UK still not training enough cyber-spooks, NAO report finds

Skills gap could take 20 years to fill

The Government's ambitious attempt to upgrade the UK's cyber-security capabilities will struggle as long as the country fails to turn out enough graduates with the right skills, a National Audit Office (NAO) report has hinted.

True to its title, the NAO's UK cyber security review: Landscape review is more of a summary of recent history around government and cyber-security initiatives than an acid critique, but the pointers buried within its pages are still hard to miss.

Despite government efforts to rectify the skills gap since 2010, experts interviewed by the NAO lined up to tell it that science and technology subjects remained relatively unpopular at school level which resulted in a weak take-up in universities.

Those graduates who did exist would often end up in the private sector thanks to better career prospects and pay, the NAO found, leaving what experts believed will be a 20 year slog to make up the skills gap at all levels of education.

In short, the Internet economy and the threats posed to it were growing faster than the pool of skills needed to impose management and security on it.

During 2012, GCHQ started a modest fight back by funding grants to eight universities to establish Academic Centres of Excellence in Cyber Security Research.

At the same time, the UK spy hub also sank £3.8 million into setting up the first academic programme devoted to cybersecurity research.

The report steered away from assessing the impact of the Government's headline additional £650 million investment in cyber-security between 2011 and 2015 - it was too early to judge results - but the authors said that this might prove hard to do when the desired outcome was simply that nothing happened.

Fifty-nine percent of the available increase was being consumed by security and intelligence departments, 14 percent by the Ministry of Defence.

The Report doesn't stress it but this leaves relatively small sums to dole out to departments such as the Home Office, responsible for policing.

Figures within the report show that enforcing laws and combatting cybercrime will consume a modest £28 million under the National Cyber Security Programme in the two years to 2013.

"This report stresses that government must work hand-in-glove with people and businesses in order to build awareness, knowledge and skills," said committee chair, Margaret Hodge MP.

"With this government committing £650 million additional funding to cyber security, my committee will want to ask how the action of the fifteen government organisations involved in delivering the strategy is being properly coordinated and what progress has been made," she warned.

Experts also warned the NAO that government had focused its cyber-security activities on larger organisations at the expense of SMEs, which remained far less aware of its advice.

There was a need for a clear set of standards handed down from government on what constituted robust security, especially in the myriad companies in often complex supply chains.

Interviewees felt that it was up to larger organisations to pass down their expectations and guidance to the smaller companies they worked with.

Tags: security, National Audit Office, SME, GCHQ

Hackers try to blackmail plastic surgeon after stealing 500,000 patient records

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Fraud Management Solutions

Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.