How Is The British Government Revamping Its Take On Cybersecurity?
The U.K.’s government has recently come up with a new plan regarding the implementation of the 2016-2021 National Cyber Security Strategy (NCSS). Described as a “consultation on creating the environment to develop the cybersecurity profession in the U.K.,” the process ends on August 31, 2018. The Consultation Description explains, “In the National Cybersecurity Strategy, published in 2016, the Government made a commitment to develop the cybersecurity profession in the U.K.. This consultation sets out bold and ambitious proposals to implement that. It includes a clear definition of objectives for the profession to achieve and proposes the creation of a new U.K. Cyber Security Council to coordinate delivery.”
The consultation document, entitled “Implementing the National Cyber Security Strategy – Developing the Cyber Security Profession in the U.K.” splits proposals into four groups, which are all brought together under the heading “Objectives.” The groups include: Professional Development; Professional Ethics; Thought Leadership and Influence; and Outreach and Diversity.
This part of the consultation document dwells on the need to support individuals in their cybersecurity careers. It also discusses the need to provide individuals with incentives for remaining in the field of cybersecurity. The document states, “Supporting the continued professional development of those already working in or aspiring to work in cybersecurity, and helping employers and consumers make more informed decisions about the cybersecurity capability they need, is at the heart of what we are setting out to achieve. We believe there needs to be a system that supports and guides individuals in to and through their careers, and also provides them with incentives to stay within cybersecurity. We believe getting this right will bring greater recognition and clarity to the profession, with a career in cybersecurity becoming more recognized and structured in the same way as more established and mature professions.”
As an objective, this section states a “coherent set of career specialism pathways” needs to be developed and aligned by the end of 2019. These should be “clearly identifiable and widely agreed upon, across the cybersecurity sector and within the government.” It also says that by the end of 2020, a common Royal Chartered Status should be developed and implemented “for individuals aspiring to work across a wide range of cybersecurity specialisms.” By mid-2021, there should be a “framework, agreed on across the profession, setting out the comprehensive alignment of career pathways through the profession and leading toward a nationally-recognized career structure adopted by the whole cybersecurity sector across the U.K.”
This section discusses the need for a Code of Ethics for the cybersecurity profession. It says that by the end of 2019, a draft code for the same needs to be finalized—this includes the professional and ethical obligations that cybersecurity professionals should have in relation to their clients and the services they provide, clauses that are consistent with the applicable laws and regulations, and obligations with regards to law enforcement reporting. Implementation should happen by the end of 2020.
Thought Leadership and Influence
The document discusses the need for a “strong and visible leadership, which can coordinate the views of and speak authoritatively on behalf of all of the different specialisms and organizations in cybersecurity. ”
During 2019, the cybersecurity industry should develop a roadmap as to how it will provide coordinated leadership and influence over other sectors and governments. By the end of 2020, the coordination should be in evidence and there should be an agreed strategy “to define and strengthen relationships with other professional sectors with interests in cybersecurity.” By 2021, the leadership body should be producing proposals to strengthen the profession.
Outreach and Diversity
This section of the consultation document focuses on how the cybersecurity sector “reaches out to those seeking to join the profession, particularly the next generation of cybersecurity professionals.”
It’s proposed that by the end of 2019, there needs to be a clear mission statement with regards to how the new generation of security professionals will be developed and diversified. The year 2020 should see the sector establishing a national network comprised of partners from around the industry, the government, and the educational sector, all of which should provide professional events to attract more people. By the end of 2021, there should be “the potential transition of other initiatives from the government to the profession.”
An Overseeing Body
As mentioned earlier, the consultation document also states an independent body, like the U.K. Cybersecurity Council, should be formed to oversee the completion of all objectives. This council should be comprised of all existing professional bodies—but one that does not replace or replicate any existing professional organization. Once the government opened the consultation document, 17 organizations in the U.K. joined hands to form an alliance across the industry seeking to change the future of cybersecurity in the U.K..