Filling the cyber-security skills gap becomes priority for the UK

[Acorn Newsbot]

Many commentators believe that in future, wars will be conducted via the Internet, with states using cyberwarfare to attack each other’s infrastructure and resources before involving troops. The UK Government has again highlighted a critical skills shortage, identifying a lack of qualified staff to develop and implement web-based defences.

Cybercrime costs the UK economy an estimated £27 billion each year. It’s currently businesses who bear the brunt of these costs, shouldering £21 billion of losses. The other £6 billion is split between citizens (£3.1 billion) and the Government (£2.2 billion).

It seems more than just a coincidence that the Government also reports concerns that a declining number of students studying computer science at university means that the skills shortage looks set to continue for up to 20 years. The National Audit Office (NAO) calculates that the number of computer science undergraduates dropped by 27% between 2003 and 2008, and there is no sign of this trend reversing since. Since cybercrime is already a huge problem, it’s a worrying trend.

Cybersecurity – feeling the effects at home
Much of the Government’s cybersecurity effort is focused on protecting the national infrastructure from hackers. However, cybersecurity is also important to small businesses and individuals.

Internet banking is an increasingly popular feature of modern life in Britain, providing us with a way to send and receive payments quickly and conveniently. The lure of significant funds makes online banking a highly desirable target for cybercriminals. Four out of five of the largest banks in Britain now report being more concerned about cyber attacks than they are about the on-going Eurozone crisis, underlining how serious the issue is.

Security experts also believe that gas and electricity companies could be vulnerable to attack by foreign nation states looking to disrupt the UK economy. An attack that resulted in a complete loss of power would leave businesses and homes without light, heating or fuel for cooking, potentially creating a crisis within days.

What is happening now?
Because businesses have already recognised the importance of cybersecurity, many are taking steps to bolster their own workforce with the expertise they need to protect their assets. Aerospace and defence company BAE Systems has hit the headlines after announcing that almost half of their graduate intake for 2013 will be employed in their cyber and security division, Detica.

As well as helping maintain IT for BAE Systems, Detica and their new graduate interns provide data security services to other companies. In this way expertise is spread further, protecting more companies, but it also comes at a premium because demand for IT security skills is so high.

To combat the shortage of computer science graduates, BAE Systems is also employing graduates with degrees in mathematics, engineering and physics.

What are the plans for the future?
As technological capabilities develop, so too does the sophistication of threats. As well as dealing with current issues and risks, there is a definite need to prepare for the future and the emergence of new challenges. Although most IT security expertise is taught in universities, the Government and employers are looking at ways to encourage younger students to consider cybersecurity as a future career.

Starting young
The Government has made a number of commitments to improve school training, shifting the emphasis from productivity applications to actual computer science. Cybersecurity is expected to form at least part of the new curriculum.

Students are also being encouraged to participate in Cyber Security Challenge UK, a program intended to identify future cyber defenders before they even leave school. From September 2013, students aged between 14 and 16 can take part in a tournament based around creating and cracking codes (also known as ciphers).

Schools will compete against each other in a variety of code-breaking exercises until the Cyber Security Challenge Schools Champion is identified, earning a £1000 prize for their school in the process. The hope is that by making computer security ‘fun’, more young people will consider taking the subject further, even making a career out of it.

Apprenticeships
Working with e-skills UK, a panel of major businesses including BT, IBM and QinetiQ, is working to develop a new degree-level apprenticeship in cybersecurity. The apprenticeship is aimed squarely at young people, as e-skills UK seeks to address a workforce imbalances; currently just 7% of information security professionals are under the age of 29, and only 10% of non-commercial IT positions are held by women.

Good apprenticeship schemes allow students to immerse themselves in the business, get involved in current projects and develop a deep understanding of what the company does, whilst adding value to the business from day one. Nominet's own programme, now in its third year, has already paid dividends. From day one, apprentices are integrated straight into the company. They are given real projects to work on, whilst at the same time given coaching and mentoring from their teams. As well as gaining practical experience of what it is like to work in a technology company, the apprentices are able to achieve tech qualifications that will help them progress a career in IT after they finish the programme.

And in the meantime?
Until the next wave of IT security experts graduate from university, there will remain significant demand for professionals with cybersecurity skills. Companies like Detica will be able to help somewhat by contracting out their own employees as expert consultants.

Businesses will also look to attract skilled individuals from across the globe to help make up for shortfalls in the native population. Wherever possible, large companies will try and place staff in regional offices working outside the UK, but there will still be a need to relocate staff to Britain on occasion as well.

Meanwhile, the Government is building on its £650 million Cyber Security Strategy, doing what it can to help businesses and individuals stay safe online, protect UK infrastructure from attack, and build the systems required to defend institutions against cyberattack. Half of the budget will be invested in detecting and countering cyberattacks at GCHQ, the headquarters of Britain’s security services. The remaining funds are being spent on various education initiatives to raise awareness and skill levels.

Despite the gloomy statistics of falling computer science graduate numbers from the National Audit Office, a united effort from Government and private industry is set to counter many of their concerns. Schemes such as Nominet’s apprentice programme are key to inspiring more school-leavers to pursue IT careers, and time will tell just how successful these efforts to prevent major cyber attacks prove to be.






More...