Irrespective of who claimed Number 10 in May, one issue was always going to need to be high on the next cabinet’s agenda – prioritizing cyber security and addressing the inherent gaps in the country’s strategy for this critical sector. Specifically, the government needs to focus on plugging the skills shortage, greatly improving cyber policing and reassuring both domestic and international businesses that the UK’s CNI (critical network infrastructure) is robust and secure.
With the exponential growth in the service sector, the need for a resilient national cyber security strategy is imperative. The financial risks of a policy that is not dynamic and responsive cannot be underplayed, and nor can the ever-present threat of cyber terrorism.
The latest Global Information Security Workforce Study, published by (ISC)2, estimates that there will be a shortfall of 1.5 million professionals over the next five years. With the escalating demand for cyber security professionals and a lack of creativity in the way computer sciences are taught, radical change is needed in the standards of education. Not only should cyber security be incorporated into all courses, but we should be fostering the curiosity of the next generation of professionals. We need to be encouraging them to become problem solvers rather than rote learners.
Security services and encryption
Following the Charlie Hebdo attacks, the former government highlighted politicians’ ignorance of cyber security by suggesting that security services should be able to access encrypted communications. Whilst the fundamental principles of this are not in doubt, such a plan would inevitably be exploited by cyber terrorists, leaving UK businesses at risk. Security is paramount, but this cannot be an open backdoor policy for major platforms like Apple and Google.
The coalition introduced the CISP (Cyber Security Information Sharing Partnership), which it hoped would improve the sharing of information between the private and public sector. With benefits for both national security and UK PLC resilience, the policy has only had 750 sign-ups. Unless it is made mandatory, the level at which information is shared will be limited. The risks are too high for businesses to share data if the competition refuses to do the same.
However, when it comes to national security, shouldn’t economics take a backseat? Sadly, in these times of greater austerity, it is a lack of funding that characterises the gaps in the country’s cyber security protection.
Without raising salaries, initiatives such as incorporating cyber specialists into the nine Regional Organised Crime Units and Operation FALCON will fail to attract the best candidates.