Create Royal Charter for cyber-security experts to protect infrastructure, say MPs
A parliamentary committee has criticised the government for lacking “urgency” in protecting critical infrastructure from cyber attacks, and has suggested introducing Royal Chartered status for cyber-security professionals as part of a strategy to address the cyber-security skills gap.
The Joint Committee on National Security Strategy’s report found that the government should act with more urgency to deal with the “potentially severe [national security] implications” of a shortage of cyber-security experts for critical national infrastructure.
According to the parliamentary committee, which is composed of MPs and peers, the WannaCry ransomware attack, which hit businesses and NHS hospitals in May 2017, demonstrated the consequences of cyber attacks on critical infrastructure such as the grid, hospitals and transport networks.
“Cyber security is not just about technology. It is about people, and the range of technical and specialist skills that are needed to ensure that the services, systems and networks we use every day are secure,” the report said.
“We heard that although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber-security skills base to match, with both the government and private sector affected by the shortage in skills.”
The committee wrote that while critical national infrastructure operators and regulators described the shortage of skills as one of the greatest challenges they face, it was “struck by the government’s apparent lack of urgency” when it came to addressing this skills gap.
This shortage could be attributed to a global cyber-security skills shortage, cyber-security experts being attracted to the higher salaries offered in the private sector, and the ongoing failure to attract women to the profession.
“We found that the government is not currently well placed to understand, and therefore to address, the gap between skills supply and demand,” the report said; there remains uncertainty about what infrastructure is most vulnerable to cyber attacks, and the extent of damage that could be caused by hackers targeting critical infrastructure.
According to Dame Margaret Beckett, chair of the committee: “Our report reveals that there is a real problem with the availability of people skills in cyber security but a worrying lack of focus from the government to address it.
“We’re not just talking about the ‘acute scarcity’ of technical experts which was reported to us, but also the much larger number of posts which require moderately specialist skills. We found little to reassure us that government has fully grasped the problem and is planning appropriately.”
Beckett called on the government to work with academics and the education sector as well as with industry to meet the demand for cyber-security experts to protect critical infrastructure.
Among other suggestions, the report recommends that the growing cyber-security industry could be professionalised with the introduction of Royal Chartered status, and that cyber security could be introduced to the classroom to address the skills gap in the long term.
“Developing and publishing a cyber-security skills strategy […] should be the government’s first priority. It is a pressing matter of national security that it does so,” the committee wrote.
A government spokesperson said in a statement: “The UK is one of the most secure places in the world to live and do business online and this government is committed to ensuring the UK has the cyber-security talent it needs to further secure our growing digital economy and critical national infrastructure.