The cyber threat facing the UK is now firmly on the government’s agenda, with promises of increasing investment in this area. Skills are recognised as key to this, with many programmes having skills at their core.
Unfortunately the actual implementation across government has been piecemeal and uncoordinated. The result is lots of cyber skills programmes in different departments with lots of overlap. Meanwhile every cyber security company has developed their own cyber skills programme for schools and businesses.
The consequence is a confusing proposition, reached in a wasteful way. Rather than repeatedly throwing small amounts of money at departments, the government should coordinate existing programmes, work with industry, and come up with a coherent skills plan.
Jumping on the cyber skills bandwagon
It seems every government department wants to be seen to be doing cyber security, and is clamouring for a share of the cyber skills money pot. It is frustrating to watch the launch of new duplicate cyber skills programmes, all of which are provided or funded by the government.
The Department for Business, Innovation and Skills has just launched the Cyber Essentials scheme, to accredit businesses which meet minimum cyber security requirements. In June, the Home Office launched a £4m information security awareness campaign to educate businesses and consumers about rising hacker threats. The Department for Education has promoted cyber skills for children through e-skills’ Secure Futures schools campaign. Cabinet Office also funds the Cyber Security Challenge, to raise awareness and teach cyber skills to school children.
Everyone recognises that to make Britain safe online, better cyber skills are needed to recover from years of underinvesting. However, the duplicate programmes within government reduce the overall return on this investment. Rather than pooling money and resources, each department is independently producing largely similar programmes.
To add further frustration, everything they are doing already exists. Every cyber security company has developed its own cyber skills programme for schools and businesses. And to an extent, industry is facing the same problem of duplicating the work of its competitors. The result is both industry and government are spraying out often similar, often free resources and training. Some of it sticks, some of it doesn’t.
Rather than repeatedly throwing relatively small amounts of money at departments, the government should set up or appoint a body to coordinate all existing programmes, work with industry, and come up with a coherent plan.
McAfee would be happy to lead this and has regularly made the offer to various departments to organise a cross department group or roundtable with all the vendors, to devise a coordinated programme. I have no doubt my equivalent at the other major security companies would support this. But so far, nothing has happened.
Coordination doesn’t mean one-size-fits-all
An obvious counter to this is that each department should be allowed to develop its own cyber skills programme related to different sector’s needs. It is true that a single programme will never be appropriate for government, big business, SMEs and schoolchildren. Departments have different aims, from securing their own infrastructure, to educating children, to supporting UK business.
But many of core elements of all these programmes similar and much of the work for all these audiences has already been done. By duplicating these core elements, rather than bringing in existing expertise, the government is wasting time and money reinventing the wheel.
Why working together works
We know government and the private sector can work together to solve skills challenges. 20 years ago Britain lacked engineering and advanced manufacturing skills. The response was a coordinated approach between government, industry and higher education to increase the number of degrees and internships.
Everyone got behind the culture and Britain now excels in high value manufacturing. Companies like Babcock international and Rolls Royce are among the providers of highest number of internships. Nearly all high tech Formula 1 labs are now based in the UK, as Britain has the necessary skills.
We are in a much stronger position now in relation to cyber security than we were for engineering. Government and business is engaged and we have a strong cyber security industry with considerable expertise.
But the Government must do more to bring these strands together. It could create a body to do so, or fund an independent organisation – techUK would be well positioned to champion this initiative for example.
The best way for Britain to fix its cyber skills shortage is through collaboration and coordination. By coordinating expertise we can produce a comprehensive set of cyber skills programmes for different audiences aligned to common goals and based on a common underpinning. This is the best way to attract business, secure our national infrastructure, create jobs and make Britain a safer place.
Sourced from Graeme Stewart, director of public sector strategy and relations, at McAfee