There has never been a better time to create a Cyber Security Council, says the industry, welcoming the governing body for training and standards. It’ll be funded by the DCMS (Department for Digital, Culture, Media and Sport).
DCMS Digital Infrastructure Minister Matt Warman made the announcement on Safer Internet Day. He said: “The fact we are launching an independent professional body for cyber security shows just how vital this area has become – it makes a huge contribution to our thriving digital economy by safeguarding our critical national infrastructure, commerce and other online spaces.
“The UK Cyber Security Council will ensure anyone interested in an exciting career tackling online threats has access to world-class training and guidance. It will also champion diversity and inclusion, driving up standards while helping the nation to build back better and safer.”
A Board of Trustees has as chair Dr Claudia Natanson who was CSO at DWP, MD at BT Secure Business Service and CISO at Diageo Plc. Vice-Chair is Jessica Figueras, a tech market strategist, Chair of NCT, previously Chief Analyst at GlobalData. A trustee is Carla Baker, Senior Director, Policy & Government Affairs UK & Ireland, Palo Alto Networks; and treasurer: Mike Watson, Chief Financial Officer, Marston Holdings, previously with Dell, HP and BAE Systems cyber security division.
Dr Claudia Natanson said: “Having spent many years in cyber security, I’m very aware of the excellent work done by many varied organisations – but I’m also conscious that the time for an umbrella organisation has come in order to drive the profession forward in a unified way. It’s a privilege and a challenge to be part of the leadership of the Council, knowing that the future security and prosperity of the UK depends in part on the Council succeeding in its mission to develop the profession.”
A formal launched is on March 31. The Council arose from a DCMS consultation in 2018, on ‘Developing the UK cyber security profession‘.
Comments
Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec), said: “It’s welcome to see the Government aiming to drive professionalism in the cyber security industry, as this has long been a goal of ours. The issues facing cyber security won’t be solved by any one organisation but needs the entire community to work together to face our challenges. We need an industry that not only attracts newcomers but supports and nurtures all in the profession with the skills, development and opportunities needed to have long fulfilling careers.
“Doing this means understanding why people join the profession and their motivations. It also means addressing the challenges around diversity, such as the significant pay gap between men and women, that every industry must overcome in the 21st century. The work of the Council aligns well with the work that CIISec has carried out for over a decade in supporting information security and cyber professionals with our frameworks and development and accreditation programmes.”
OneSpan’s Director of Product Security, Frederik Mennes, said: “Cybersecurity is a rapidly growing industry, so it’s extremely reassuring to see government in the UK factoring cybersecurity into its long-term planning. The surge of digital adoption which we’ve seen during the COVID-19 pandemic is not a temporary measure – the shift will be permanent with many people and organisations feeling the benefits of improved customer experience, reduced costs and greater convenience. Therefore, it’s extremely important that digitisation efforts are met with high-levels of security to protect businesses and their customers from the increased risk of cybercrime.
“High levels of security can only be provided by skilled professionals, and it’s therefore encouraging to see that the UK government will define knowledge, skills and experience required by cybersecurity professionals. We expect the new UK Cyber Security Council to collaborate with other organisations in this area, such as the UK’s Chartered Institute of Information Security (CIISec).”
Ramsés Gallego, International Chief Technology Officer, Cyber Resiliency at the cyber firm Micro Focus, said: “Now, more than ever, it is imperative that security professionals go beyond the knowledge that the industry has been crafting for decades. In a universe of IoT devices and numerous IT systems, platforms and environments creating a constantly expanding threat landscape, the time has come to embrace the “4 Vs” of change in cybersecurity: velocity, variety, volume and value of change. Essentially, now is the time to do things differently.
“With this in mind, the UK Cyber Security Council is a step in the right direction; yet we must acknowledge that the Council will be operating in an environment where numerous options for valuable professional certifications and accreditations already exist. Cybersecurity certifications are just the beginning – the whole initiative of boosting cyber security training and standards has to be driven in a programmatic way if it is to be successful.
“The UK Cyber Security Council should be considered within an overarching national cybersecurity strategy and its position as the official governing body on cyber security training and standards has to be recognised by both the public and private sector. To achieve the right recognition, training and certification programmes require constantly updated content to keep up as threats evolve, insight specific to certain industries rather than generic information and the ability to be matched by some degree of professional experience in the field. In short, certifications must act as proof of real knowledge and expertise, not just the ability to pass an exam. In this way, certifications can offer testimony of an individual’s expertise, leadership, knowledge, willingness to protect and defend and, importantly, their understanding of ethics around the development of cybersecurity solutions.”
And Jake Moore at cyber firm ESET said: “In the continuing fight against increasing cyber crime, it is clear we need as many resources as possible, which this new body will hopefully provide. As individuals and organisations in the UK work to defend themselves against a constant barrage of cyberattacks and data breaches, a cyber security one stop shop could be enormously beneficial. Small businesses, especially, often do not know where to turn for advice about cyber security or for help when something goes wrong, so an accessible, approachable industry body will be invaluable. Standardisation, too, can be key: pulling together necessary cyber security resources to help people understand both the risks and the protection available.
“The UK Cyber Security Council sounds like it has the potential to make a real impact in helping the country understand the threats and risks they face when engaging in online activity – and, crucially, what to do to mitigate these. Any extra awareness goes a long way, especially when it comes from a trusted source. The real proof of the Council’s efficacy will be in its longevity, as unfortunately initiatives like this can fall apart just as quickly as they are created when they lose focus or momentum. If it can remain relevant and up-to-date moving forwards, the Council could make a lasting change to cyber security in the UK.”
