A senior government official revealed the plans during a briefing attended by V3, confirming the growth will require the public and private sector to increase their current levels of collaboration. The official highlighted accreditation initiatives, like the government's ongoing CESG Certified Professional (CCP) scheme as key ways the government planned to achieve its growth target.
"We developed the scheme through the cyber growth partnership to blitz any obstacles. With the industry we've been developing an organisational standard, a badge of quality for cyber to give people who know about this but haven't studied it something to bite into," said the official. "We're aiming to grow this [the UK's cyber economy] from £850m to £2bn by 2016."
The CCP scheme is a joint endeavour designed to test and accredit workers responsible for securing UK industry networks at all types of organisations. Applicants seeking accreditation are required to pass a series of tests run by the Institute of Information Security Professionals (IISP), the Council for Registered Ethical Security Testers (CREST) and Royal Holloway University's Information Security Group (ISG).
The official said the government plans to lead by example and will launch a new initiative to ensure all appropriate partners in its own supply chain meet the standards it sets for industry. "The government is hoping to adopt that standard in its own procurement where relevant, so some people will need this badge if they want to do business. We're ensuring our chain is cyber resilient," he said.
The official also confirmed plans to expand its partnership with private companies, confirming new partnerships with several new businesses, including Facebook and security firm Sophos, although the nature of the partnerships remain unknown. The official also announced plans to double the number of companies participating in the ongoing Cyber Information Sharing Partnership (CISP), from 250 to 500 by the end of 2014.
CISP was launched in March, following a two-year trial period. The initiative is designed to facilitate real time data sharing about cyber threats between the public and private sector. Since officially launching, some security professionals have criticised the initiative. Experts from the International Information Systems Security Certification Consortium (ISC2) and security firm FireEye highlighted CISP's failure to support SMEs as a particular shortcoming at the RSA conference in Amsterdam in October.
The official said the government plans to create a host of new initiatives to help support SMEs. "The strategy is working, at least with large companies [...] inevitably it is harder to get to the smaller companies in. The scale of things makes it harder to get to them individually [...] So we're announcing a project with Nominet to produce a tool that helps SMBs audit themselves against key guidance in this area," he said.
"We're publishing a set of guiding principles to explain what they should do, to let them know what they should do to protect themselves and, if they do have an issue, where to go."
Finally the official announced plans to create several new initiatives designed to expand the UK's pool of cyber experts. At the top end this includes the creation of a new research institute designed to investigate new ways to protect industrial control systems. At the lower end, the future plans include a new partnership with the Open University and fresh funding for the Cyber Security Challenge initiative.
"Skills are vital, we've been doing a lot on skills to broaden the pipeline of people coming into this area. The government is partnering with the Open University to do a new scheme on cyber, through which we hope to get about 200,000 into the topic. This will happen for the first time in summer 2014," he said.
"We're also giving money to the Cyber Security challenge to roll out nationally. It's going to be about getting groups and school children and pitting them against code created by experts. It's about broadening awareness and skills, but hopefully also getting a few interested in becoming the next generation of experts."
Training the next generation has been a staple goal of the UK government's Cyber Strategy since it launched in 2011. The National Audit Office (NAO) forecast the UK cyber skills gap to last 20 years costing the nation £27bn a year despite the government's efforts in February.
No comments:
Post a Comment