Next Gen Cyber Security

Written by Tom Henderson, MPA Candidate in Digital Technologies and Public Policy

Getting involved in cyber security can often seem like a daunting prospect. Yet we know that organisations across the public, private and charity sectors are crying out for the next generation of cyber security professionals

In recognition of this, the UK Government has devised an Initial Cyber Security Skills Strategy, which focuses on ensuring that:

1. The UK has a well structured and easy to navigate cyber security profession which represents, supports and drives excellence in the different cyber security specialisms, and is sustainable and responsive to change
2. The UK has education and training systems that provide the right building blocks to help identify, train and place new and untapped cyber security talent
3. The UK’s general workforce has the right blend and level of skills needed for a truly secure digital economy, with UK-based organisations across all sectors equipped to make informed decisions about their cyber security risk management
4. The UK remains a global leader in cyber security with access to the best talent, with a public sector that leads by example in developing cyber security capability

However, the Government has openly acknowledged that there may be significant gaps in their approach. Therefore, on the 13th February 2019, the Department for Digital, Culture, Media and Sport (DCMS) hosted the first of a series of ‘call for views’ at TechUK in London to solicit feedback on their plans from a diverse range of stakeholders linked to industry, professional organisations, students, employers, existing cyber security professionals and academics.

Why was this session important?

The thought-provoking session touched on numerous issues associated with skills development within the cyber security industry. For example, we spoke about the barriers which prevent the public sector from setting an example to organisations in the private and charity sectors, about how cyber security could be rebranded to drive a more engaging national discourse and how the Government’s plans could give greater attention to the non-technical dimensions of cyber security to attract individuals from more diverse cross-sections of society. Similarly, participants explored how aptitude testing could be used more effectively to support untapped and diverse talent including women, neurodiverse individuals, graduates and the elderly.

In addition, we talked about the potential importance of structural factors- such as budgetary pressures- that may ultimately lead to discrepancies in the cyber skills gap recorded across different sectors. Likewise, we thought about how our existing knowledge, particularly in relation to the risk-management of Critical National Infrastructure (CNI), could be revised in the context of emerging cyber risks, how the way that we measure the effectiveness of schemes designed to boost cyber skills development may lead to a misallocation of vital resources, how the UK could contribute to a clearer international context for cyber security innovation and simultaneously promote its interests abroad, and whether this strategy should place greater emphasis on the liability of the private sector regarding the general cyber security skills provision.

How is this information relevant to me/ UCL STEaPP?

The focus of this session was highly relevant to the STEaPP Digital Technology and Policy MPA cohort, who have recently analysed the International Telecommunications Union’s (ITU) Guide to Developing a National Cyber Security Strategy (NCSS) and the socio-technical nature of cyber security policy in different geo-political contexts. Similarly, discussions arising during this session touched on issues that have previously been addressed in work conducted by the Research Institute for the Science of Cyber Security (RISCS), in conjunction with the Department of Science, Technology, Engineering and Public Policy (STEaPP) at University College London (UCL). For example, a recent project looked at how human-related cyber risks could be mitigated by improving cyber hygiene. Furthermore, the Digital Policy Lab at UCL STEaPP has co-designed a number of projects with policy makers which focus on evaluating cyber security evidence for policy advice, cybersecurity governance mapping, issues of gender and IoT in cyber security. Finally, PETRAS, the 11-university Cybersecurity of the Internet of Things research hub, recently held an event at the House of Lords on February 12th 2019, concluding a three-year long programme of research and engagement which has been led by UCL.

What’s next?

Publication of this initial strategy for cyber security skills development introduces a ten-week call for views, which aims to provide all those interested in cyber security with an opportunity to engage and help shape and refine it. DCMS will be running a series of engagement events across England and the devolved administrations throughout early 2019 and has published a number of questions that it would like to get feedback on.

If you would like to contribute to this call for views and help to formulate the Government’s final strategy for improving cyber security skills in the UK, you can apply to take part in-person, or can access an official survey online.