UK still not training enough cyber-spooks, NAO report finds

Skills gap could take 20 years to fill

The Government's ambitious attempt to upgrade the UK's cyber-security capabilities will struggle as long as the country fails to turn out enough graduates with the right skills, a National Audit Office (NAO) report has hinted.

True to its title, the NAO's UK cyber security review: Landscape review is more of a summary of recent history around government and cyber-security initiatives than an acid critique, but the pointers buried within its pages are still hard to miss.

Despite government efforts to rectify the skills gap since 2010, experts interviewed by the NAO lined up to tell it that science and technology subjects remained relatively unpopular at school level which resulted in a weak take-up in universities.

Those graduates who did exist would often end up in the private sector thanks to better career prospects and pay, the NAO found, leaving what experts believed will be a 20 year slog to make up the skills gap at all levels of education.

In short, the Internet economy and the threats posed to it were growing faster than the pool of skills needed to impose management and security on it.

During 2012, GCHQ started a modest fight back by funding grants to eight universities to establish Academic Centres of Excellence in Cyber Security Research.

At the same time, the UK spy hub also sank £3.8 million into setting up the first academic programme devoted to cybersecurity research.

The report steered away from assessing the impact of the Government's headline additional £650 million investment in cyber-security between 2011 and 2015 - it was too early to judge results - but the authors said that this might prove hard to do when the desired outcome was simply that nothing happened.

Fifty-nine percent of the available increase was being consumed by security and intelligence departments, 14 percent by the Ministry of Defence.

The Report doesn't stress it but this leaves relatively small sums to dole out to departments such as the Home Office, responsible for policing.

Figures within the report show that enforcing laws and combatting cybercrime will consume a modest £28 million under the National Cyber Security Programme in the two years to 2013.

"This report stresses that government must work hand-in-glove with people and businesses in order to build awareness, knowledge and skills," said committee chair, Margaret Hodge MP.

"With this government committing £650 million additional funding to cyber security, my committee will want to ask how the action of the fifteen government organisations involved in delivering the strategy is being properly coordinated and what progress has been made," she warned.

Experts also warned the NAO that government had focused its cyber-security activities on larger organisations at the expense of SMEs, which remained far less aware of its advice.

There was a need for a clear set of standards handed down from government on what constituted robust security, especially in the myriad companies in often complex supply chains.

Interviewees felt that it was up to larger organisations to pass down their expectations and guidance to the smaller companies they worked with.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityNational Audit OfficeGCHQSME

More about GCHQNational Audit Office

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts