Cybersecurity is set to dominate industry decision-making and careers more than ever before as the UK government begins tightening controls and the courts consider fresh precedents, penalties and fines, writes Professor Kamal Bechkoum, Head of University of Gloucestershire’s School of Computing and Engineering.
The UK Government’s new National Cyber Strategy policy paper highlights what the Government calls ‘cyber-physical infrastructure,’ which brings together directives encompassing Artificial Intelligence (AI), smart machines, data and other technologies.
The strategy focuses on three important cybersecurity areas:
§ Sustaining strategic advantage through science and technology to cement the UK’s position as a leading democratic and responsible cyber power
§ Establishing an industrial base that delivers innovative and effective cybersecurity products and services to help everyone stay safe online
§ Recognising the importance of long-standing cooperation between Government, industry and academia as a crucial element of pursuing a ‘whole-nation’ cyber-secure network.
The paper further sets out desired outcomes between now and 2025, backed by £2.6 billion of Government investment to support industrial, skills and national security strategy developments.
This includes plans for a “rapid and radical overhaul of government cybersecurity” as part of an interventionist commitment to significantly strengthen the government’s own critical functions and “increasingly act upstream on behalf of all internet users in the UK.”
The strategy paper, published on 15 December, 2021, promises to achieve 53 outcomes by 2025, and three of these issues particularly stand out as being vital to address:
Taking the fight to cyber criminals
The strategy notes: “Systems are being joined up with transformed forensic, intelligence and data-sharing capabilities to build a single platform so that national and regional units can access all the specialist high-end capabilities and tools being developed.”
The National Crime Agency’s (NCA) National Cyber Crime Unit (NCCU) is supported by a network of Regional Cyber Crime Units (RCCUs) in England and Wales’ across nine police regions, and it is hoped this will build on positive progress made over the last year.
The plan continues that an ethos of “build it once, build it nationally for the benefit of the whole cybercrime network” is offering capabilities that can be “accessed by the local cybercrime units through the regional coordinators.”
A pressing need for skills
Industry remains under significant pressure from a lack of cybersecurity skills and the need to further invest in staff and training.
With the national average salary for a cybersecurity graduate amounting to £51,690, ensuring businesses get employees with the right skillset and who can hit the ground running is crucial.
Promisingly, the strategy outlines “expansion of post-16 training programmes in line with the needs of the cyber workforce, funding a range of skills bootcamps, the national rollout of the Institutes of Technology programme, and continuing the CyberFirst bursaries scheme for undergraduates.”
The National Crime Agency’s Cyber Choices programme has also been designed to help “people to make more informed choices, diverting them from criminality to use their cyber skills in a positive and legal way.”
Tougher regulation
Among the detailed outcomes to be realised by 2025, the paper states a goal for “UK businesses and organisations to have a better understanding of cyber risk and their responsibilities to manage them.”
As part of this the Government promises to work with “procurers, financial institutions, investors, auditors and insurers to incentivise good cyber security practices across the economy.”
This will further include giving “investors and shareholders better insight into how companies are managing and mitigating material risks to their business.”
The Product Security and Telecommunications Infrastructure Bill (PSTI), introduced last November, additionally requires manufacturers, distributors and importers of digital technology products that connect to the internet, to ensure they meet new cyber security standards. Heavy fines are threatened for those who fail to comply.
The Bill’s stated aim is to protect consumers’ phones, smart TVs, tablets, security cameras and other internet-enabled devices from hackers, while giving the Government the power to ban all default passwords and force companies to be transparent about actions taken to fix security flaws.
All of these factors are combining to drive up the added value of cybersecurity. Clearly organisations need to spend more significantly in training, education and software resilience. However, the return on investment is huge in terms of safeguarding operations, securing data and protecting reputations – all of which fully justifies these investment decisions.