GCHQ Annual Review Contradicts NCA's National Risk Assessment

GCHQ's National Cyber Security Centre's annual report contradicts the NCA's findings of cryptocurrencies and end-to-end encryption as a major threat to national security.

GCHQ Annual Review Contradicts NCA's National Risk Assessment
  • GCHQ's NCSC has released its annual report on UK cyber security
  • The report makes little mention of cryptocurrencies and no mention of end-to-end encryption as notable threats to UK cyber security
  • Its lack of focus on cryptocurrencies and end-to-end encryption contradict the NCA's findings of cryptocurrencies as a cyberthreat to UK national security, as well as NCA's findings that end-to-end encryption meaningfully undermines Safety by Design principles

The UK's National Cyber Security Centre (NCSC), part of the UK's primary intelligence agency Government Communications Headquarters (GCHQ), has released its annual report on key developments between September 01 2023 and August 31 2024.

The report mainly focuses on threats posed by ransomware attacks, stating that "ransomware attacks continue to post the most immediate and disruptive threat to our critical national infrastructure."

The report additionally focuses on AI-enabled crime, stating that "the complexity of the threat landscape is also almost certain to intensify with the use of AI technology."

While the report highlights NCSC publications throughout the year which identify cryptocurrencies as the preferred payment method for ransomware payments, the report itself merely makes one mention of cryptocurrencies, one mention of digital assets, and no mention of virtual currencies or "cryptoassets", stating that:

"DPRK threat actors indiscriminately target cryptocurrency companies and users globally, and attempt to steal data from defence industries, governments, and academia to improve their internal security and military capabilities."

and:

"North Korea continues to use cyber operations for a range of activities, including the acquisition of digital assets and other operations which result in monetary benefit. This is done in a variety of ways, of which supply chain attacks are one."

The report directly contradicts the findings of the UK's National Crime Agency's (NCA) National Risk Assessment (NRA) which identified cryptocurrencies as a threat to national security, stating that cryptocurrency enabled crime increases with the adoption of cryptocurrencies.

The NCA additionally found that end-to-end encryption poses a threat to UK national security by undermining agreed Safety by Design principles. In addition to little mention of cryptocurrencies, the NCSC's annual report makes no mention of end-to-end encryption.

The UK's NCA and Information Commissioner's Office are currently fighting a Freedom of Information Request filed by The Rage and Bitcoin Policy UK attempting to retrieve information on the data assessed and methodologies applied to conclude that cryptocurrencies and end-to-end encryption pose a risk to national security.

Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation: