Days before my lunch with Sir Jeremy Fleming, an email lands in my inbox, asking for my food order. Then I am told to be at the exit door of London’s Science Museum at the unfashionable time of 11.30am. The UK’s cyber intelligence chief has only days left in the job and is still not leaving anything to chance. The chosen entrance to the museum avoids the crowds of children on school trips; the second-floor café is open on that day only for us, thus the need for a pre-order.
The choice of venue is a deliberate one, placing GCHQ, the signals intelligence agency, in the context of Britain’s broader scientific achievements. The museum is where GCHQ celebrated its 100-year anniversary in 2019, with an exhibition that traced its history of code-breaking from Bletchley Park to today’s cyber activities.
Before we head up to the restaurant, we take a whistle-stop tour of the museum’s display of early precision and measurement tools made in London in the 18th century, clearly one of Fleming’s favourite spots. As he scrutinises the instruments, he tells me about the agency’s “poachers and gamekeepers”, the pure mathematicians who protect secrets and break codes. “We have the largest number of pure mathematicians in the UK,” he says proudly.
This nerdy contingent has helped to revolutionise spying: as threats have shifted from the physical to the virtual world, with states and criminal gangs waging combat in dark corners of the internet, GCHQ’s profile has been boosted. It is thought to have more staff than its sister agencies MI5 and MI6 and has tight operational links to US intelligence through the Five Eyes relationship. GCHQ has an offensive arm in partnership with the Ministry of Defence, the secretive National Cyber Force, as well as a unit that gives cyber security support to the public and private sectors.
At a time of increased anxiety about surveillance and data privacy, Fleming has sought to lift the veil ever so slightly on GCHQ, speaking publicly about threats and even guest-editing the BBC’s morning radio show Today last year. In practice, the ability to hoover up data has not changed since the Snowden revelations of mass surveillance programmes a decade ago, but new legislation in 2016 tightened government oversight, and a subsequent transparency drive has meant that GCHQ, like its sister agencies, can no longer hide in the shadows.
Fleming says that polling shows Britain’s intelligence agencies consistently enjoy a high level of public trust. “It is one of the bizarre features of the UK system that, in comparison to many of our allies, the intelligence agencies are extremely well trusted by the general public, including in the aftermath of Snowden.”
It is, at least in part, the James Bond effect. “British spies are wrapped up with a load of film mythology and all these other things that sometimes, mostly for better and sometimes for worse, crowd into our image.”
There is only one table set in the row of booths at the café overlooking Exhibition Road. Fleming asked that our meal be served at noon and I already know that wine is not on the menu. He quips that he’d better have water in any case, since he’s due to see the prime minister after lunch. In the six years since he was appointed head of GCHQ, Fleming has had to deal with a succession of four prime ministers and five foreign secretaries, though he is quick to stress that none wavered in their support for the intelligence agencies.
The waitress arrives with two plates. Neither of us can remember what we ordered, but I take the smoked chicken with a chickpea and pumpkin seed salad in a pesto sauce and Fleming the grilled sea trout with potato and spring onion salad.
The 56-year-old Fleming is not a typical spy and says he doesn’t like to think of himself as one, even if he carries the role well, exuding control and always appearing on alert. He studied economic and social history at Bristol university and trained as a chartered accountant in the City. While working for Deloitte in its government practice, he was seconded to the Ministry of Defence. “When I turned up, it was MI5. This was one of those sliding door moments that you have in your career . . . when you think, ‘well, that’s interesting. I’m not going to get a chance to do that again’.” It was the early 1990s and Fleming helped MI5 make its finances more transparent to parliament. After he joined the service, he led investigative teams and intelligence collection operations and rose to become deputy director general.
Twenty-five years later, he had another “sliding door moment” when he applied for the job of GCHQ chief after the agency’s head Robert Hannigan unexpectedly resigned in 2017. While Fleming had only learnt some basic coding along the way — he says he’s not a “natural” — he had experience in leadership. “I shamelessly steal and borrow from others’ leadership experience and I’ve had the benefit of some great mentors and coaches, including, it has to be said, Steve Radcliffe [the leadership coach].”
Fleming’s first year was momentous, and a harbinger of what was to come. “We had the dreadful Manchester Arena bombing . . . [the] WannaCry [ransomware attack], the first time we really understood that cyber attacks were going to be at a level where national resilience could be at stake; a subsequent attack later that same year — NotPetya — where the economic implications and Russia’s involvement were clear. Then, within that period, we also had the Salisbury attacks, where it was clear that [Vladimir] Putin’s Russia had a risk appetite to do things that, frankly, it was hard to believe, including the use of a nerve agent on the UK’s homeland.”
During Fleming’s last year in the job, Putin over-reached with the disastrous invasion of Ukraine. Unusually, the US and UK released deep intelligence to warn of the impending offensive and counter Russian misinformation that could justify it. I ask Fleming why we haven’t seen massive cyber attacks from Russia since the invasion. “There’s been plenty of cyber in this conflict. The thing that’s different is . . . that Ukraine has been very effective in defending itself . . . Ukraine has shown that the defender has agency, and it has reached out and got support from a whole range of like-minded countries.”
That the UK has helped Ukraine in its cyber capabilities is not a secret. But what Fleming won’t reveal is any detail of operations against Russia that might have involved the UK and made Moscow think twice about escalating its attacks to the levels reached with the NotPetya virus in 2017, which started in Ukraine and then spread worldwide. Is there an escalatory ladder in cyber, the same as with weapons of mass destruction? Fleming doesn’t like the comparison with nuclear deterrence but says that Russia is indeed conscious of escalation risk. “Any state with these sorts of capabilities understands there is escalatory potential in their use.”
So far, GCHQ has not seen evidence of Chinese cyber assistance to Russia. “The risk is, as it is on more traditional munitions and military support, that the Chinese state in some of those areas decides that they want to support President Putin’s Russia,” says Fleming. “President Xi is clear about his friendship without limits [with Putin] so . . . I’m pretty sure he doesn’t want to see President Putin humiliated. The danger for him is that he ends up on the wrong side of history on that bit of the bargain.”
The smoked chicken was satisfactory and Fleming seems to have enjoyed his trout. He is “a real chocoholic” and tells me that his team gave him a gigantic Toblerone as a leaving gift. So he declares the chocolate raspberry tart that we have both chosen “the perfect pudding”.
London SW7 2DD
Grilled sea trout with new potato and spring onion salad £20
Smoked chicken with chickpea and pumpkin seed salad £20
Dark chocolate and raspberry tart x2 £16
Coffee and petits fours x2 £10
Sparkling water £2
Still water £2
I ask him whether there’s an expanding number of countries with dangerous capabilities. Fleming’s list of the four most sophisticated cyber actors includes Iran and North Korea, in addition to Russia and China. But he says that more than 50 states now have cyber capabilities, often procured commercially through companies such as Israel’s NSO Group, whose software has been used to spy on journalists, politicians and activists. “The proliferation of cyber capabilities is one of the things that we worry about.”
In terms of geostrategic competition, China’s ambition to project its power beyond its borders, including in cyber space, poses the greatest challenge to the west. China has been hyperactive in cyber spying and it has hoovered up western technology and science secrets. Unlike in the west, the state rather than the private sector also owns all the data domestically, helping it to innovate more rapidly in areas such as artificial intelligence.
Fleming says that in terms of patents lodged, China is now on a par with the US on some aspects of AI. But the west as a whole still retains a narrow lead. He worries that the debate about the technology race characterises China as only stealing its way to success. “Of course, it has done that in the past and it still tries to steal IP, but it has also invested very heavily in its tech sector and very heavily in the skills to support it. So it is structurally creating advantage from its education system and its investment in research.”
He argues that the pandemic and China’s attitude have forced a rethinking of dependencies and resilience and accelerated the divide between China and the west, but that it is not an “inexorable” direction. “My hope is that, around the margins, we’ll also find ways to co-operate where it’s in both our interests to do so.”
Surprised by this statement, I suggest that, even on the margins, co-operation seems a distant prospect, given that many in the US political establishment now see conflict with China as inevitable. Fleming is not fatalistic: “While friction is high at the moment, I’m not sure it’s a high-water mark.”
Fleming says he has been too busy to think about his next job and is taking the summer off. He is being replaced by Anne Keast-Butler from MI5, the first woman to hold the job. Whether by design or accident, there must be a good chance that Fleming will land in the corporate world. “It’s a moment when this convergence of tech and cyber and geopolitics is very interesting beyond national security circles,” he says. “My experience is that everyone is talking about it, whether you’re in the boardroom or whether you’re in government.”
More specifically today, every conversation turns around generative AI. Alan Turing, a founding father of AI, was an alumnus of the Government Code and Cypher School — the forerunner to GCHQ — and the algorithms that underpin the technology have long been used by the agency. What is new, says Fleming, is that we are at a “democratisation” moment in the public understanding of AI. “It’s probably one of the biggest challenges of our time for government: how to respond in a world where AI provides so much potential to deliver services differently but is also going to provide so many ways in which our adversaries or those who seek to do us harm, including criminals, would be able to take advantage.”
His concern is that, while companies that are at the forefront of the technology are engaging more with governments (the relationship has improved since the mid-2000s clashes over access to suspected terrorists’ encrypted data), the pace of the conversation, among and within governments, and with the tech firms, is not fast enough. “The private sector needs to be in and amongst policymaking in a way in which it rarely is and would probably like to be a bit more,” says Fleming. Tech companies, he points out, have an incentive to join forces: “Remember, the companies have to get their heads round this too, it’s very hard to monetise successfully AI capabilities if the public don’t trust them.”
Fleming protests when a waitress tries to remove his half-finished chocolate tart and, as he finishes the rest, I’m hoping to score in my own secret lunch mission: to get insights into an offensive cyber operation. The National Cyber Force, GCHQ’s offensive arm, recently produced a document explaining its role and underlining that it acts responsibly. But the only specific operation against an adversary ever acknowledged was years ago, when the agency targeted Isis.
Can he share any other examples? “I’m not going to tell you,” Fleming flatly says. The most I hear is insight into how decisions are made. “There’s always a point when we’re planning an operation where we think about whether this is the type of operation we would ultimately want to disclose.” Almost always, or always, it seems, the result is to stick to secrecy.
As the clock ticks closer to 1pm and we’ve had our hot drinks (espresso for me and mint tea for Fleming), I shift gears completely and return to the myth of British spies. Does Fleming have a favourite television spy series? Disappointingly, he doesn’t have time to watch TV but he loves the Mick Herron books, especially the Slough House novels. And like many British spies, he is a Bond aficionado. In his sign-off message at GCHQ, he revealed for the first time that his middle name was Ian, just like the Bond author with whom he shares a surname — an appropriately understated parting shot from a master of hidden messages.
Roula Khalaf is editor of the FT
Find out about our latest stories first — follow @ftweekend on Twitter