25 February: Jeremy Fleming, Director of GCHQ, has made a are public appearance to give a speech to the International Institute for Strategic Studies in Singapore. Why Singapore? Well, it’s a nicer place to spend a few days than Cheltenham and the appearance was designed to reassure those in the region (such as Singapore) who feel threatened by China’s expansionist policies. This is in line with the UK Government’s planned “global reach” policy post- Brexit.
The full text of the speech should be available here: https://www.gchq.gov.uk/uk-global-cyber-power-says-director-gchq-speech. The title was: “The UK is a Global Cyber Power.” Key phrases such as “…in the cyber world, the size of the force doesn’t equal potency” and “Power comes in many hues: ‘soft power’ is exercised by those who may set an example, project through leadership, or encourage adherence to a particular set of legal or ethical boundaries” were designed to emphasise the government’s message: that the UK may not have the resources of, say, the Americans, but the UK can still be a useful ally.
Amongst other things Fleming confirmed that the UK has an “automated cyber defence programme”. He said that it had stopped 54 million malicious connections on government systems in 2018 alone. What was new (to Spying Today at least) was that he confirmed that there is an automated takedown service and it is run by a private company – not GCHQ. Another example of the increasingly blurred lines between state intelligence organisations and private agencies.
He also addressed the current confrontation with Huawei. He confirmed that a final decision still has not been made, but went on to highlight the cyber threat created by China – something he called “the opportunities and threats of China’s technological offer.” In particular he mentioned APT10 aka “Stone Panda” as a significant threat.
He did not omit to consider the UK’s offensive cyber capabilities. As an example, he spoke of the damage that GCHQ had done to the Daesh online presence. Interestingly he said: “Cyber action cannot equal cyber reaction” i.e. in some cases GCHQ is going to strike first. Of course, this is exactly what the UK’s cyber opponents such as China are also claiming. Fleming said that the difference was the UK’s ethical stance as a liberal democracy.