Feeds

UK doesn't have the SKILLS to save itself from cyber threats

Report: Only schoolkids can protect us

Top 5 reasons to deploy VMware with Tegile

The National Audit Office (NAO) has published a report announcing that the UK doesn't have enough skilled workers to protect it against online attacks and asking Blighty's schoolkids to step into the breach.

The number of cyber security professionals in the UK has not increased in line with internet growth, according to the NAO, which blames the skills gap on a lack of promotion of science and technology subjects at school.

The report recommends that schools step up technology and cyber security lessons, in the hope of creating a new generation of IT specialists. But the report says that even if this happens the lack of experts may leave Britain vulnerable to cyber attacks for up to 20 years.

Amyas Morse, head of the NAO, said that “the threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack."

Two years ago, the National Cyber Security Programme allocated £650m over five years to boost the UK's cyber-security defences, after deciding that cyber threats posed a tier-one threat on a par with international terrorism to the UK's security. The central power in controlling that budget has become GCHQ, although the police and other agencies have also benefited.

Last year the government announced that it would be putting £8m towards the development of security skills at universities in order to shore up the battle against cybercrime.

Ross Parsell, director of cyber security at defence technology firm Thales, agreed that the government agency should look to schools to provide its future web defence force.

"To tempt talented people into a career in cyber security, the government needs to get them while they’re young," Parsell said. "Last month’s announcement that the government is to make Computer Science a core subject being taught in British schools is a step in the right direction.

"The challenge now is to ensure that the dots are joined up between policies like this at national level and the curriculum being delivered at our schools, colleges and universities,” Parsell added.

The NAO identified six key challenges faced by the government in implementing its cyber security strategy. These included the need to "influence industry to protect and promote itself and UK plc"; to address the UK’s current and future ICT and cyber security skills gap; to increase awareness so that people are not the weakest link; to tackle cyber crime and enforce the law; to get government to be more agile and joined-up; and to demonstrate value for money.

Its report - published on Tuesday - is designed to set the scene for future political debate about the UK's Cyber Security Strategy by groups like MPs on the Committee of Public Accounts.

IT security firms nearly all single out the skills shortage as the most important issue covered in the NAO's UK cyber security strategy: Landscape review report.

Jarno Limnell, director of cyber security for firewall firm Stonesoft, praised the NAO's analysis and blasted the EU's new ceybersecurity directive for "throwing money" at the problem.

"The UK NAO report is a breath of fresh air, especially in light of last week’s misguided proposal by the European Union which suggested that cyber threats can be solved by creating more statutes, directives and restrictions," Limnell said. “Correctly, the NOA doesn’t just recommend throwing money at the problem. The right approach should be based on a strategic and technical understanding of the risk. This is the only way that the appropriate levels of defensive and offensive cyber security measures can be implemented and the relevant expertise acquired or nurtured. This leads to both cost efficiencies and better national security defences against cyber attacks.”

Thurstan Johnston, sales engineer at security tools firm Faronics, said that organisations need to think beyond relying on traditional security tools (antivirus, firewall and intrusion prevention) as well as worrying about recruitment.

"There is no question that a shortage of skilled professionals is extremely detrimental to our cyber defence effort and it is something the government seriously needs to address...

“However, there is not just a skills gap to consider, but also a huge awareness gap that needs to be filled. Many organisations still believe that they are sufficiently protected with just a good security package, which not only indicates blazing ignorance, but also a lazy approach to combating cyber crime that could have expensive consequences." ®

Bootnote

"The cost of cyber crime to the UK is currently estimated to be between £18 billion and £27 billion," according to widely diverging estimates about the cost of cyber crime cited by the NAO. It also quotes figures of 44 million cyber attacks against the UK in 2011, again without quoting sources. Do port scans count? Because if they do I could probably get somewhere near that figure just from events on a personal ZoneAlarm log over a month or so alone.

Yes, we exaggerate - but only a bit.

Cyberthreat estimates are a notorious inexact science, as we've noted more than a few times, and stats in government reports on cyber-security are best ignored. If health policy were based on a similar unscientific methodology then we might end up prescribing everyone in the UK sugar pills to combat winter flu, after taking evidence from homeopaths, assuming that group shouted the loudest in medical discussions.

Security for virtualized datacentres

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.