Cyber security defences will crumple without government backing

Recent security projects show the way forward...
Written by Alan Paller, Contributor

Recent security projects show the way forward...

Cyber security has suffered a period of political neglect in the US and the UK. But recent initiatives point to a positive change of climate, says Alan Paller.

In late July, a group of government and private sector organisations launched the UK Cyber Security Challenge, a series of online competitions aimed at finding talented individuals capable of defending against cyber attacks.

With Cabinet Office support, the Challenge has built on the successful US model to boost the pool of experts who protect personal, business and national security information.

Both the US and UK Challenges were set up following government recognition of industry need. The success of the UK Challenge, with more than 3,000 people signed up in the first week, mirrors similar success in the US and highlights the depth of untapped talent in the two countries.

cyber security has been lost on government agendas

cyber security must be put back on government agendas
(Photo credit: Shutterstock)

Addressing deficiencies
Information security has been on government radars for more than 10 years but deficiencies in the cyber security sector have only recently come to the attention of political leaders.

In May 2009 President Obama announced that the US was insufficiently prepared to defend itself against online attacks, while an earlier FBI report earlier showed that more money was made worldwide through malware than in drug trafficking.

With government recognition came a public strategy. Just over a year ago, the Sans Institute, alongside the US National Security Agency, the Department for Homeland Security and a consortium of industry leaders launched the US Cyber Security Challenge on Capitol Hill.

The Challenge captured almost 3,000 potential cyber security professionals and engaged more than 200 high schools in its first year. Following its success, there was always the prospect for similar competitions in other countries.

Diminished career options
The UK, like America, had pioneered cyber security through the late 1990s but instead of capitalising on its position, interest in the industry as a legitimate career option diminished. In the UK fewer people are signing up for computer-related degrees than at the peak in 2000, which in turn leaves even fewer numbers to go into cyber security.

A Sans Institute survey from 2009 found that 90 per cent of cyber security industry leaders in the UK have had difficulties recruiting new talent.

The success of the challenge in the US opened UK officials' eyes to the talent and interest in their own country and gave them a proven mechanism for...

...reaching them. From speaking to Challenge consortium members in the UK such as David Garfield, chief technology officer at Detica, I know the government's recognition of the cyber security agenda is welcomed within the industry.

Since the US government took the agenda on board, Detica was at the head of a UK industry push to get a similar debate heard in Westminster and show ministers the potential of private-public partnerships to address cyber security recruitment issues. The first step came last year with the launch of the UK Cyber Security Strategy.

Cyber security bodies
With this strategy in place, the Labour government set up the Office of Cyber Security at the Cabinet Office and the Cyber Security Operations Centre, hosted at GCHQ. The Office of Cyber Security in particular has taken a lead role and backed the establishment of a UK version of the Challenge.

With a consortium of supporters from industry, including Detica, Sophos and EADS, academic institutions such as the Open University, and the Cabinet Office, the first competitions were opened to participants at the end of July by the minister for security, Baroness Pauline Neville-Jones.

The level of engagement from cyber security leaders across the public and private sectors highlights a common feeling that now is the time to stop the debating and start taking real action.

As we look to the future there is no reason to think either the US or UK government will let cyber security slip down the list of priorities. Both have identified new business investment, specifically in the high-tech and financial industries, as key to their economic recovery. Being able to offer their country as a data safe haven is essential to this strategy.

There is also a commercial opportunity for the UK to re-establish itself as a world leader in cyber security. From speaking to Garfield and others within the UK Challenge consortium, there is real belief that if the Challenge can bring together UK talent and secure the future of the profession, the industry can in turn develop commercially attractive products and services that will create real economic benefits.

Opportunities for economic growth
Whether it's due to concerns about cyber threats or opportunities for economic growth, politicians in the US and the UK are starting to take the cyber security agenda very seriously.

A bill drafted by the US Department for Homeland Security will soon institutionalise the US Challenge. In the UK, cyber security is expected to take up a prominent position within this year's Strategic Defence and Security Review for the first time.

Cyber security in the US and the UK has come a long way in the past couple of years after a period of political neglect. Initially put back on the table in the US by the Bush and Obama administrations, Westminster has caught up fast.

With the Challenge, the UK and US now have a legitimate model to secure the future of their respective cyber security industries. This model will not only protect data, businesses and national security but could provide both countries with a major economic growth area for years to come.

Alan Paller is director of research at the Sans Institute, a graduate degree granting institution and the principal cyber security training school in the US.

Editorial standards