National Cyber Security Centre (NCSC) lifts the lid on first cyber incident responded to by GCHQ experts.
In June 2023 NCSC marked the twentieth anniversary of GCHQ’s first response to a cyber-attack perpetrated against the UK Government by another state.
Back then, there was no government agency set up to deal with cyber-attacks, nor was there a dedicated national incident management function.
This all changed in 2016 with the establishment of the National Cyber Security Centre, a part of GCHQ.
Now, the NCSC has revealed that in June 2003 cyber experts were called upon to investigate after a government employee detected suspicious activity on one of their workstation
A suspected phishing email had been identified, so technical specialists sought help from the Communications-Electronics Security Group (CESG) – the information assurance arm of GCHQ at that time.
CESG’s analysis discovered that malware, designed to steal sensitive data and evade anti-virus products, had been installed, raising suspicions about the attacker’s intent and setting in motion a series of actions that was transformative to cyber incident investigations.
For the first time, GCHQ fused its signals intelligence capabilities with its cyber security function to investigate and identify the actor responsible.
The ground-breaking analysis, coupled with international engagement, led CESG to conclude the intent of the attack had been cyber espionage by a nation state, setting in train a mission that today is at the heart of NCSC operations; namely, understanding and responding to cyber threats to the UK.
Paul Chichester, Director of Operations at the National Cyber Security Centre, said: “Twenty years ago, we were just crossing the threshold of the cyber-attack arena, and this incident marked the first time that GCHQ was involved in a response to an incident affecting the UK Government.
“It was also the first time that the UK and Europe started to understand the potential online risks we faced and our response transformed how we investigate and defend against such attacks.
“The NCSC and our allies have come such a long way since this incident, and it is reassuring to be at the forefront of efforts to develop tools and techniques to defend against cyber threats and keep our respective nations safe online.”
The National Cyber Security Centre, a part of GCHQ, was set up in October 2016 to help keep the UK safe online. It combined existing expertise from CESG, the Centre for Cyber Assessment, CERT-UK and the Centre for Protection of National Infrastructure (now the National Protective Security Authority).
The NCSC responds to cyber security incidents to help reduce the harm they cause to organisations and the wider UK, as well as working with other law enforcement, defence, the UK’s intelligence and security agencies and international partners.