Defending the nation
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Is the UK doing enough to develop the cyber security talent it needs?
Does the UK have the skills to protect itself in cyberspace?
During the first Gulf War, media outlets reported that US spies had installed a computer virus on a printer on its way to Iraq. The plan was for the virus to infiltrate the Iraqi forces’ computer network, where it would cause anti-aircraft guns to malfunction.
This futuristic cyber weapon’s name was something of a giveaway, though: AF/91, short for April Fool’s 1991. The virus did not exist – it was the product of a mischievous technology journalist’s imagination.
Cyber warfare has become a more concrete phenomenon since then. In 2007, Estonian authorities accused their Russian counterparts of using denial-of-service attacks on government websites. Soon after, the Indian government complained of near daily assaults on its computer networks from China.
And last year, the appearance of the Stuxnet virus at Iranian nuclear facilities seemed to shock world governments into taking cyber security very seriously.
In October 2010, the UK government raised the potential threat posed by a cyber attack to a ‘Tier 1’ security risk, ranking it alongside international terrorism, and allocated £650 million to a cyber defence fund.
But what can a government buy to defend its nation from cyber attack? There is plenty of kit on the market, of course, but like all military hardware it is useless without trained personnel to use it.
Businesses in the UK have long been aware of the country’s lack of skilled IT security professionals. With the stakes apparently escalating, it is now becoming a national security issue.
Plugging the skills deficit
According to recent research by the SANS Institute, more than 90% of IT employers in the UK are struggling to recruit staff to security roles. Worryingly, it also showed that about 60% of the same employers expected the problem to worsen over the next five years.
Kevin Streater, executive director of IT at the Open University, believes that the reason for the security skills shortfall is the way in which the topic is taught in the UK. He says that the country’s academic and educational institutions are failing to provide students with adequate expertise, and proposes a root and branch review.
Streater says that information security professionals are in high demand among employers, but that what is taught in British colleges and universities focuses disproportionately on core programming and development skills. “The education has really stayed with a very core set of knowledge, such as the principles of programming,” he explains. “It’s driven by a set of academic benchmarks, and these haven’t really developed.”
Streater believes that the current state of computing education in the UK is a hangover from the IT industry of the mid-to-late 1990s. At the time, large numbers of graduates skilled in application development were needed in anticipation of the Y2K bug. “Everyone needed to be in coding jobs or developers because people were required to re-code all the applications,” he recalls.
Next>> Reforming eduction
