UK cyber defence unit 'may include convicted hackers' Published duration 22 October 2013

media caption Watch Susan Watts' full Newsnight in which former Lulzsec hacker Mustafa al-Bassam and Dr David Day, who helped convict him, meet for the first time

Convicted computer hackers could be recruited to the UK's cyber defence force if they pass security vetting, the head of the new unit has said.

Lt Col Michael White told BBC Newsnight he would "look at individuals in the round" when assessing applicants.

Recruitment would be focused on "capability development" rather than "personality traits", he added.

The Joint Cyber Reserve Unit was announced by the government in September.

Under the £500m initiative, the Ministry of Defence (MoD) is set to recruit hundreds of reservists as computer experts to work alongside regular armed forces.

The unit will defend national security by safeguarding computer networks and vital data, and it will also launch strikes in cyberspace if necessary.

It is hoped the move will address the shortage of people with the technological skills and knowledge to protect corporations, the military, and government systems from cyber attacks.

'Civil liberties'

The MoD said the recruitment, which started in early October, would target regular personnel leaving the armed forces, current and former reservists with the required skills, and civilians with the appropriate technological knowledge.

When asked by Newsnight whether someone with the right skills would be ruled out if they had a criminal record for hacking, Lt Col White said: "I think if they could get through the security process, then if they had that capability that we would like, then if the vetting authority was happy with that, why not?

"We're looking at capability development, rather than setting hard and fast rules about individual personality traits."

Defence Secretary Philip Hammond unveiled plans for the cyber defence unit last month.

media caption Defence Secretary Philip Hammond: "The armed forces, overall, do not have an absolute bar on people with criminal convictions"

Mr Hammond also told Newsnight he could foresee circumstances in which convicted hackers could be employed.

"Each individual case would be looked at on its merits," he said.

"The conviction would be examined in terms of how long ago it was, how serious it was, what sort of sentence had followed. So I can't rule it out."

But one former hacker told Newsnight the government had already undermined its chances of attracting talented individuals.

Mustafa al-Bassam, now a computer science student at King's College London, was the youngest hacker in the Lulzsec group - which recently targeted organisations such as the FBI in the US and Britain's Serious Organised Crime Agency (Soca) in a 50-day hacking campaign.

He told the BBC that revelations by former US contractor Edward Snowden about the extent of mass surveillance carried out by intelligence agencies - including the US' National Security Agency (NSA) and Britain's GCHQ - had dissuaded him from using his cyber skills to protect UK national security.

"I can understand the need for a government to protect itself, but when you go ahead and stomp on everyone's civil liberties - as we've seen with all the mass surveillance stories that have been out over the past year - I think you can rest assured that you're going to repel talented people," he said.

'Industrial scale' attacks

Dr David Day, a Sheffield Hallam University computer forensics expert who provided evidence for Mr Al-Bassam's conviction, told Newsnight it was a "terrible shame" someone convicted of malicious hacking would find it difficult to get a job in the industry.

"If they have those abilities and those skills, then some of the best talent we can't use," he said.

Cyber attacks and crime have become more common in recent years.

In July, it emerged Britain was seeing about 70 sophisticated cyber espionage operations a month against government or industry networks,

GCHQ director Sir Iain Lobban told the BBC business secrets were being stolen on an "industrial scale".

And in a written statement in December last year, Cabinet Office Minister Francis Maude said 93% of large corporations and 76% of small businesses had reported a cyber breach in 2012.