The parliamentary Joint Committee on the National Security Strategy has called on the government to publish a cyber security skills strategy in order to combat the skills gap facing the UK.
According to the joint committee, cyber security is not just about technology. It is also about people and the range of technical and specialist skills required to ensure that the services, systems and networks they use are secure.
In a report into the issue, the committee wrote: “During our ongoing inquiry into the cyber security of the UK’s critical national infrastructure (CNI), we heard that although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber security skills base to match, with both the government and private sector affected by the shortage in skills.”
Expressing its surprise over the government’s “apparent lack of urgency in addressing the cyber security skills gap in relation to CNI”, the committee said there is a need to nurture both aptitude for jobs requiring moderately specialist skills, as well as the deeper knowledge needed by those employees whose principal task or research area is the security of a given system, network or device against cyber threats.
The committee recommended using education, both inside and outside the classroom, to create a strong foundation for the future skills base. It explained that despite a promising array of government initiatives in this regard, it is concerned that the scale of these efforts does not match demand.
It also recommended that industry becomes more creative in the ways it recruits and reskills employees.
In addition, the committee advised professionalising the relatively immature cyber security industry through achieving Royal Chartered status – which would “go some way towards raising the industry’s profile and making it a more attractive career option to more people”.
Furthermore, the committee suggested identifying a lead department (the Department for Digital, Culture, Media and Skills) and robust mechanisms for cross-government coordination and cooperation, as well as clear lines of accountability and a minister with clear lead responsibility for the development of cyber security skills.