Feeds

UK doesn't have the SKILLS to save itself from cyber threats

Report: Only schoolkids can protect us

Choosing a cloud hosting partner with confidence

The National Audit Office (NAO) has published a report announcing that the UK doesn't have enough skilled workers to protect it against online attacks and asking Blighty's schoolkids to step into the breach.

The number of cyber security professionals in the UK has not increased in line with internet growth, according to the NAO, which blames the skills gap on a lack of promotion of science and technology subjects at school.

The report recommends that schools step up technology and cyber security lessons, in the hope of creating a new generation of IT specialists. But the report says that even if this happens the lack of experts may leave Britain vulnerable to cyber attacks for up to 20 years.

Amyas Morse, head of the NAO, said that “the threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack."

Two years ago, the National Cyber Security Programme allocated £650m over five years to boost the UK's cyber-security defences, after deciding that cyber threats posed a tier-one threat on a par with international terrorism to the UK's security. The central power in controlling that budget has become GCHQ, although the police and other agencies have also benefited.

Last year the government announced that it would be putting £8m towards the development of security skills at universities in order to shore up the battle against cybercrime.

Ross Parsell, director of cyber security at defence technology firm Thales, agreed that the government agency should look to schools to provide its future web defence force.

"To tempt talented people into a career in cyber security, the government needs to get them while they’re young," Parsell said. "Last month’s announcement that the government is to make Computer Science a core subject being taught in British schools is a step in the right direction.

"The challenge now is to ensure that the dots are joined up between policies like this at national level and the curriculum being delivered at our schools, colleges and universities,” Parsell added.

The NAO identified six key challenges faced by the government in implementing its cyber security strategy. These included the need to "influence industry to protect and promote itself and UK plc"; to address the UK’s current and future ICT and cyber security skills gap; to increase awareness so that people are not the weakest link; to tackle cyber crime and enforce the law; to get government to be more agile and joined-up; and to demonstrate value for money.

Its report - published on Tuesday - is designed to set the scene for future political debate about the UK's Cyber Security Strategy by groups like MPs on the Committee of Public Accounts.

IT security firms nearly all single out the skills shortage as the most important issue covered in the NAO's UK cyber security strategy: Landscape review report.

Jarno Limnell, director of cyber security for firewall firm Stonesoft, praised the NAO's analysis and blasted the EU's new ceybersecurity directive for "throwing money" at the problem.

"The UK NAO report is a breath of fresh air, especially in light of last week’s misguided proposal by the European Union which suggested that cyber threats can be solved by creating more statutes, directives and restrictions," Limnell said. “Correctly, the NOA doesn’t just recommend throwing money at the problem. The right approach should be based on a strategic and technical understanding of the risk. This is the only way that the appropriate levels of defensive and offensive cyber security measures can be implemented and the relevant expertise acquired or nurtured. This leads to both cost efficiencies and better national security defences against cyber attacks.”

Thurstan Johnston, sales engineer at security tools firm Faronics, said that organisations need to think beyond relying on traditional security tools (antivirus, firewall and intrusion prevention) as well as worrying about recruitment.

"There is no question that a shortage of skilled professionals is extremely detrimental to our cyber defence effort and it is something the government seriously needs to address...

“However, there is not just a skills gap to consider, but also a huge awareness gap that needs to be filled. Many organisations still believe that they are sufficiently protected with just a good security package, which not only indicates blazing ignorance, but also a lazy approach to combating cyber crime that could have expensive consequences." ®

Bootnote

"The cost of cyber crime to the UK is currently estimated to be between £18 billion and £27 billion," according to widely diverging estimates about the cost of cyber crime cited by the NAO. It also quotes figures of 44 million cyber attacks against the UK in 2011, again without quoting sources. Do port scans count? Because if they do I could probably get somewhere near that figure just from events on a personal ZoneAlarm log over a month or so alone.

Yes, we exaggerate - but only a bit.

Cyberthreat estimates are a notorious inexact science, as we've noted more than a few times, and stats in government reports on cyber-security are best ignored. If health policy were based on a similar unscientific methodology then we might end up prescribing everyone in the UK sugar pills to combat winter flu, after taking evidence from homeopaths, assuming that group shouted the loudest in medical discussions.

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.