GCHQ to open a site in Manchester and reveals new cyber categorisation framework

Profile picture for user ddpreez By Derek du Preez April 11, 2018
Jeremy Fleming, GCHQ director, also outlined how the organisation carried out a “major offensive cyber-campaign” against the Islamic State Group.


The recently appointed director of GCHQ, Jeremy Fleming, has revealed that the intelligence and security organisation will be opening a new site in Manchester, which will use “cutting-edge technology and technical ingenuity to identify and disrupt threats to the UK”.

The new site in the north west of England will open in 2019 and is set to bring hundreds of new jobs to the area.

Fleming, who is a former MI5 agent and was appointed to be GCHQ director in March last year, was speaking at the National Cyber Security Centre (NCSC) conference in Manchester this week, where he also revealed that the UK has carried out a “major offensive cyber-campaign” against the Islamic State Group.

Fleming said that the attack on IS (also referred to as Daesh) had led to disruption of their online activities and had even destroyed networks. He said:

The outcomes of these operations are wide ranging. In 2017 there were times when Daesh found it almost impossible to spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications."

This campaign shows how targeted and effective offensive cyber can be.

Fleming also made comments about recent tactics used by Russia and said that the Kremlin had engaged in “unacceptable cyber behaviour”.

A new site

GCHQ has said that its new planned site in Manchester will be at the “heart” of that nation’s security. The Manchester site will extend GCHQ’s network of sites in the UK, which currently sees a headquarters in Cheltenham, and offices in Bude in Cornwall, and Scarborough. Last year, the National Cyber Security Centre (NCSC), which is part of GCHQ, opened its new headquarters near Victoria in London.

GCHQ is already recruiting for a range of roles across its existing sites, and jobs at its new Manchester offices will be advertised later this year. You can see existing opportunities advertised here.

Commenting on the announcement of the new site, Fleming said:

I’m delighted we’re opening a new site in the City of Manchester. It will create hundreds of high calibre jobs for people who will have a vital role in keeping this country safe.

Our new facility will open up a huge new pool of highly talented, tech savvy recruits vital to our future success.”

Manchester is a city full of innovation and talent. It is also a city known for its tolerance and inclusivity, which last year was tragically attacked by someone who had neither.

In that difficult time, we at GCHQ drew strength from the togetherness and resilience shown by all of Manchester’s communities. That’s how you tackle terrorism.

Sir Richard Leese, Leader of Manchester City Council, added:

This announcement will create hundreds of jobs and represents a huge vote of confidence in the talent pool of potential employees in and around Manchester. GCHQ perform a vital role helping to keep the country safe and we look forward to welcoming them to the city in 2019.

Improving categorisation

In addition to the above, the NCSC, which is part of GCHQ, has announced today that it is implementing a new cyber incident prioritisation framework, which it hopes will improve consistency around the incident response and better use resources

NCSC claims that this will ultimately lead to more victims receiving support.

Working with law enforcement agencies, incident responders will now classify attacks into six specific categories rather than the previous three.

The incident category definitions aim to give increased clarity on response mechanisms for incidents by identifying what factors would happen to activate a specific classification, which organisation responds and what actions they would take.

Information processed by the new framework will also be used to generate a comprehensive national picture of the cyber threat landscape, spanning the full range of incidents from national crises to cyber attacks on individuals.

The framework encompasses cyber incidents in all sectors of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals.

Paul Chichester, the NCSC’s Director of Operations, said:

This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.

The new system will offer an improved framework for dealing with incidents, especially as GDPR and the NIS Directive come into force shortly.

Individual judgements will of course still be applied to respond to incidents as necessary.

The six new categories are:

  • Category 1 - A national cyber emergency
  • Category 2 - A highly significant incident
  • Category 3 - A significant incident
  • Category 4 - A substantial incident
  • Category 5 - A moderate incident
  • Category 6 - A localised incident

The NCSC said that it may be able to provide direct technical support, depending on the scale of the incident. It added that people or businesses suffering from a cyber attack “below the national impact threshold” should contact Action Fraud, UK’s national fraud and cyber crime reporting centre, who will respond in accordance with the new incident categorisation.

National Police Chiefs' Council Lead for Cybercrime, Chief Constable Peter Goodman, added:

This is a hugely important step forward in joint working between law enforcement and the intelligence agencies

Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response.

This is good news for the safety of our communities, business and individuals.