GCHQ, 496 90 Aldrich, GCHQ, 496 91 Aldrich, GCHQ, 9 92 Aldrich, GCHQ, 475 93

Nigel West, Historical Dictionary of Signals Intelligence (Maryland: Scarecrow Press 2012): 27

94

Aldrich, GCHQ, 473; Aldrich, GCHQ, 505; Nigel, Historical Dictionary of Signals Intelligence, 27

95

96

(23)

attention happened in early 2004, when Katherine Gunn, a former translator for GCHQ, leaked “highly

classified” information to the media. This included emails that declared a number of agents from the 97 NSA were involved in wiretapping of UN delegates in the run-up prior to the US invasion of Iraq in 2003. 98

GCHQ obtains intelligence through monitoring a large-scale of communications and another electronic signals. Regarding this in particular, a number of stations are within the UK and abroad 99 especially in the US. In 2010, GCHQ was assessed by the ISC for issues that were related to the ICT structure, and not fading to attain the main objectives against cyber threats. As a consequence, the 100 Government initiated the UK National Cyber Security Programme. In 2016, the NCSC a part of GCHQ was established. 101

BBC NEWS, “GCHQ translator cleared over leak,” BBC, February 26, 2004, http://news.bbc.co.uk/2/hi/uk_news/3485072.stm

97 Aldrich, GCHQ, 521 98 Aldrich, GCHQ, xii 99 Aldrich, GCHQ, 471 100

NCSC, The launch of the National: Cyber Security Centre A snapshot of the past, present and future of cyber security (London: GCHQ,

101 2017), 4 Page ! of !17 60

GCHQ

Collaboration with Governmental Partners Community Partnerships

Partnering

with

Academia

Collaboration with International Partners

(24)

4. GCHQ Organisational Structure

GCHQ collaborates within a scheme of partnership in four areas within the UK, as well as with international partners through the UK’s global allies. The reason behind these partnerships is to keep the nation prepared to combat every threat that may be imposed against the national security of the Kingdom. GCHQ believes that this cooperation is vital to its success as an organisation in general and as an intelligence agency specifically. The reason is referred to the fact that this collaboration is an opportunity for GCHQ’s staff members to learn from the expertise that these partnerships provide, and to invest this expertness in new capabilities to keep the UK secured. 102

4.1. Collaboration with Governmental Partners

GCHQ represents one of the three main UK Intelligence and Security Agencies in the nation. It works collaboratively with its pivotal agencies MI5 and MI6, in confronting significantly the crucial, complex and international risks against and to promote the national interests. Since October 2016, GCHQ 103 emerged the NCSC as a vital part of its organisational structure as a result of the first NCSS, in order to deal with the cyber threats. Whilst GCHQ deals with communications, MI5 and MI6 concentrate on 104 the collection of human intelligence (HUMINT) internally and externally respectively. These three agencies are collectively engaged to protect the UK against covertly organised risks to national security, as well as assisting in informing the British Government policy makers and the UK’s response to the global events. 105

4.1.1. MI5

The role of MI5 is to provide a domestic protection of national security and in particular its protection against risks of four different areas. These areas are Terrorism, Espionage, Cyber Security and Proliferation of Weapons of Mass Destruction (WMD) that are conducted by agents of foreign powers, and from actions that are willing to overturn or undermine parliamentary democracy in the UK through political, industrial or violent means. In this paper, the focus will only be on the relevant matters MI5 106 deals with in the field of cyber security.

The work of the MI5 is conducted within the framework of the government’s strategy to counter risks to the UK’s national security. Regarding cyber security threats, Andrew Parker, the Director-General claimed in an interview with BBC that MI5 requires significant cyber security powers to pursue the intelligence services in decrypting private Internet communications. “Because of the threat that we

face from terrorists, if we are to find and stop the people that mean us harm, MI5 and others need to be able to navigate the internet, to find terrorist communications, to be able to use databases to find and stop the terrorists who mean us harm before they can bring their plots to fruition,” Parker said. He

added “We have been pretty successful at that in recent years but it is becoming more difficult to do that

as technology changes faster and faster.” And whether this access is an attempt for seeking additional

power for MI5, Andrew replied that the intelligence agency operates within the legal framework that is set by the parliament and they are consistently updated about the new legislations. However, he claimed

“How we work,” Partnership, GCHQ, [Accessed December 4th, 2017], https://www.gchq.gov.uk/how-we-work

102

David Omand, “Creating Intelligence Communities,” Public Policy and Administration 25, no. 1 (2010): 101

103

Matthew Hancock, The UK Cyber Security Strategy 2011-2016: Annual Report (London: Cabinet Office, 2016), 5

104

“How we work,” Working with other governmental departments, GCHQ, [Accessed December 4th, 2017], https://www.gchq.gov.uk/

105

features/working-other-government-departments

“WHAT WE DO,” MI5 Protects the UK against Threats to National Security, MI5, [Accessed December 4th, 2017], https://

106

www.mi5.gov.uk/what-we-do

(25)

that telecommunication companies have “ethical responsibility” for “strengthening” their relations with the authorities, in order to apprehend terrorists. 107

Such a comment from the Director-General of MI5 that shows a sense of frustration regarding the privacy of the users in cyberspace raises anxieties to what extent the government has access to cyberspace consumers in the UK. In this chapter, the main focus will be on the areas of cyber security the MI5 is dealing with, as well as discussing the involvement of cyber security within the other areas.

CYBER

The inhabitants of the UK depend considerably on the functionality of the electronic systems and services around the clock. The necessity of acquiring a secured Internet network is significant to them and to the British Government as well, is to match with the digitalisation of the currant era that led to drastic shifts of the UK’s inhabitants and businesses to the digital services transformation programme. The capabilities of executing operations through the Internet safely are essential for the delivery of the public and commercial facilities and communications. Nevertheless, a number of people and groups take advantage of this field of cyberspace for evil-intentioned motives. These individuals are referred to as

“hostile actors” and they make a full use of the Internet, in order to implement espionage operations and

harming computers and their networks. MI5’s mission regarding cyberthreats is to use its intelligence to

Mishal Husain, “Andrew Parker says MI5 needs greater cyber-security powers,” SC Magazine, September 18, 2015, https://

107

www.scmagazineuk.com/andrew-parker-says-mi5-needs-greater-cyber-security-powers/article/535057/

Page ! of !19 60

MI5

Terrorism

Proliferation of

_CYBER

WMD