The National Cyber Security Centre (NCSC) has recently (28 February 2019) released a Call for Views in relation to the UK’s cyber security capability. The report acknowledges that the UK has a cyber security capability gap and then discusses what plans are in place to remedy this weakness.
Ever since the National Cyber Security Strategy (NCSS) was first published in 2016, we have seen a noticeable increase in malicious cyber-attacks, both from hostile nation states and individuals. For example, 2017 saw the NHS affected by the infamous WannaCry ransomware attack, which for many, was a wake-up call to how much disruption a cyber- attack can cause. WannaCry cost the NHS an estimated £92 million, despite the malware being relatively simplistic and the attack not fully coordinated. Therefore, cyber security has become a top priority for the government.
After much engagement with various groups involved in cyber security, it was found that employers have struggled to recruit individuals with the required skills. Government commissioned research followed up on this and found that 54% of all businesses and charities have a basic technical cyber security skills gap. A lack of cyber security professionals is only the tip of the iceberg. As we continue to make advancements, for example in emerging technologies like artificial intelligence, machine learning and the Internet of Things, the skills shortage will only become more problematic. Therefore, the aim is to increase digital literacy as a whole, making it akin to basic financial or commercial literacy, both of which are fundamental to most jobs.
The outcome set out in the NCSS is to ensure that ‘the UK has a sustainable supply of home-grown cyber skilled professionals to meet the growing demands of an increasingly digital economy’. They plan to meet this goal through pursuing four main objectives:
- Ensure the UK has a well-structured and easy to navigate profession which represents, supports and drives excellence in the different cyber security specialisms, and is sustainable and responsive to change.
- Ensure the UK has education and training systems that provide the right building blocks to help identify, train and place new and untapped cyber security talent.
- Ensure the UK’s general workforce has the right blend and level of skills needed for a truly secure digital economy, with UK-based organisations across all sectors equipped to make informed decisions about their cyber security risk management.
- Ensure the UK remains a global leader in cyber security with access to the best talent, with a public sector that leads by example in developing cyber security capability.
One of the primary areas of focus is on improving education and training. The government will continue to support initiatives that encourage retraining and upskilling, such as the Cyber Skills Immediate Impact Fund (CSIIF).
In addition, emphasis will be placed on inspiring the next generation of cyber security professionals. Currently, the subject lags behind other science, technology, engineering and mathematics (STEM) subjects in terms of enrolment. The Department for Education is investing in a new National Centre for Computing Education in order to improve the expertise of teachers in computer science, along with other initiatives such as the NCSC Cyber Schools Hubs programme which promotes cyber security educational resources to support teachers in the local community.
Further and higher education will similarly be targeted as areas to improve the UK’s cyber security capacity. For example, the CyberFirst Bursary Scheme provides undergraduates with financial assistance and cyber security work experience, whilst the Centres for Doctorial Training in Cyber Security provide support at the highest levels of academia.
More attention will be given to education at a less formal level. The £20 million Cyber Discovery programme focuses on building an interest in cyber security outside the classroom. There are also schemes that aim to get more woman involved in the industry, such as Cyber Girls First, an initiative for 11-14-year-old girls to learn more about online safety, cyber security, coding, and to meet female cyber security professionals.
Another key aim is to ensure that digital literacy becomes increasingly universal. From 2020, the government will be introducing an entitlement to full funding for basic digital courses, providing everyone with the opportunity to develop the fundamentals of online security. This principle will further extend to businesses, trying to embed a culture of cyber security within organisations from all sectors.
The strategy concludes with the view that the public sector ought to lead the way in how it approaches cyber security, setting the example for the rest of the economy. Not only does this benefit security, but it reaffirms the UK’s position as a leading operator in the digital economy.