QinetiQ was instrumental in developing many of the security technologies and approaches we take for granted today.

 

Here are just a few examples of what our amazing employees have achieved, sometimes “under the covers”, over the years.

Mid 70s - Birth of the Internet

 

Problem

 

In the 1970’s, packet switched networks were seen as a possible way of providing resilient and survivable military data communications. However, the challenge was whether they could be built, how could you connect together dissimilar types of networks, and could they be made secure?

 

Solution

 

In the mid 70s, we started using the Arpanet to support collaborative UK/US research. On the 26th March 1976, Her Majesty the Queen became one of the first Heads of State to send an e-mail during a visit to the Royal Signals and Radar Establishment (now QinetiQ) based at Malvern, Worcestershire.

 

The text of the message read:

 

"This message to all ARPANET users announces the availability on ARPANET of the Coral 66 compiler provided by the GEC 4080 computer at the Royal Signals and Radar Establishment, Malvern, England. Coral 66 is the standard real-time high level language adopted by the Ministry of Defence. The message was transmitted over the ARPANET by Her Majesty The Queen on the occasion of her visit to Malvern on 26th March 1976."

 

In 1978, we (along with University College London) were the first non-US organisation to collaborate with the US Department of Defense in designing, developing and building the first version of the Internet.

 

In 1981, we demonstrated how this early version of the Internet would support robust data communications between QinetiQ Malvern in the UK and a ship sailing in San Francisco bay. The demonstration involved data communications over four different types of computer networks. These were local area network (within UK), satellite network (connecting the UK with the US), ARPAnet (for communications across the US), packet radio (for connecting the ship to the ARPAnet in San Francisco via relays on an aircraft and a truck). The results of our research influenced the design of the Internet protocols, which are widely in use today in the Internet and Intranets.

Early 90s - Open Source Intelligence

 

Problem

 

In the early 1990’s the UK Ministry of Defence wanted to make more use of open source information to support its activities. This information came from a variety of information sources (e.g. Reuters, Janes Defence, BBC), in a variety of formats (e.g. CD, Internet, Satellite feed) and was updated at various frequency (e.g. monthly, daily, real-time).

 

Solution

 

In 1993 we developed, DELOS, the UK’s first open source intelligence monitoring service. DELOS allowed users to have access to information on a particular topic, which included both background information and up to date global news information.  

 

Mid 90s - IT System Penetration Testing 

 

Problem

 

Our experience with secure computer systems highlighted the need to conduct independent security penetration testing of the systems – essentially “ethical hacking”.

 

Solution

 

In 1995 we were the first UK organisation to provide IT System Penetration Testing to Government and commercial clients. In 1998, a number of UK companies started offering IT Security Penetration Testing services, but there was no means of ensuring the competencies of these suppliers. Jointly with the UK’s Communications and Electronic Security Group (CESG), based at GCHQ, we developed the UK’s CHECK service, including the CHECK Service Assault Course, to assess the capability of an individual within a supplier organisation to undertake IT systems penetration testing. CHECK membership is now regarded as the de facto standard for penetration testers, particularly in the Government and financial sectors.  We assessed the first CHECK candidate in September 1999.

 

 

Total Security Health Check

Problem

 

In 1995 we concluded that an attacker would not constrain themselves to a solely IT-based attack against a system, but would exploit other means of attack or intelligence gathering to support an IT attack.

 

Solution

 

In 1996 we developed a more complete simulation of attack against a system, known as Advanced Intruder Testing (later Total Security Health Check).  Total Security Health Check is the most complete assessment of the security of a system yet devised and includes physical, human, procedural, and electromagnetic testing, in addition to penetration testing. We conducted the UK’s first Total Security Health Check of a military target in 1996 and developed the UK’s first Practical Security Health Check course.

 

Find out more about our Security Health Check capabilities here.

2001 - Combating Hi-Tech Crime

 

Problem

 

The UK Government decided to establish the National Hi-Tech Crime Unit (NHTCU) in April 2001, to target serious crime with a hi-tech element.  They drew staff from across UK law enforcement - not just Police, but also HM Customs & Excise and other agencies. Although each officer was an expert in law enforcement, they needed basic training in the issues of computer security and related technologies.

 

Solution

 

We developed a 2 week bespoke hands-on training course to expose the new officers to their new environment, covering details on subjects from encryption to hacking. The first NHTCU Network Investigators course was given in April 2001 and we trained most of the UK’s NHTCU staff after that.