GCHQ’s Cyber Accelerator programme is looking for UK-based cybersecurity start-ups who can be shaken but not stirred.
The programme will help start-ups develop security software into fully fledged commercial products and connect them with tech experts across GCHQ itself and the National Cyber Security Centre.
The spooks originally selected seven vendors for the first phase of the scheme in January, but has now extended the programme to nine months and is encouraging another wave of start-ups to apply.
The first seven vendors have raised more than £2.7 million in investment, the government said, and have won deals with tech giants including Cisco.
Matt Hancock, minister for digital, said: “We are working hard to make Britain the best place to start and grow a digital business, and the safest place to be online.
“The GCHQ Cyber Accelerator is a vital part of this work and has already helped some of the most innovative cyber security start-ups develop cutting edge new products and services. I’m pleased to announce the programme is being extended and encourage the nation’s talented entrepreneurs to apply.”
Computer security vendors have been “massively” exaggerating the abilities of malicious hackers according to the UK’s National Cyber Security Centre.
Dr Ian Levy, technical director of the UK’s National Cyber Security Centre claimed that vendors were playing up hackers’ abilities to help them sell security hardware and services.
Overplaying hackers’ skills let the firms claim only they could defeat attackers, a practice he likened to “witchcraft”.
Speaking at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.
“We are allowing massively incentivised companies to define the public perception of the problem,” he is reported as saying.
He slammed vendor’s marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyberthreats.
He said that playing up the threats allowed vendors to establish themselves as the only ones that could defeat hackers with hardware that he likened to a “magic amulet”.
“It’s medieval witchcraft – it’s genuinely medieval witchcraft,” said Dr Levy.
Most attacks aimed at firms were not very sophisticated and in one case an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible.
Dr Levy urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were “not completely crap”.