You are currently viewing Inside the GCHQ Starter Program |  Thames

Inside the GCHQ Starter Program | Thames

From the outside, the headquarters of GCHQ – Britain’s cybersecurity and intelligence agency – looks exactly as you’d expect: barbed wire fences and security checkpoints.

But once inside, things start to look a lot less like James Bond and more like a giant shopping mall.

There’s a Greggs bakery (baristas have security clearance) and next door is the UK’s largest top-secret garden, with beach-style striped deckchairs.

The agency has been on a mission – and has been since Snowden leaks in 2013-2014 revealed that it was collecting information on people around the world – to project an increasingly open image; to try to shift its public perception from a secret agency to an ally of the public in the fight against cybercrime.

A key part of that: partnering with young startups and inviting them for mentorship.

“The Halo Effect”

The part of GCHQ that runs the startup program is the National Cyber ​​Security Center (NCSC). It opened a few years after the Snowden leaks and works on computer security threats.

Five companies have just joined this year’s program, which focuses on ransomware. That’s an appropriate theme — GCHQ Director warned last week that countries opposed to Russia will see an increase in cyberattacks after the invasion of Ukraine.

The donut-shaped headquarters of GCHQ in Cheltenham, England

Companies include Goldilocks, working on physical airspace to disconnect critical infrastructure after an attack; SOS Intelligence, which makes affordable cyber intelligence tools; Validato, a SaaS tool for simulating cyberattacks; and Vault Sentinel and Cyntegra, which help companies recover data after cyberattacks.

Startups will join for 12 weeks and receive mentorship, technical support, and warm introductions to VCs in the agency circle.

A founder of this year’s cohort describes the program as giving startups the “halo effect” — a sign of approval from the nation’s top security experts that their technology is innovative and really works.

The number of VCs and investors with the deep security knowledge to judge for themselves is limited, so the GCHQ stamp can serve as an influential guide for investors.

Why GCHQ wants to help startups

The program helps the agency gain exposure in the tech world and demonstrate how it supports UK businesses – it’s the only part of the agency that does active public relations.

The Snowden leaks were a good example of why GCHQ wants to be more open to the public, says Ciaran Martin, former head of the NCSC and now professor of management at Oxford University.

“Snowden is a good example of this: we need to say more about what we do so that the public can have confidence. This is a matter of national security because it will harm national security if we don’t if we don’t maintain the public trust,” he said.

“You can’t give cybersecurity advice to a nation of 66 million people behind barbed wire.”

“You can’t give cybersecurity advice to a nation of 66 million people behind barbed wire”

The changing nature of threats also means they need to have closer ties to the public and the tech ecosystem around them – cyberattacks can target individuals as well as government infrastructure, so pairing with startups developing technologies for the public helps both parties.

“Ransomware is a prime example of this,” says Saj Huq, CCO and Head of Innovation at Plexal, the innovation hub GCHQ has partnered with to manage this year’s startup program.

“To date, innovation in products brought to market to address this growing threat has been limited. It also allows GCHQ to direct the energy of startups towards catering to certain groups; for example, by ensuring that SMEs are not left behind.

Unit 8200

GCHQ is not the first agency to seek closer ties to the tech ecosystem around it. Jhe country with by far the most blurred line between its government agencies and its tech sector is Israel.

Its GCHQ equivalent is Unit 8200: a high-tech intelligence agency and the largest military unit in the Israel Defense Forces.

The authors of startup nation, a 2009 book about Israel’s startup culture, describes Unit 8200 as “the national equivalent of Harvard or Yale”. Graduates leaving the program often form startups and move into high-tech positions.

Martin says he visited an event organized by Unit 8200 in Tel Aviv. “It was called ‘speed dating,’ where Unit 8200 graduates came to pitch their ideas to venture capitalists,” he says.

Credit: IDF Spokesman’s Unit

Some of Israel’s best founders have graduated from the agency. Gil Shewd, co-founder of Check Point, Israel’s largest cybersecurity firm, was part of Unit 8200, as was Avi Hasson, Israel’s former chief scientist, whose office was responsible for providing loans to technology startups.

“A lot of people were seduced by the Israeli model,” says Martin – including the British government, when they set up the NCSC. “In Israel, the scale of innovation is breathtaking.”

Israel, however, relies on universal conscription, so the number of people coming out of Unit 8200 and other military intelligence organizations is very high.

The flow from GCHQ to the UK tech ecosystem is accelerating. Cybersecurity firm Darktrace was founded by former GCHQ employees, as was Teara startup working on using AI to fight financial crime.

Meanwhile, in Germany, Gerhard Schindler, the former chairman of the BND (the country’s foreign intelligence service), now sits on the board of directors of Monarch, a cybersecurity startup.

OWith increasingly large wage packages for tech workers in Europe – and relatively small ones for the public sector – the flow of talent from agencies could increase.

A desirable relationship?

So is it desirable that government agencies and the tech sector become more and more entangled when it comes to cybersecurity?

There have been a number of controversies surrounding security tech startups. The biggest and most notorious of these is NSO Group, an Israeli tech firm accused of providing its Pegasus software – capable of monitoring smartphones without clicking – to authoritarian governments so they can target rights activists rights and journalists. A number of ONS staff came from Unit 8200.

While states develop and maintain private technology solutions, they have little control over where and to whom companies sell their technology. There is also an argument that something as sensitive as intelligence should not be entrusted to private companies – harder to pin down on human rights than states themselves.

The logo of NSO Group, an Israeli spyware startup that developed the Pegasus phone hacking software

But for governments, the choice is not necessarily between developing domestic startups or using in-house technology. Countries are increasingly turning to foreign-made intelligence technologies, often with their own questionable ethics.

This has created a desire and pressure to create local intelligence solutions – something national startups can help.

France, for example, is on a mission to replace Palantir, the data analytics company founded by American Peter Thiel. Nicolas Lerner, head of the French intelligence unit, the DGSI, said in 2020 that he would prefer the country to use a French company.

“The economic stakes are very low,” he said. told Reuters at the time (Lerner said the Palantir-DGSI contract was worth a few million euros.) “Then there is the question of sovereignty, autonomy, independence, and that is a question that only the ‘State can respond.’

Freya Pratty is a reporter at Sifted. She tweets from @FPratty and writes our sustainability-focused newsletter You can register here.

Leave a Reply