MPs slam GCHQ for focusing on ‘image rather than cost’ when finding offices for the new National Cyber Security Centre as the Government’s listening post overshot its budget by almost £3 million per year
- Parliament’s Intelligence and Security Committee slammed GCHQ in new report
- GCHQ was tasked with finding offices for new National Cyber Security Centre
- The committee said GCHQ had placed an emphasis on ‘image rather than cost’
MPs today slammed GCHQ for placing an emphasis on ‘image rather than cost’ when searching for a headquarters for the new National Cyber Security Centre as the Government’s listening post overshot its budget by almost £3 million per year.
Parliament’s Intelligence and Security Committee (ISC) has published a damning report on GCHQ’s ‘unacceptable’ procurement process for the NCSC’s offices.
The ISC said the criteria used by the intelligence organisation to find an HQ were ‘faulty’ and the search was subject to an ‘unnecessarily tight timetable’ which resulted in ‘excessive haste’.
The committee concluded that better decision making would have saved taxpayers considerable sums of money.
The formation of the NCSC, which falls under GCHQ’s umbrella, was announced in 2015 and shortly afterwards a property advisory consultancy firm began looking for office space for the organisation.
In 2016, it produced a shortlist of properties – with one in Canary Wharf already leased by the Government marked as the top option. New-build commercial properties in Victoria and Shoreditch came joint second.
The Intelligence and Security Committee has slammed GCHQ, pictured in Cheltenham, over its choice of offices for the new National Cyber Security Centre
GCHQ ultimately chose the Nova South building in Victoria, London, as the NCSC’s new headquarters
GCHQ decided that the Victoria office – Nova South – was its preferred option, which the ISC said appeared to be due to a late change in criteria that the accommodation should be near Westminster rather than ‘tech hubs’.
However, according to a draft full business case outlined in the committee’s report, Nova South’s running costs were estimated to be £6.4 million per annum, while Canary Wharf’s were £3.1 million.
The ISC said the cost of Nova South equates to more than ‘£21,000 per staff member per annum’ – more than double the average Government cost for London-based staff.
The funding originally allocated for the NCSC’s offices stood at £3.5 million per year.
GCHQ funded the shortfall out of its main budget, the committee said, meaning it had to reduce funding for other investments and was ‘unable to fund the repair of some infrastructure and security upgrades’.
The ISC said: ‘In our view, operational capabilities should almost always come first – and the justification for departing from this was not made during the selection process.’
It criticised GCHQ for putting ‘excessive’ weight on the ‘quality and appearance of the office accommodation’ with ‘no case being made for it’.
ISC members – Labour MP Kevan Jones and SNP MP Stewart Hosie – said: ‘Our inquiry has discovered very significant shortcomings throughout the procurement process – including an arbitrary timetable, faulty criteria, ignored warnings, an absurd weighting mechanism, unjustified score changes, a “no-hope”‘ alternative and, finally, the Principal Accounting Officer being overruled.
‘From the outset, the selection criteria used were faulty: an unnecessarily tight timetable was imposed arbitrarily at the outset, resulting in excessive haste which potentially led to faulty decision-making – and to good options being summarily dismissed due to non-availability within that timescale.
‘Locations outside London were never considered and great emphasis was placed on finding high-end accommodation – without any case being made for that being necessary.
‘Then, at a late stage, the location requirement was changed from the initial one of “tech hubs” such as Shoreditch, to the Westminster area – despite this never being formally specified as a criterion and the case for it also not being made. This switch at such a late stage in the process meant that much of the work undertaken previously was rendered useless.
‘Even disregarding the faulty criteria, it is clear that GCHQ selected Nova South against all the evidence and warnings that it would neither be ready on time nor receive approval from the Government Property Unit.’
They added: ‘While the procurement process was unacceptable – with an emphasis on image rather than cost – the scope of the Committee’s report is solely about that process, which was run by GCHQ.
‘NCSC was at that point still not in existence and our findings do not reflect in any way on the quality of the NCSC’s work or its overall success as a new institution.’
Boris Johnson said in a written statement that the Government ‘acknowledges there are lessons that can be learned’ from the procurement process for the NCSC headquarters
Prime Minister Boris Johnson said the Government ‘acknowledges there are lessons that can be learned from the procurement process’ and would respond to the committee’s recommendations in due course.
But in a written statement he said: ‘As the public-facing part of GCHQ and the UK’s lead technical authority on cyber security, the NCSC required a workspace which balanced the need for accessibility and operational capability to defend the UK against cyber threats effectively.
‘Nova South met all the key criteria required by Government, including proximity to Whitehall and other stakeholders within the Government Secure Zone.
‘A further contributing factor to its selection was its availability, which allowed the NCSC to be established at pace, within a year, providing a centre at a time when there was an urgent need for the Government to increase its defensive cyber capabilities and respond to global cyber incidents like WannaCry.
‘Nova South has provided a much-needed central focus for UK cyber security since its procurement, hosting a wide range of Government and industry partners as well as contributing to our global commitment to cyber security and the UK’s ranking as number one by the Global Cybersecurity Index.’
Source: Read Full Article