This article is more than 1 year old
Brit tech forges alliance to improve cyber security as MPs moan over 'acute scarcity' of experts
We're even short 'moderately specialist' types ...
A cross-sector alliance incorporating leading UK organisations has been created in response to government plans to develop a national professional body for cybersecurity.
The imaginatively titled Collaborative Alliance aims to shape national cybersecurity standards, drive advances in education and advise the government on policy.
The founding members include BCS, The Chartered Institute for IT, Chartered Institute of Personnel & Development, the Chartered Society of Forensic Sciences, CREST, The Engineering Council, IAAC, The Institution of Analysts and Programmers , The IET, Institute of Information Security Professionals (IISP), Institute of Measurement and Control, ISACA, (ISC)2, techUK, The Security Institute, CIT, and The Worshipful Company of Information Technologists.
The latest (ISC)2 Global Information Security Workforce Survey predicts a global shortfall of 1.8 million cybersecurity personnel by 2022 and a shortage of 350,000 across Europe. One of the alliance's key aims is to create a self-sustaining pipeline of talent to fill the skills gap in the UK.
Objectives agreed by alliance members include:
- To harness the full range of proven and established UK cybersecurity professional expertise
- To provide a forum for benchmarking and shared standards for cybersecurity professional excellence
- To enable the development of the specialist skills and capabilities that will allow the UK to keep pace with rapidly evolving cyber risks
- To enable a self-sustaining pipeline of talent providing the skills to meet our national needs
- To provide a focal point which can advise, shape and inform national policy
The announcement of the alliance follows constituent members' participation in a series of workshops led by the Department of Digital, Culture, Media and Sport to develop a national professional body for cybersecurity. UK government proposals to professionalise cybersecurity – which have been opened up to public consultation – were announced on Thursday.
The aims of the consultation are to summarise the government's understanding of the challenges facing the development of the cybersecurity profession; seek views on objectives for the profession to deliver by 2021 and beyond; and canvass opinion on the creation of a new UK Cyber Security Council to help deliver those objectives. The consultation, which aligns with broad objectives for skills put forward in the latest (2016) edition of the UK's National Cyber Security Strategy, closes at the end of August.
The launch of the consultation comes on the same day a parliament committee warned that the critical national infrastructure sector lacked skilled cybersecurity workers. The Joint Committee on the National Security Strategy criticised government for having "no real sense of the scale of the problem or how to address it effectively".
The shortage in specialist cybersecurity skills and deep technical expertise is one of the greatest challenges faced by the UK's critical national infrastructure operators. The parliamentary committee expressed concerns about government's "lack of urgency" in calling on ministers to take the lead in developing a strategy to give drive and direction to plugging the cyber-security skills gap.
Margaret Beckett MP, chair of the Joint Committee, said: "Our report reveals there is a real problem with the availability of people skilled in cyber security but a worrying lack of focus from the government to address it. We're not just talking about the 'acute scarcity' of technical experts which was reported to us; but also the much larger number of posts which require moderately specialist skills. We found little to reassure us that government has fully grasped the problem and is planning appropriately."
Excuses that cybersecurity is still a new industry without universally recognised qualifications and diverse career paths failed to impress politicians on the committee.
"We acknowledge that the cybersecurity profession is relatively new and still evolving and that the pace of change in technology may well outstrip the development of academic qualifications," Beckett concluded. "However, we are calling on government to work closely with industry and education to consider short-term demand as well as long-term planning." ®