The UK government’s new Digital Strategy, which ministers say has been developed in consultation with the tech industry to carry Britain through to the other side of Brexit, has been criticised by some within the security industry for a lack of concrete details when it comes to cyber-security.
The concerns expressed by the cyber-security sector echo the concerns of the broader tech industry which has criticised the strategy as a whole in similar terms.
The strategy, unveiled by secretary of state for Culture, Media and Sport Karen Brady, sets out seven areas or ‘strands’ which the government will focus on as part of its post-Brexit plans. It builds on the government’s Industrial Strategy green paper which is currently open for consultation.
One strand aims to make the UK “the safest place in the world to live and work online”, a phrase which was used recently by Ciaran Martin when the Queen officially opened the National Cyber Security Centre (NCSC) on 14 February.
The government said it will support the NCSC as the single point of contact for companies, “particularly those that form part of Britain’s critical national infrastructure”.
It reiterated the government’s support for active cyber-defence, driven by GCHQ working with the country’s ISPs, and it promises that it will deploy the National Offensive Cyber Programme to strike back against “anyone who would do the country harm”.
And it trumpets the national after-school cyber-security programme, apprenticeships and adult retraining to address the skills shortage.
To apply pressure to organisations to address cyber-security, the government says it will use all the levers of power available to it including the General Data Protection Regulation (GDPR).
A project team at the Department for Culture, Media and Sport (DCMS) will look at ways to make internet-connected products secure by default, and the government will develop cross-border and multi-stakeholder responses to address the international scope of the problem.
To encourage the development of the UK’s cyber-security sector, the government repeated its commitment to establishing two innovation centres in London and Cheltenham to support startups, funding the HutZero early-stage accelerator programme, supporting innovation in universities and the delivery of business training bootcamps alongside the Digital Catapult.
Despite the plethora of initiatives on offer, not everyone is convinced it’s backed up by enough detail to make it credible.
Dr Jamie Graves, CEO at ZoneFox comments, “Although the Government’s digital strategy is encouraging, currently the lack of detail is concerning. So far, the initiative fails to pinpoint factors such as how it will be measured to ensure its success. Britain doesn’t need any more strategic plans, it needs to start seeing tangible results.
“Rolling out free, basic digital skills is a welcome start, but not all the UK needs. Cyber-crime is continuing to cripple companies and over two-thirds of businesses can’t find enough talent to defend their company against cyber-threats – yet it gets little mention in this new strategy. The UK has employer demand exceeding candidate interest by more than three times; surely this is a more pressing issue than Google’s coastal town summer school.
“A digital strategy plan will only be as good as the foundation it’s built on. While the news is welcome, this appears to be a bit of a sticking plaster. We need to invest further in STEM, and to encourage greater female participation in particular in the computer sciences and cyber-security where it’s woefully low. Fundamentally, if the UK is falling behind when it comes to digital skills, this leaves a worrying gap in the security ‘fence’ around the country.”
Guy Beaudin, public sector business development director at Insight UK, said, “It’s vital for the industry to foster digital collaboration between public sector agencies, charities and businesses to bring together a unique understanding of sector challenges and specialist knowledge of the latest ICT solutions. The Digital Skills Partnership is certainly a step in the right direction, but it requires the education of an entire workforce rather than just the decision makers to realise the full potential of digitisation. Businesses need to embrace digital tools on a daily basis and ensure data security guidance is in place to drive innovation, productivity and thrive in today’s modern world.”
However, others were more supportive of the government.
Dr Bernard Parsons, co-founder and CEO at Becrypt, said, “Alongside the general digital skills that will help both children and adults access new career opportunities, it is good to see that cyber-security awareness remains a priority in the initiative, as our growing reliance on digital technology is also exposing us to greater risk from cyber-criminals.
“It is vital we ensure that people of all ages are aware of the risks inherent in the technology they rely on every day, and are able to take steps to protect themselves. The private sector has an important role to play and it would be great to see more businesses echo the pledge already put forward by Barclays and others to provide training and support around cyber-awareness for both children and adults.”
Paul Kenyon, co-founder and co-CEO at Avecto, said, “Tackling the skills gap in the UK’s technology industry is critical, particularly when it comes to security, and it’s great to see the government recognise this. Despite increasing demand for technology professionals, the sector’s talent pool needs to be deeper and wider if we are to remain competitive globally. Initiatives like the Barefoot Computing Project are crucial in engaging young people with the industry, its opportunities and the huge range of careers that are available.”
Meanwhile, speaking yesterday at the Israeli Ambassador’s roundtable on cyber-security at the Royal Society in London, Paddy McGuinness, deputy national security advisor to the Cabinet Office, admitted that the last digital strategy had failed in its aim to establish a ‘kitemark’ for what constituted good security.
However, he insisted that the new strategy, with its focus on both state and non-state actors working together, would be considered a success if it could eliminate the most basic attacks which were responsible for 78 percent of damage and which could have been stopped relatively easily.
CREDIT: Tom Reeve, SC Media UK