The Joint Committee on the National Security Strategy warns that the gap between the demand and the supply of suitably skilled cyber security workers in the Critical National Infrastructure sector is a cause for alarm, but the UK Government has no real sense of the scale of the problem or how to address it effectively.
Committee concerned by the Government's lack of urgency
The Joint Committee has published a short report into Cyber Security Skills, prompted by its continuing work on the cyber security of the UK’s Critical National Infrastructure (CNI).
The Report concludes that the shortage in specialist skills and deep technical expertise is one of the greatest challenges faced by the UK’s CNI operators and regulators in relation to cyber security. The Joint Committee is concerned by the Government’s lack of urgency and calls on ministers to step forward and take the lead in developing a strategy to give drive and direction.
It is of utmost importance to the UK’s national security that it has the capacity, now and in the future, to keep CNI services, systems and networks secure, says the Report. The WannaCry attack in May 2017 did not deliberately target the National Health Service but demonstrated the fundamental need to ensure the UK is able to keep CNI secure from cyber threat.
A lack of detailed analysis of which CNI sectors and specialisms are most acutely affected is impacting on the Government’s ability to understand, and therefore address the gap between skills supply and demand. But a standalone skills strategy, promised by Government in November 2016 and which would frame and give impetus to its various efforts, will not now be published until December 2018.
The Chair of the Joint Committee, Margaret Beckett MP, said:
"Our Report reveals there is a real problem with the availability of people skilled in cyber security but a worrying lack of focus from the Government to address it. We’re not just talking about the ‘acute scarcity’ of technical experts which was reported to us; but also the much larger number of posts which require moderately specialist skills. We found little to reassure us that Government has fully grasped the problem and is planning appropriately.
We acknowledge that the cyber security profession is relatively new and still evolving and that the pace of change in technology may well outstrip the development of academic qualifications. However, we are calling on Government to work closely with industry and education to consider short-term demand as well as long-term planning. As a very first response, Government must work in close partnership with the CNI sector and providers to create a cyber security skills strategy to give clarity and direction. It is a pressing matter of national security to do so."
Image: Crown Copyright