A decade-long decline in IT education at schools and universities has left the UK unable to protect itself in cyberspace, a report from the National Audit Office has claimed.
In its review of the government's cyber security strategy, the NAO identified a poor skills base as a key challenge to its ability to protect the UK's Internet-based economy.
"According to the government, the number of ICT and cyber security professionals in the UK has not increased in line with the growth of the Internet," the report reads. "Interviews with government, academia and business representatives confirmed that the UK lacks technical skills and that the current pipeline of graduates and practitioners would not meet demand."
"This shortage of ICT skills hampers the UK’s ability to protect itself in cyberspace and promote the use of the internet both now and in the future."
It is not just technical skills that the UK needs, the NAO added. "There is also a need for psychologists; law enforcers; corporate strategists and risk managers," it said. "Other professionals such as lawyers and accountants also need to understand cyber security in order to assess, manage and mitigate the business risk of cyber threats."
Some experts that the NAO spoke to were concerned about "a lack of promotion of science and technology
subjects at school resulting in the reported lower uptake of computer science and technology courses by UK students".
The report cites a claim by business secretary David Willets that IT and computer science teaching have suffered a "decade-long decline".
The NAO noted the government's efforts to address this skills gap. For example, it has established a Research Instute in the Science of Cyber Security and awarded 'Academic Centre of Excellence in Cyber Security Research' status to eight UK universities to boost research and expand the UK's cyber skills base.
The report outlined five further 'key challenges' to the government's strategy. These were:
- influencing industry to protect itself;
- increasing awareness so that people are not the weakest link;
- tackling cybercrime and enforcing the law at home and abroad;
- getting government to become more agile and joined-up;
- demonstrating value for money
In all, the government's cyber security strategy has delivered benefits, the report concluded.
For example, the Serious Organised Crime Agency (SOCA) took down 36 website domains that were selling compromised credit card and financial data, it said. Action Fraud, the UK's national fraud and internet crime reporting centre, dealt with over 46,000 reports of cybercrime from the public, which amounted to fraud that would have cost £292 million.
"The threat to cyber security is persistent and continually evolving," said Amyas Morse, head of the NAO. "Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack."
"It is good that the government has articulated what success would look like at the end of the programme. It is crucial, in addition, that progress towards that point is in some form capable of being measured and value for money assessed."