The UK has substantially increased its hacking capabilities in recent years, an official report says.
This includes the ability to attack other country’s communications, weapons systems and even infrastructure.
The details were revealed in the annual report of the Intelligence and Security Committee, which oversees the work of intelligence agencies.
It said GCHQ had “over-achieved”, creating double the number of new offensive cyber-capabilities expected.
The report said GCHQ’s allocation of effort to develop hacks had increased “very substantially” from 2014.
The programme of developing the capabilities is divided into three tranches and GCHQ said that it had just finished the first. “We… actually over-achieved and delivered [almost double the number of] capabilities [we were aiming for,” an official from the agency told the committee.
The details of the successes are classified in the public version of the report.
Such capabilities could, in theory, be used to retaliate against others’ cyber-attacks. The report comes a day after the Foreign Office publicly blamed North Korea for the Wannacry attack, which hit the NHS in May 2017.
Not all the projects at GCHQ have been as successful. One – codenamed Foxtrot – was designed to deal with the spread of encryption.
It is described as an “equipment interference programme to increase GCHQ’s ability to operate in an environment of ubiquitous encryption” and is considered critical to the agency’s work.
However, it was reported to have suffered a number of delays.
“The task has become more complex, the skills shortage has become more apparent,” GCHQ told the committee.
“It is our number one priority and our number one worry.”
Another priority was Project Golf – an effort to enhance its supercomputing capacity. GCHQ said this project was also critical but on track to be operational early next year.
For years the intelligence community, like much of government, has struggled with IT projects designed to facilitate the sharing of information.
MI5’s Alfa programme, described as crucial to the core business of managing information, is said by the committee to have faced major problems. It added that “significant risks” remained to its successful delivery.