How innovative new approaches and game changing technology can help address the cyber skills gap in the UK Public Sector
By Richard De Witt Jansen-Hull
The UK Government holds a huge amount of data, often on vulnerable systems, making it an attractive target for cyber criminals. Threats come from opportunistic hackers as well as sophisticated and well-funded nation states keen to get their hands on valuable data. It’s not only data at risk though, the Government is responsible for protecting the UK’s 13 Critical National Infrastructure (CNI) sectors, such as energy and emergency services, where the impact of a cyber-attack could be huge. Add to this, the fact that the UK public sector employs 5.424 million staff making the sector increasingly vulnerable to external spear-phising and insider threats – whether maliciously intentional or through a lack of awareness – and you realise the scale of the challenge UK Government face to stay one step ahead of cyber criminals.
One way to tackle this could be to recruit more skilled individuals to help protect UK Government infrastructure and data. However, if predictions are to be believed, there will be a shortfall of 1.8 million open and unfulfilled security positions by 2022. How do you attract and retain skilled cyber security experts when the private sector is competing for the same scare resource, often with greater financial incentives for candidates?
Through the National Cyber Security Centre (NCSC) the UK Government is investing in various short term and long term initiatives aimed at recruiting and retaining cyber security professionals. These incentives include a two-year bursary programme for candidates taking a GCHQ accredited Master’s Degree. UK Government also run a 10-week training course for candidates looking to enter the cyber security profession from non-related roles, and a Critical National Infrastructure apprenticeship scheme provides practical experience.
The National Cyber Security Strategy also promotes the long term development of cyber security by creating a professional body with clear and recognised skills. This will bring cyber security roles in line with other IT disciplines. The strategy also outlines the promotion of the Cyber Skills Programme aimed at younger students. This will be delivered through various learning styles to attract a wide range of interested students.
These initiatives are great, but what more can be done to ensure that UK Government has the right resources in place to prepare for the changing threat landscape?
In a similar vein, IBM has teamed up with Salute My Job to recruit military veterans, recognising the transferable skills of military personnel to the logical process of cyber security protection and incident response. This is in addition to IBM’s own comprehensive training programme for its cyber professionals, which encourages the completion of industry recognised qualifications as well as in-house development.
Additionally, IBM Security’s strategy – cloud, collaboration and cognitive – position us well to support the UK public sector to work together to tackle these challenges and secure the digital future of the UK.
We have a comprehensive cyber security portfolio and the majority of the products can be delivered via Cloud technology. This provides protective services through flexible and scalable solutions capable of supporting an interconnected organisation. Security products delivered via the cloud reduces the amount of time and effort required by IT staff to implement upgrades and patches, providing them more time to spend on protecting the organisation.
IBM’s emphasis on Collaboration focuses on sharing cyber security data and identified threats across an ecosystem of partners. IBM offers this X-Force cyber research for free via our on-line platform (https://exchange.xforce.ibmcloud.com/). Analysts can research and cross reference threat data to provide greater insight and protection. This comprehensive and aggregated mass of cyber data reduces the amount of time an analyst spends on searching and reading the most up to date cyber information.
IBM has also invested in Cognitive cyber technology. The Watson for Cyber Security platform is continuously updated with structured and unstructured data from blogs, vendor product documentation and partner organisation intelligence to build a mass of the most up to date cyber protection data on the commercial market. This can upskill and make cyber analysts more efficient, with results that found 10 times as many incidents, 50 times faster than a human. Without cognitive technologies like this we simply cannot keep up.
IBM’s strategy reduces the amount of time analysts need to spend on researching information, they are also provided with actionable intelligence. This technological support enables public sector teams to achieve more with the same amount of analyst resources.
The final consideration for addressing the UK public sector cyber security skills gap is to outsource this function to a Managed Security Services provider. IBM has invested in a UK based List-X Managed Security Service facility. This allows IBM to deliver secure and accredited services to the UK public sector, providing security cleared staff and managing a security portfolio on behalf of a client.