Wednesday, March 9, 2022

Sir Edward Bridges and the Development of UK Communications Security

I think I'm a bit closer to an explanation of something that has exercised me for a few years: why did Sir Edward Bridges, first as Cabinet Secretary and then as Permanent Undersecretary (PUS) at the Treasury, take such an interest in Communications Security (Comsec), from 1941 until his retirement in 1956? He made sure that in January 1944 the creation of a Cypher Policy Board independent of the JIC was approved by the Chiefs of Staff and the War Cabinet. This meant a better defined Comsec organisation in GC&CS with the authority to mandate security standards across the whole of UK Government. In 1954 he drove through the institutional separation of the LCSA (what would eventually be called CESD, then CESG, then turn into the NCSC) from GCHQ, a separation that lasted until 1969.

His first experience of encryption probably came in March 1929, when, as a Treasury civil servant, he became a member of the Inter-Departmental Committee on Cypher Machines, on which he sat alongside Edward Travis, Deputy Head of GC&CS and its lead for Comsec. The committee's report seems to have been ignored: it recommended the "O'Brien-Gardiner machine" no working model of which was available. Enigma was turned down on the grounds that it was of foreign manufacture.

Eventually, Wing Commander Lywood RAF improved the on the design of Enigma and came up with Typex which was first used operationally in 1937. GC&CS was kept away from the development of Typex by either Lywood, or the RAF, or both: they didn't believe that the advice being provided by GC&CS on security was adequate: he (or the RAF, or both) was right. By the time of Dunkirk in 1940, Typex was the only British military encryption system the Germans couldn't read. (I will write more about this catastrophic failure another time.)

In October 1941 four cryptanalysts from Bletchley Park wrote to the Prime Minister complaining of delays in supplying the manpower needed for GC&CS's mission. Churchill's response was immediate: his famous 'Action This Day' minute in which General Ismay was instructed to "Make sure they have all they want on extreme priority and report to me that this has been done". In fact it looks likely that while Ismay worked with 'C' on the manpower required for Bletchley Park, Bridges interested himself in the security mission, at the time mainly farmed out to Mansfield College Oxford, with a small nucleus at Bletchley. (Certainly, some months later, when GC&CS approached the Treasury to increase its establishment across the board, its letter said "if you need more evidence I can only refer you to Bridges or Ismay" (letter quoted by Nigel de Grey in HW 43/76).)

Bridges understood that the primary reason for the failure of British Comsec was due to a systemic issue: GC&CS's charter did not allow it to mandate security standards for the armed forces, only to provide advice. A separate issue, but which contributed to the overall failure, was that the quality of the advice was poor, and, anyway, wasn't always accepted. Bridges spent fifteen years godfathering a new structure for UK Comsec, which resolved both of these issues.

The Admiralty had sponsored an "Inter-Service Committee on the Security of Codes and Cyphers" early in 1941, and Travis and Tiltman represented GCHQ at its first and only meeting. It set up a "Technical Sub-Committee" chaired by Travis with three members: from the Admiralty and Air Ministry, and Tiltman, for GC&CS and the War Office. It met regularly (23 meetings between February and October 1941) and it changed its title to Cypher Security Committee. The parent body was replaced by a new "Inter-Services Cypher and W/T Security Committee" and it adopted the Cypher Security Committee, widening its membership beyond GC&CS and the three services to include Civil Departments (Foreign Office, Colonial Office, India Office, Dominions Office, Ministry of War Transport, Ministry of Food, Ministry of Supply, Postal and Telegraphic Censorship, Ministry of Aircraft Production and Ministry of Information) though these only attended by invitation when matters relevant to them were to be discussed.

This Committee was still advisory (though I don't think that its conclusions and recommendations were ignored or rejected by anybody), and had no forward planning responsibilities, but Bridges was still keen to see a more formal arrangement. He persuaded the original committee members to come up with a paper outlining the problems faced by the committee and after detailed discussion in November and December 1943 a paper was agreed by the Chiefs of Staff in January 1944 and adopted by the War Cabinet. Its main conclusions were:

1.            A new body called the Cypher Policy Board was created under the authority of the Prime Minister and the War Cabinet. Its membership was: 'C' (Chair) as Director-General GC&CS; the Cabinet Secretary (Bridges); Director General Signals Air Ministry (representing the Chiefs of Staff); Director GC&CS (Travis); Secretary (Communications Security Advisor GC&CS). It was responsible for: (a) deciding questions of policy governing the security of British cyphers, including decisions about new cyphering devices proposed and safeguards necessary for their use; (b) ensuring that the use of cyphers by the Services and by Government Departments was properly supervised; (c) advising on the security of cyphers used by Allies where appropriate.

2.            A new section of GC&CS was established to deal with the security of British cyphers and of Allied cyphers (insofar as British commands were concerned). This section was headed by a GC&CS Assistant Director with the title Communications Security Advisor (CSA) (Captain Wilson RN).

3.            The Cypher Security Committee became responsible to the Cypher Policy Board, and the Secretary of the Cypher Policy Board became its chair.

Bridges became PUS at the Treasury but took his membership of the Board with him. Even if communications could only command a small amount of his attention as PUS and Head of the Home Civil Service, he would nevertheless make time for it.

Some years later in 1952 the Admiralty complained about problems caused by the way in which the Cypher Policy Board had developed a committee structure. The matter was taken up at Board level and the Admiralty said that it felt that many of the tasks being performed by the Board might be better carried out by the Sigint Board. Bridges answered that the Cypher Policy Board had been set up in 1944 to see that the right cryptographic policy was devised, both from the standpoints of security and practicability and to ensure that this policy was carried out. He believed that it would be quite inappropriate for these responsibilities to be handled by the Sigint authorities. An officer from the Signals Division of the Admiralty carried out an investigation in conjunction with a Treasury civil servant nominated by Bridges.

The investigation looked at the structures of the Board but, surprisingly, also recommended the creation of a new agency, the Telecommunications Security Agency, which would subsume the Comsec responsibilities of GCHQ for planning and policy for new cryptosystems and speech security devices, and for their design and engineering development. It would also take on the responsibilities for Comsec which were still in control of the services. GCHQ and the service ministries were persuadable: the military complained that existing structures usually saw GCHQ representatives asking for solutions which gave 100% security but were practically unusable; to which GCHQ countered that no new off-line system had been developed since the war because of the military's insistence on continually changing the specifications for new machines. Bridges persuaded them not only of the need for a single body but also that both GCHQ and the services would accept that the new Agency's Director would sit above them and act as arbiter.

In the event, LCSA – the London Communications Security Agency – was set up in 1954. It shared the central London office block on Palmer Street which GCHQ had acquired in 1953 for a 'front office' and maintained the bulk of its staff at Eastcote when the rest of GCHQ went to Cheltenham. The divorce was never final: LCSA (soon renamed CESD) was too small to be an independent agency, and GCHQ continued to provide administrative and estate services; the mathematicians needed by both organisations continued to form a common pool; and particularly after the retirement of Bridges, CESD had no real voice in Whitehall or ability to face the services down where necessary other beyond GCHQ's ability to speak on its behalf.

Trying to work out why Bridges had interested himself to such an extent is difficult. When the NCSC was being set up, and I had been through this tale with Ciaran Martin, its first Head, he asked Lord Bridges if there were any papers held by the family, or any family folk memory on this subject: there weren't.

I think that Bridges, having decided to look out for Comsec while General Ismay did the same for Comint after the 'Action This Day' minute from Churchill in 1941, realised that the subject needed higher price help than it was likely to get if he didn't look after it himself. His view (in modern language) was that Comint professionals are the wrong people to make Comsec policy, even though the input from Comint is the primary tool at the disposal of Comsec professionals. It is clear that he believed that if Comsec and Comint were housed in a single organisation, Comsec would necessarily suffer if its autonomy could not be maintained, and so arranged for it to separate from GCHQ as completely as possible.

Separation from GCHQ simply didn't work, so CESD came back to Cheltenham as CESG: but its autonomy was part of the deal, even if the degree of autonomy was a moveable feast. The NCSC model – "part of GCHQ" but headquartered outside Cheltenham – was a response to the radically different requirements cybersecurity demanded of both Comint and Comsec, but has finally achieved Bridges' vision.


No comments:

Post a Comment