The #cyber security #strategy, one year on

The UK’s progress in strengthening cyber security measures since the national strategy came out has been encouraging, but more needs to be done to tackle the lingering issue of skills, says Talal Rajab, head of cyber and national security at techUK.

It’s no exaggeration to say that 2017 was the year that cyber was brought closer to the forefront of the public’s consciousness than ever before. With operations being cancelled due to the WannaCry ransomware attack that affected the NHS, to the Houses of Parliament suffering a brute force attack, public sector bodies were at the forefront of the government’s response to the growing cyber threat. That is why, through the National Cyber Security Strategy, the government set out an ambitious framework that aimed to make the UK the most secure place to live, work and do business online.

Evaluating the strategy one year on, it is clear that its main efforts went into the establishment of the National Cyber Security Centre (NCSC) which, in its first year, responded to 590 significant cyber-attacks across the UK (read more on page 50).

The resources and expertise behind the NCSC are clear signs of the seriousness with which government takes cyber security. However, with an expected increase in state-sponsored threats, the UK will need to continue to raise the bar across the board in terms of its response and resilience. This includes the continued development of the regulatory framework, with the General Data Protection Regulation (GDPR) and Network and Information Systems Directive (NIS) due to come into effect in May 2018.

It is contingent, however, on a key issue that affects countries around the world: skills. Recent estimates suggest that there will be a global cyber security workforce shortfall of 1.8 million by 2022. That is primarily why the strategy commits the UK to developing “a sustainable supply of homegrown cyber professionals.” It has delivered a multitude of great initiatives looking to develop these skills, such as CyberFirst, along with a wider range of government and industry-backed schemes catering to digitals skills more generally.

Work is also currently being undertaken by the NCSC and DCMS to develop a professional body for cyber security, offering clearer career pathways that can only make the sector more attractive to potential candidates. Its development is surely to be supported, so long as it complements existing organisations and systems rather than adding a layer of complexity.

This progress is encouraging, but more could certainly be done to join these efforts up under a more coherent strategy and approach. Similarly, whilst the long-term fix of reaching those at school age is an important one, there is an urgent short-term need for initiatives that reskill the current workforce, identifying transferrable skills and creating pathways for returners. More can also be done to tap into the potential of candidates with neuro-diverse conditions.

The strategy has also seen the emergence of many exciting potential new initiatives that are aimed at growing the UK cyber sector and using our sovereign cyber capabilities to stay ahead of the threat. One cyber security innovation centre, based in Cheltenham, has opened and hosted some exciting cyber security start-ups, whilst another is due to open in London over the next 12 months. DCMS has also run ‘boot-camps’ for cyber start-ups and mentoring programmes for academics to help them turn their ideas into viable cyber security companies.

Another example is a potential ‘proving ground’ for cyber products to be tested by the NCSC. Clearly there will be sensitivities surrounding public endorsement by government bodies of private technologies, but as the UK moves to a global, more export-driven international framework (as advocated by current government ministers) UK industry successes should indeed be encouraged and promoted.

It’s too early to judge the National Cyber Security Strategy with four years still to go, but 2017 has given the UK a platform to achieve its ambitions and meet the growing challenges the UK cyber sector faces.