The Channel logo


By | Alexander J Martin 13th October 2016 12:59

New GCHQ unit: Psst, breached biz bods. We won't rat you out to the ICO

National Cyber Security Centre wants you to come in for a reassuring chat

The new National Cyber Security Centre is pitching itself to CEOs as a friendly government organisation which won't get the regulators involved after data breaches.

Those gathered this morning on the 18th floor of 125 London Wall heard one of the NCSC's deputy directors address CEOs on how they should lead their businesses' recovery from cyber attacks—and it was primarily by contacting NCSC, a part of GCHQ.

Peter Yapp, the deputy director for the incident management directorate, explained how his role worked: “If something [regarding a cyber incident and your company] breaks in the press, I'll get a call from someone in government,” he said, and he would be expected to explain what the incident meant.

“If you haven't phoned me and told me about it, I will phone you,” stated Yapp.

“It is worth telling me about the most serious incidents,” he told his audience, acknowledging that these were difficult to define, before comforting them: “We do not tell the ICO what you tell us.”

This closeness with industry is the explicit purpose of the NCSC, which will be based in Cheltenham, Gloucestershire, and at a new building in Victoria in London. Although a part of GCHQ, the NCSC is intended to be “much more open and out-facing” said Yapp, and when the building in Victoria opens for NCSC's staff it will be open for industry to visit.

Ciaran Martin, who was formerly the head of cyber security at GCHQ, will operate as the CEO of the NCSC which — pending ministerial sign-off — will have five directorates, including Incident Management, Research, and Engagement, with 15 sub-directorates including a cryptographic research team.

An ICO spokesperson said: “Reporting breaches to the ICO is a matter for the data controller. We expect organisations to follow the detailed guidance we provide about breach reporting. We are already engaged with government on cyber security regulation and have plans to work together with the newly created NCSC.” ®

comment icon Read 17 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe