The National Audit Office has published an update on the Government’s National Cyber Security Programme for the Committee of Public Accounts.
The Programme’s objectives include tackling cyber crime and making the United Kingdom one of the most secure places in the world in which to do business.
The National Audit Office (NAO) report finds that the Government has made good progress in improving its understanding of the most sophisticated threats to national security. However, the level of understanding of threats to wider public services is varied.
While exports in UK cyber products and services have increased by 22% between 2012 and 2013, progress in encouraging trade and exports has been slow and, according to the NAO’s survey of stakeholders, this is the objective against which the Government currently has the poorest performance.
Some progress has been made in encouraging businesses and citizens to mitigate risks, particularly in enticing larger companies to take action. That said, the Government has had a limited impact in targeting SMEs and struggled to communicate guidance in a way that meets their needs.
The Programme’s financial management and governance mechanisms are strong, and the Government is on track to spend the Programme’s budget of £860 million by March 2016.
Overall, the NAO finds that Government continues to make good progress in implementing the Programme, which is helping to build capability, mitigate risk and change attitudes. Cyber threats, however, continue to evolve and Government must increase the pace of change in some areas to meet its objectives.
Valid concerns that must be addressed
Responding to the report, Hugh Boyes from the Institution of Engineering and Technology (IET) commented: “While the Government’s investment in this area has increased the capability for the public sector, there is still much to be done to strengthen UK industry. The report highlights industry concerns about the confusing range of advice available and the lack of cyber security skills. These are valid concerns that need to be addressed.”
Boyes continued: “The current cyber security skills initiatives have been focused on providing the skills for individuals employed in cyber security roles. This is a short term solution which does not address the need to improve the security awareness and skills of everyone involved in the design, production and use of software-based systems. That requires significant investment in education and training at all levels in the UK to ensure that software is trustworthy and that those involved in its development and maintenance are applying software engineering Best Practice.”
In conclusion, Boyes explained: “The recent interest in cyber security and cars highlights how this is an issue that extends far beyond our desktop and tablet computers.”
Industry demand for the cyber security skills needed to tackle cyber car crime and the other areas of our business and personal lives threatened by security issues is growing all the time. Only recently, a free online course was launched with support from the Government. The course is designed to inspire the next generation of cyber security professionals.
The MOOC – Massive Open Online Course – has been developed in conjunction with the Open University and support from the IET, and is the first of its kind anywhere in the world to gain Government backing. For more information visit: https://www.futurelearn.com/courses/introduction-to-cyber-security
Cyber security measures must be part of the Government’s smart metering programme
As the Public Accounts Committee publishes its report on the Update on Preparations for Smart Metering, engineers are warning of the need for cyber security measures to be an integral part of the programme.
Dr Simon Harrison of the IET said: “The Public Accounts Committee report does not mention the issue of cyber security. The IET has consistently argued that end-to-end consideration of cyber security has to be a key feature of the smart metering system which will become a part of the nation’s critical infrastructure. It’s crucial that all possible steps are taken to ensure the smart meter system will stand up to the continuing cyber security threat.”
Harrison went on to state: “Smart meters and the smart grid are part of a Critical National Infrastructure which should be planned, designed and managed as a system. The most important role for smart meters is to enable the smart grid, which is needed to support increased renewable energy, electric vehicles and domestic heat pumps and to avoid having to dig up a lot of streets to install new electricity infrastructure.”
Continuing this theme, Harrison explained: “The smart metering programme is challenging in its own right, but it’s the first stage of the building of the smart grid that will be essential for cost-effective and secure low carbon electricity in the future. When considering the costs of the smart metering system, it’s essential that the features designed to enable a future smart grid are taken into account.”
The IET’s concerns centre on examples of systems engineering, a subject that Harrison suggests is currently under-valued in Government. “The IET believes that a professional systems architect function needs to be established and, indeed, will be essential if the UK is to achieve the transition to low carbon electricity both securely and on an affordable basis.”