The man charged with protecting the Government from cyber-attacks has become the latest member of the intelligence community to join a Cambridge cyber security start-up.
Andrew France, OBE, has left a senior position at GCHQ to become chief executive of Darktrace.
France spent thirty years at the Government spying agency, rising to the position of Deputy Director of Cyber Defence Operations. In that role, which he left at Christmas, France was charged with protecting Government data and critical national infrastructure from cyber-attacks.
France was introduced to Darktrace by the company’s then managing director Stephen Huxter, another former senior figure within the Government’s cyber defence team.
The company’s executive committee boasts several other civil service veterans with experience in cyber defence and former MI5 director-general Sir Jonathan Evans also sits on Darktrace’s board.
GCHQ has been at the heart of the Edward Snowden leaks and been widely criticised for spying on internet activity, but France denied that his new role was an example of ‘poacher-turned-gamekeeper’.
“What people don’t realise is GCHQ has got two arms,” France said. “There are the people who collect the intelligence and the people who protect it, and that’s where I come from. I’m poacher turned poacher.
Commenting on the recent revelations about GCHQ, France said: “I don’t believe people appreciate how much scrutiny GCHQ is under already. Is it enough? There’s public debate to be had about that. A balance has to be struck, but in my view I think the UK has got it about right.”
Darktrace, founded last September, plants ‘honey pots’ in networks that allow it to detect and monitor intrusions rather than simply trying to block them out. The company’s software is based on mathematical research carried out at Cambridge University and Autonomy founder Mike Lynch has invested $20 million in the company through his Invoke Capital fund.
France called Darktrace’s technology a “ground breaking, gear-shift moment”, adding: “The traditional cyber security industry have all got hammers and they’re all looking for nails to hit – that just doesn’t work in 2014.”
France said he would not exploit his Government links to win business for Darktrace, saying: “Government will be interested for obvious reasons, but we’re going where the problem is and the problem is with enterprises, who’ve got compromised networks that they’ve never been able to clean up.
“The interest from the commercial world is outpacing us – we don’t have to go chasing a government contract.”
France said companies were facing growing threats from cybercrime, nation states and hacktivists, and said at GCHQ he had seen “the damage being done to the country on an economic level from cyber attacks”.
“If you look at the UK, our national wealth isn’t in the things that we make, it’s in the data we hold, i.e. financial markets and things like that.”
Darktrace currently looks at internet traffic, but France said it would soon be moving into industrial systems, a form of cyber-attack synonymous with the Stuxnet attack that targeted Iran’s nuclear programme in 2010.