Cyber expert: UK must boost G-Cloud cyber-skills

Civil servants need to improve cybersecurity awareness and skills to be able to map out the government cloud securely, according to a Cabinet Office cyber expert

The UK civil service needs to develop general cybersecurity awareness and skills necessary to support the government's G-Cloud programme, according to a Cabinet Office cyber expert.

As the government shifts to more reliance on public cloud infrastructure, civil servants involved in G-Cloud and technology projects will need to develop expertise in cyber-matters, Lt Col Nigel Harrison of the Office of Cyber Security and Information Awareness (Ocsia) told ZDNet UK at an event in London on Friday.

"A real challenge faced by government... is developing [general] expertise in cyber-matters," Harrison said.

The government plans to rely more on public cloud services as part of its cloud computing strategy. Legal teams must include information security in contracts drawn up for cloud services and specifications made in cloud business proposals, said Harrison.

The government has worked to develop cyber-skills in key officials in central government departments, Harrison said, adding that the Foreign Office, the Home Office, BIS and the Ministry of Justice have "some competent people across aspects of policy development" in funded posts.

"Across Whitehall there is an understanding of the cybersecurity agenda," said Harrison.

Part of the G-Cloud strategy is to include services from small businesses. However, the UK suffers from a lack of information technology security specialists, Harrison acknowledged, and this extends to small businesses. The government is in the process of working out how to procure secure services from SMEs, he said.

"There is a need to look at the whole procurement chain," said Harrison. "It's too early to say what the solution is."

Cyber Security Challenge

The government is in the process of mandating minimum security standards for cloud services providers, Harrison added. He is involved with the Cyber Security Challenge, a public- and private-sector campaign to improve information security skills in the UK.

Judy Baker, director of the Cyber Security Challenge, told the event that there needed to be far clearer paths into the information security profession to attract people with the relevant nascent skills.

It's still a challenge for us as a profession to identify doors into the [cybersecurity] profession.

– Judy Baker, Cyber Security Challenge

"It's still a challenge for us as a profession to identify doors into the profession," said Baker. "It's completely muddled. There's a lot of serendipity in how people find themselves in the profession."

Baker told ZDNet UK that it was vital to lower barriers to entry, in part to persuade people with the relevant skills not to start on the road towards participating in e-crime.

"It's about reaching people before they reach a crossroads, before they reach a decision in life," said Baker.

Harrison agreed that one of the aims of the Cyber Security Challenge was to try to divert people from considering e-crime.

"One of the valuable functions I hope we are performing is capturing the imagination of talented individuals, and steering them to tread on a path on the right side of the law," he said.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.