GCHQ seeks innovative UK solutions to cyber security challenges

Profile picture for user Mark Samuels By Mark Samuels December 7, 2017
Start-ups join the government-backed Cyber Accelerator with the aim of developing security products and services that will enhance the UK’s cyber defences.

cyber security

The second cohort of start-ups selected to join a nine-month GCHQ Cyber Accelerator programme that attempts to drive innovation in the security sector were revealed yesterday.

The Cyber Accelerator, which forms an element of the UK Government’s £1.9bn National Cyber Security Strategy, is a collaboration between the Department for Digital, Culture, Media and Sport (DCMS), the National Cyber Security Centre (NCSC), which is part of GCHQ, and Wayra UK, which is part of the global research and development programme Telefonica Open Future. Selected start-ups receive benefits to help scale their businesses, including funding, mentoring, connections and office space.

This second wave of start-ups joins an earlier cohort of organisations that are attempting to develop innovative security products and services that will enhance the UK’s cyber defences. Chris Ensor, deputy director for cyber skills and growth at NCSC, told diginomica at the launch of the second wave in London that he hopes the initiative will create solutions to real-world challenges:

We just want stuff on the shelves to help people protect themselves – it’s as simple as that. Security’s quite hard today, if you look at how complicated systems have become. And while industry’s doing its best to make security easier, such as through things like automatic updates on Windows, it’s still quite hard. The companies in the incubator have got an opportunity to come up with some novel ideas to make it a lot easier for people to stay safe.

The second wave of start-ups draws on a broad range of organisations and ideas. The nine start-ups pitching their business plans included Elliptic, which is working to detect and prevent criminal activity around crypto currencies, and Secure Code Warrior, which aims to enable software developers to become the first line of cyber defence. Other innovations centre on end-to-end authentication for the IoT and a cyber security monitoring platform that helps business find weaknesses before hackers. Ensor told diginomica he is impressed with the breadth of innovation on display:

This cohort has got an interesting cross-section – there’s everything from age verification to technology that can potentially destroy data remotely. We like the ideas but that’s just the start of the journey. Now we need to dig into the ideas to see how they’ve implemented them. The idea might be brilliant but the implementation might not be and, therefore, doesn’t deliver security. So, we’re going to work with the start-ups in some of the labs we have and see how they’ve built their products.

A natural progression

The incubator programme has been a long time in gestation. Ensor explained to event attendees how the UK Cyber Security Strategy for 2011 to 2016 talked about GCHQ using its expertise directly to help the UK grow. He says NCSC spent the first five years looking at intellectual property, with a resulting increase in openness and publications. Ensor said the Cyber Accelerator is a natural next step:

We’re going out into the wider world, working with other organisations and new ideas. It brings our expertise out there with other people and gets us beyond the barbed wire. The accelerator is a physical place and it allows us to bring our expertise together with new ideas to work with small companies and come up with novel ideas. It’s in Cheltenham because most of our experts are in that area and the set-up encourages people to go beyond the wire and work with people in the region. We’re trying to get new start-ups but we’re also trying to work out how we work in a more agile way – and that’s what the accelerator does for us.

As NCSC develops its expertise, Ensor expects to spread its knowledge beyond Cheltenham to other places around the UK. The companies in the accelerator were selected through an open competition that was based around several key cyber security challenges. Ensor explained more:

NCSC GCHQ understands the problems that people face. We have people out there every day, working with organisations and seeing the problems they have. That’s our challenge list – there’s a bunch of problems out there and we want solutions to them. That’s what we hope we’ll get with the companies we’ve selected for the accelerator. If these companies can deliver these solutions, then they potentially have a direct route to market because they’re solving the real problems that people face.


Ensor says his organisation received 116 applications for the second wave. Those applicants were reduced to 24 organisations that pitched to NCSC, from which nine were selected for the second cohort of the accelerator, rather than six during the first run. This second phase of the programme will run for nine months, rather than three during the initial initiative. Ensor says the selection process, and ongoing modifications, demonstrate how NCSC is determined to try alternative approaches to innovation:

It’s an experiment – we’re trying to do things differently; we’re trying out new things. As a national security organisation, we spend a lot of time working behind defence. A lot of this is new, but hopefully we’ll learn through the accelerator process and the companies we’ve selected will learn, too. We’re on a journey with our past, present and future cohorts and we’re looking to develop the capabilities the UK needs. GCHQ might use some of the products that come out of these initiatives but the things that come out of the accelerator should help solve real problems that people face.

The launch of the second wave of incubators was attended by Minister of State for Digital Matt Hancock, who told attendees he remembered the presentations from the first wave and the sense of excitement from people in these start-ups who had been able to engage with people behind the wire. Hancock said these conversations informed how these entrepreneurs were building their businesses and had helped solve real-world problems. Hancock said start-ups involved in the first wave of incubation raised £3m of investment in just three months. He said the bar has been set high for the second round:

I passionately believe cyber security is a mission-critical part of our security. In government, we’ve put a large budget behind it and stated it’s a tier one national security issue. We want GCHQ to be outward-looking and have a foot in the business and academic world. Ultimately, I believe that business done right is a force for good in the world. I’m thrilled about the accelerator programme, and excited by the physical manifestation and cutting-edge locations where innovation can take place. The links in the ecosystem, and the personal relationships between sectors, are what matters in terms of getting the incubator going.