The UK Government has today vowed to build its cyber security capacity across the critical national infrastructure sector in response to a damming report from the Joint Committee on the National Security Strategy.
Last July, the Joint Committee on the National Security Strategy warned that the disparity between the supply and demand of skilled cyber professionals in the critical national infrastructure (CNI) sector is a cause for worry. According to the report, the scarcity of specialist skills and deep technical expertise are the most significant challenges faced by CNI operators and regulators in the UK concerning cyber security; furthermore, the report claimed that the UK Government lacked a sense of the problem or how to tackle it.
Two-thirds of critical infrastructure firms have suffered service outages in last two years
Chair of the Committee, Margaret Beckett MP, said: “Building cyber security capacity within Government and across Critical National Infrastructure sectors is a matter of utmost importance to the UK’s national security. “Today’s Response from the Government accepts the need to think creatively about current and future challenges relating to cyber skills. This is a start.
“The Government sets store by its 2016 National Cyber Security Strategy, and today’s Response to our Report acknowledges that in terms of a standalone skills strategy, there is more to do.
“We have been assured that Government has begun work on that strategy, which they promise by the end of 2018. When it arrives, we will look carefully to ensure that this is the case.
“The UK has already seen the potential consequences when CNI is affected by a major cyber attack – demonstrated in the NHS.
“The Committee remains to be convinced that Government has grasped the immediate challenge of keeping CNI secure from cyber threats.
Many of the plans set out in this Response will come to fruition in a decade’s time. It fails to answer our questions about today and tomorrow – and this is concerning.”
New government software Code of Practice: security must be built from the code up
The Government’s response also revealed that Ministers are currently creating a response following consultation on developing the UK’s cyber security profession. This includes the establishment of a UK Cyber Security Council which will coordinate the delivery of defined objectives for the profession.
Raj Samani, Chief Scientist and Fellow at McAfee, commented: “The stakes for securing the sector and wider critical national infrastructure (CNI) are extremely high, given their strategic importance to the country and their position as a prime target for cyber criminals.
“Clearly there is work to be done, both to encourage the next generation of young people into cyber security and to upskill those already responsible for our critical national infrastructure. The Government’s response speaks of the work being done to “demystify” cyber security careers, and this is important to make the industry relevant and exciting, encouraging curiosity from the next generation. In order to plug this skills gap, collaboration between the public and private sectors is crucial, not just in targeted investment in education initiatives – especially at earlier ages – but also in threat and intelligence sharing.
“For CNI institutions themselves, it is crucial that security is built in from the outset with robust processes to protect themselves. This should incorporate the ability to detect threats as soon as they arise and, once targeted, correct systems quickly to minimise disruption to the general public and public sector employees.”
UK Government announces major new cyber security innovation centre