The UK’s approach to cyber security strategy after 2021 will reinforce the outcome of the Government’s Integrated Review of the UK’s foreign, defence, security and development policy. It will ensure we can continue to defend the UK against evolving cyber threats, deter malicious actors, and develop cyber skills, says Penny Mordaunt, Paymaster General, in a foreword to the official National Cyber Security Strategy 2016 to 2021 progress report.
As for the next few years, the report forecasts greater reliance on digital networks and systems, as daily life moves online. It adds: “The achievements of the last four years mean we start from a position of strength. Cyber security is an area where the UK can genuinely claim to be world-leading. But a changing global context will require a renewed response. The UK will need to strengthen our cyber resilience to drive economic recovery, get ahead of changing technologies, and enhance our international cooperation and engagement to work towards a more stable cyberspace.”
Comment
Amanda Finch, CEO of CIISec (Chartered Institute of Information Security) said that the report is right to focus on the need to develop skills. “However, the Government also needs to ensure it is putting its energies behind all organisations and activities that will address the skills gap. Sponsoring academic programmes plays a big role in providing a source of highly qualified cyber professionals and must continue to be supported – but that must go along with other initiatives such as apprenticeships and the ways in which people can transition to cyber security mid-career.
“The industry also needs clear frameworks for the kinds of skills that are needed in what cyber security roles. And it needs to ensure that education isn’t confined to the cyber security profession, but is spread across the entire organisation – developers, users, managers, system administrators etc. Robust cyber security doesn’t end with technology so should not been seen as a purely technical discipline. The industry should be looking beyond technical experience and attracting individuals from a diverse range of backgrounds, experiences and industries. After all, people skills, management skills and the ability to teach colleagues cyber security awareness are a vital part of the modern cyber professional’s armoury.”
