The gap between the demand and the supply of suitably skilled
cyber security workers in the Critical National Infrastructure
sector is a cause for alarm, says the Joint Committee on the
National Security Strategy (JCNSS). But the UK Government has no
real sense of the scale of the problem or how to address it
effectively.
Today, the JCNSS publishes a short report into Cyber Security
Skills, prompted by its continuing work on the cyber security of
the UK’s Critical National Infrastructure (CNI).
The Report concludes that the shortage in specialist skills and
deep technical expertise is one of the greatest challenges faced
by the UK’s CNI operators and regulators in relation to cyber
security. The Joint Committee is concerned by the Government’s
lack of urgency and calls on ministers to step forward and take
the lead in developing a strategy to give drive and direction.
It is of utmost importance to the UK’s national security that it
has the capacity, now and in the future, to keep CNI services,
systems and networks secure, says the Report. The WannaCry attack
in May 2017 did not deliberately target the National Health
Service but demonstrated the fundamental need to ensure the UK is
able to keep CNI secure from cyber threat.
A lack of detailed analysis of which CNI sectors and specialisms
are most acutely affected is impacting on the Government’s
ability to understand, and therefore address the gap between
skills supply and demand. But a standalone skills strategy,
promised by Government in November 2016 and which would
frame and give impetus to its various efforts, will not now be
published until December 2018.
The Chair of the Joint Committee, , said:
“Our Report reveals there is a real problem with the availability
of people skilled in cyber security but a worrying lack of focus
from the Government to address it. We’re not just talking about
the ‘acute scarcity’ of technical experts which was reported to
us; but also the much larger number of posts which require
moderately specialist skills. We found little to reassure us that
Government has fully grasped the problem and is planning
appropriately.
“We acknowledge that the cyber security profession is relatively
new and still evolving and that the pace of change in technology
may well outstrip the development of academic qualifications.
However, we are calling on Government to work closely with
industry and education to consider short-term demand as well as
long-term planning. As a very first response, Government must
work in close partnership with the CNI sector and providers to
create a cyber security skills strategy to give clarity and
direction. It is a pressing matter of national security to do
so.”
