In recent weeks, the Prime Minister Theresa May has repeatedly mentioned plans for a reallocation of police resources towards cyber-crime if her party returns to power. With a UK general election looming in 48 hours, and high profile attacks hitting government entities such as the NHS, cyber security will certainly be on the agenda for the incoming government, but where should the incoming government direct its focus in order to take cyber security forward? There are several areas which need to be considered, but here's five as a starting point:
1. Investment in cyber education. We keep hearing that there is a significant shortage of individuals in the cyber security industry compared to the demand to fill jobs. And this is just going to get worse with the new EU General Data Protection Regulation (GDPR) which comes into force next year. Recent research by industry association (ISC)2 showed a predicted shortfall of 1.8 million cyber workers by 2022. To combat this and fuel the pipeline of future talent, cyber education at schools and colleges must continue and even increase, triggering inspiration and mapping cyber career pathways.
2. Education for businesses. While there is a need for school and college education, it is also essential for businesses, large and small. Industry can learn from each other's failures as well as best practices, so a sense of community and sharing must be encouraged. SMEs in particular can benefit from larger education programmes, the expansion of the Cyber Essentials programme would be extremely beneficial.
3. Innovation in our own cyber defences. To remain a world leader in the field, the UK must continue to innovate and adapt to new developments and technologies. Innovation is also vital to protect our Critical National Infrastructure and defend against hacktivist and nation-state attacks. There are a number of research initiatives, with partial funding by the government, where businesses can partner with academia to carry out pragmatic research. This isn't just for big organizations, at Clearswift (before we were acquired by RUAG), we started one such project in conjunction with Surrey University.
4. Cooperation with global partners. Industry knowledge-sharing needs to cross borders, as cyber-threats are global, in both their sources and destinations. The UK needs to continue working with the EU, US and other worldwide security partners to share information on attacks quickly and efficiently. Some of this will be through the security services and can then be cascaded to businesses. Ideally the information needs to be tailored and/or filtered to business verticals and size.
5. Investment in local and national government cyber security. Government bodies hold vast amounts of citizen information. Just one attack could risk the identity and integrity of millions of people or even endanger lives – as we've just seen from the NHS attack. The right budgets and incentives need to be in place to protect the nation and its data – wherever it is held.
From a cyber perspective, the focus for any incoming government should not only be about addressing immediate term threats but also building a cyber aware nation and staying ahead of the curve in an ever changing technology sector. Cyber security isn't going to become any easier but the government can take the lead on providing information and implementing best practice.