Next steps for UK cybersecurity: legislation; skills; and security by design

Written by Talal Rajab on 8 August 2018 in Opinion
Opinion

Talal Rajab of techUK looks at the key elements that are contributing to a hugely important year for cybersecurity in the UK

 

Credit: techUK

It seems like we say this every year, but 2018 is really shaping up to be an important year for cybersecurity in the UK.  

Firstly, from a regulatory angle, the landscape has changed considerably for businesses, both large and small, and this has meant that their responsibilities when it comes to cybersecurity have also changed.  

This, of course, will not be the first – or last – time that an article on cybersecurity mentions the General Data Protection Regulation (GDPR). But its introduction is seen by many of techUK’s cybersecurity members as a game-changer in how they discuss data security with their customers.  One of the most important data-protection principles laid down in the GDPR specifies that personal data must be processed with an appropriate level of security.  This means that businesses must take responsibility for both technical and organisational measures and carefully think about ways to effectively secure personal data.  

For many businesses, however, it is not just regulation through GDPR that increases their cybersecurity responsibilities.

Amidst all the frantic unsubscribing of emails that occurred towards the end of May, many people missed the introduction of an equally important piece of regulation that seeks to improve the security of network and information systems across the UK.  The Network and Information Systems Directive (NISD), implemented a couple of weeks before GDPR, increases the cybersecurity responsibilities of operators of those essential services which, if disrupted, could potentially cause significant damage to the UK economy.  From ensuring the supply of electricity and water, to the provision of healthcare and passenger and freight transport, the directive correctly recognises that the reliability and security of our critical infrastructure is essential to everyday services and requires adequate protection.  

Solving the cyber skills shortage
So, what are the next steps for those companies that have a responsibility to meet the requirements under GDPR and NISD?  Well, for one, it means that businesses are in dire need of the cybersecurity skills that we constantly hear are in short supply.  Depending on which study you read, there will either be a global cyber skills shortage of one million or two million people by 2020, with the UK’s share of unfilled cybersecurity jobs expected to be around 100,000.  

To help the UK in this regard, the National Cyber Security Strategy sets out a series of interventions aimed at plugging the growing gap between demand and supply for key cybersecurity roles.  This long-term strategy will look at areas such as the lack of young people entering the profession, the shortage of current cybersecurity specialists, the insufficient exposure to cyber and information security concepts in computing courses, and the absence of established career and training pathways into the profession.  

It is this last area that we at techUK have been working with government on, with the intended result being the creation of a professional body for cybersecurity that would grant royal chartered status to cyber professionals.  A consultation on this has recently been launched by the Department for Digital, Culture, Media and Sport (DCMS) and techUK will be responding to it on behalf of our members.

techUK have been working with government on the creation of a professional body for cybersecurity that would grant royal chartered status to cyber professionals

Most of these initiatives, however, are long term in nature and will take a long time to come to fruition.  That is why it is important that digital companies – the manufacturers and suppliers of digital services – take their cybersecurity responsibilities seriously and build and design products and services with security built in from the outset.  

Estimates show every household in the UK owns at least ten internet-connected devices and this is expected to increase to 15 devices by 2020, meaning there may be more than 420 million in use across the country within three years.

We cannot expect consumers – the users of these products and services – to understand the different security requirements within all their devices.  They want to take products out of their boxes and use them straight away, without having to worry about whether the product they use is insecure or not.  

So, DCMS has conducted a “secure by design” review and report, published in March of this year, which at its core contains 13 principles that IoT manufacturers can follow to embed security into the design process, rather than bolt them on as an afterthought. Government has stated that, whilst the principles in the code of practice are voluntary, they may be made into a regulation sometime in the future if the state of play does not change.  

So, that is why 2018 is such an exciting time for the UK cybersecurity sector, and gives a sense of where the sector is going; a mix of regulatory action, work to develop skills and capabilities, and action taken by manufacturers themselves to ensure that security is embedded into everything that we do. 

 

About the author

Talal Rajab (pictured above) is cyber and national security programme manager at techUK. Look out on PublicTechnology over the rest of 2018 for more articles providing insight from techUK's team of industry experts.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

GDS working with departments to mitigate reported leak of sensitive data
23 July 2018

Report reveals that information has been made publicly available online via an information-sharing tool widely used by government developers

Government names DeepMind chief as top AI adviser
28 June 2018

CognitionX founder and Southampton University professor Wendy Hall also picked for AI-focused roles

Related Sponsored Articles

Don’t Gamble with your password resets!
20 June 2018

The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security

Intelligent Connectivity: Boosting Flexibility and Control
13 August 2018

At BT, we realise that digital technology is changing the way we all do business. Make smart decisions with intelligent connectivity.

BT: Intelligent Connectivity is where it all begins. Smarter decisions are the end result
7 August 2018

At BT, we realise that digital technology is changing the way we all do business. Make smart decisions with intelligent connectivity.

Building nation-level defences to fight cyber crime
30 July 2018

BT's Mark Hughes argues that nation states should act now to put in place cyber defences to protect themselves from the most advanced threats ever seen.