Decision

Advice Letter: Ciaran Martin, Member of the Public Sector Advisory Board, Palo Alto Networks

Updated 26 September 2022

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/martin-ciaran-chief-executive-at-national-cyber-security-centre-gchq-acoba-advice/advice-letter-ciaran-martin-member-of-the-public-sector-advisory-board-palo-alto-networks

August 2021

1. BUSINESS APPOINTMENT APPLICATION: Professor Ciaran Martin CB, Chief Executive at National Cyber Security Centre 2014 - August 2020

Professor Martin, former Chief Executive at National Cyber Security Centre (NCSC), part of Government Communications Headquarters (GCHQ), has sought advice from the Advisory Committee on Business Appointments (the Committee) under the government’s Business Appointments Rules for Former Crown servants (the Rules) on an appointment he wishes to take up with Palo Alto Networks Ltd (Palo Alto) as a Member of the Public Sector Advisory Board. The material information taken into consideration by the Committee is set out in Annex A.

The purpose of the Rules is to protect the integrity of the government. Under the Rules, the Committee’s remit is to consider the risks associated with the actions and decisions made during time in office, alongside the information and influence a former Crown servant may offer Palo Alto.

The Rules set out that Crownservants must abide by the Committee’s advice. It is an applicant’s personal responsibility to manage the propriety of any appointment. Former Crown servants are expected to uphold the highest standards of propriety and act in accordance with the 7 Principles of Public Life.

2. The Committee’s consideration of the risks presented

The Committee[footnote 1] noted that Professor Martin did meet with Palo Alto; these interactions were in line with his role as CEO of NCSC and he had similar interaction with other companies in this sector. Further there is no contractual or commercial relationship between NCSC and Palo Alto. The department also confirmed he did not make any decisions specific to Palo Alto. Therefore, the Committee considered the risk he could be seen to have been offered this role as a reward for decisions made, or actions taken in office, was low.

The Committee noted that this proposed role overlaps with Professor Martin’s time in office. Therefore, there could be a perceived risk he had access to relevant privileged information, which could unfairly benefit Palo Alto. However, the Committee gave weight to the department’s confirmation that he had no access to information that could provide an unfair advantage and he has been out of office for over 8 months. Further, Professor Martin’s previous department, NCSC, has a purpose and commitment to be transparent and he has an ongoing duty of confidentiality.

The Committee noted there is a risk that Professor Martin’s influence and network of contacts within government could unfairly benefit Palo Alto, especially as his role is focused on discussing strategy for selling into global government markets. Given his seniority and influence in government, there is a risk Professor Martin could provide an unfair advantage to Palo Alto if it were to seek to sell its services or products to NCSC or the UK government. However, the Committee noted he is presented from doing so by the below contracts and bids restriction. This restriction makes it clear that Professor Martin cannot provide advice on the subject matter or terms of a bid or contract relating directly to the work of the UK government. Further, he is also made subject to the below lobbying restriction, preventing him using his contacts in the UK government to the unfair advantage of Palo Alto.

The Committee further recognised as the former Head of NCSC, there is a risk associated with his influence and contacts within other governments. Therefore the Committee would draw Professor Martin’s attention to the below restriction that makes it clear he should not use contacts he has developed in other governments for the purpose of securing business for Palo Alto.

Taking into account these factors, in accordance with the government’s Business Appointment Rules, the Committee advises this appointment with Palo Alto Networks Ltd be subject to the following conditions:

  • he should not draw on (disclose or use for the benefit of himself or the persons or organisations to which this advice refers) any privileged information available to him from his time in Crown service;

  • for two years from his last day in Crown service, he should not become personally involved in lobbying the UK government or its Arms’ Length Bodies on behalf of Palo Alto Networks Ltd (including parent companies, subsidiaries, partners and clients); nor should he make use, directly or indirectly, of his contacts in the government and/or Crown service to influence policy, secure business/funding or otherwise unfairly advantage of Palo Alto Networks Ltd (including parent companies, subsidiaries, partners and clients);

  • for two years from his last day in Crown service he should not undertake any work with Palo Alto Networks Ltd (including parent companies, subsidiaries, partners and clients) that involves providing advice on the terms of, or with regard to the subject matter of a bid with, or contract relating directly to the work of, the UK government or its Arms’ Length Bodies; and

  • for two years from his last day in Crown service, he should not become personally involved in lobbying contacts he has developed during his time in office and in other governments and organisations for the purpose of securing business for PaloAlto Networks Ltd (including parent companies, subsidiaries and partners)

Professor Martin must inform us as soon as he takes up employment with this organisation(s), or if it is announced that he will do so and we will publish this letter on our website.

Any failure to do so may lead to a false assumption being made about whether they have complied with the Rules.

Professor Martin must inform us if they propose to extend or otherwise change the nature of their role as, depending on the circumstances, it may be necessary for them to make a fresh application.

Once the appointment(s) has been publicly announced or taken up, we will publish this letter on the Committee’s website and where appropriate refer to in the annual report.

3. Annex A - Material information

3.1 The role

Professor Martin said Palo Alto is a cyber security company based in California. The website states Palo Alto is a global cybersecurity leader, which delivers innovation to enable secure digital transformation. Palo Alto’s mission ‘…is to be the cybersecurity partner of choice, protecting our digital way of life. [It} help[s] address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration’. The company serves over 70,000 organizations in over 150 countries.

Professor Martin said the Palo Alto advisory board for its global public sector business meets three times per year to discuss strategy for selling into global government markets.

He does not expect his role to involve contact with the UK government.

3.2 Dealings in office

Professor Martin saidin February 2020 he attended a closed meeting of Heads of Cyber Security Agencies from across the democratic world during the RSA Conference (The world largest cyber security conference https://www.rsaconference.com/en/about). Palo Alto organised and paid for the event. He also said as one of the largest specialist cyber security companies in the world, Palo Alto had various dealings with the NCSC. In strict confidence experts working for CM engaged with Palo Alto on weaknesses in some of the company’s products and services to make sure they were fixed. He said this is standard practice for the NCSC to disclose any problems to companies. He also said Palo Alto CEO came to visit the NCSC because he was interested in the UK’s approach and its skilled work. He confirmed he had had similar dealings with Palo Alto’s competitors but had no access to commercially sensitive information.

Professor Martin also confirmed he dealt on a strategic policy level with all major cyber security companies. However he confirmed he did not make any funding or contractual decisions affecting Palo Alto while in post and had no access to sensitive information relevant to Palo Alto.

3.3 Department Assessment

GCHQ confirmed the details given in Professor Martin’s application. It confirmed Professor Martin had spoken to the company during his time as CEO and maintained connections with former colleagues now working with Palo Alto. It said there was an informal relationship between NCSC and Palo Alto but confirmed there was no formal commercial or contractual relationship which would indicate material influence.

It also stated Professor Martin’s experience as CEO of NCSC gave him access to the UK’s cyber security policy but stated this is generally already available to the public. It also said Professor Martin would bring substantial experience and a high public profile to the role.

GCHQ also said given his proposed role within the Public Sector Advisory Board it would recommend restricting Professor Martin becoming involved in UK-related government business.The department had no concerns with regards to this application.

  1. This application for advice was considered by Jonathan Baume; Andrew Cumpsty; Sarah de Gay; Isabel Doverty; The Rt Hon Lord Pickles; Richard Thomas; Mike Weir and Lord Larry Whitty. Dr Susan Liautaud was unavailable. 

Back to top