This week marks the eighth anniversary of the UK’s National Cyber Security Centre (NCSC), established as the country’s principal technical authority for cyber security. Interim CEO Felicity Oswald has taken this opportunity to reflect on the organization’s journey over the past eight years.
The NCSC was initially announced by then-Chancellor George Osborne in November 2015, following a national security review, and was envisioned as a “cyber force” within the intelligence agency GCHQ. Its objective was to manage significant cyber incidents in the UK and provide a centralized source of security guidance.
Oswald noted that the last eight years have witnessed a plethora of technological advancements and an increasingly intricate threat landscape, which has simultaneously transformed the NCSC’s roles, capabilities, and services. “Though eight years may seem brief, this era has dramatically changed how we live and work online. One constant, however, is the interdependent relationship between cyber security and intelligence,” she commented.
She highlighted the historical significance of the ties between these fields, referencing the groundbreaking cryptographic work at Bletchley Park and the long-standing involvement of cryptologists at GCHQ. “The collaboration between code-making (security) and code-breaking (intelligence) has been vital for our safety and well-being,” she added.
This integrated approach has gained traction among the UK’s international partners, as seen in counterparts in Australia, Canada, and New Zealand, which also fall under signals intelligence agencies. Notably, last week, the Swedish government announced a similar evolution for its NCSC to operate within the Försvarets Radioanstalt, Stockholm’s signals intelligence bureau.
In her farewell blog post, Oswald emphasized that the NCSC’s unified strategy for cyber security, which includes protecting technology and leveraging it for intelligence purposes, proves to offer significant value for British taxpayers by reducing redundancy that would arise if these functions were managed separately.
“This is a responsibility we take seriously, one that we pass on to our successors. It requires top-tier technical expertise ranging from cutting-edge post-quantum cryptography to the protection of industrial control systems crucial to the UK’s critical national infrastructure (CNI), resulting in world-class security outcomes for the UK,” she stated. “While the specific configurations may vary between nations, the underlying principle remains: collaboration between security providers and intelligence agencies enhances effectiveness on both fronts.”
Oswald acknowledged that the synergy between security and intelligence will only grow in importance. As new technologies emerge alongside more sophisticated threats, the NCSC must enhance its capability to ensure the safety of these technologies while also utilizing them for intelligence.
As she prepares to hand over leadership to her successor, Richard Horne, whose official start date is Monday, October 7, Oswald stressed the need for the NCSC to remain prepared for future challenges, leveraging the power of world-class signals intelligence and the expert insights that accompany it, in their mission to ensure that the UK remains the safest place to live and work online.
Horne, a former executive at PwC overseeing the UK cyber security practice, was announced as CEO in April 2024. In addition to continuing the initiatives established by his predecessors, Ciaran Martin and Lindy Cameron, he will play a pivotal role in addressing the cyber threats posed by new technologies.
Prior to his tenure at PwC, Horne served as managing director of cyber security at Barclays and was briefly seconded to the Cabinet Office during David Cameron’s coalition government to contribute to the initial formulation of the UK’s Cyber Security Strategy. He holds a PhD in mathematics and cryptography from Royal Holloway at the University of London and is a graduate of the University of Exeter.