MPs are unhappy at the government’s response to their committee report on cybersecurity skills in critical infrastructure (CNI), claiming it fails to address the immediate challenges facing the industry.
The Joint Committee on the National Security Strategy published its initial report in July, claiming the skills gap in the sector was “cause for alarm” and that the government had to “explore more creative options” to improve skills capacity in the sector and across government.
A government response to the report out this week acknowledged the problems and set out several things it is doing to improve the pipeline of talent, including the CyberDiscovery and CyberFirst programs. It also referred to the Cyber Skills Immediate Impact Fund as helping to address shorter term skills issues, and a bursaries scheme to assist with Masters degrees.
The government also acknowledged the need to “think creatively” and said it was considering extending the NCSC’s Industry 100 initiative to build more skills capability.
However, committee chair, Margaret Beckett, was unimpressed.
“The committee remains to be convinced that government has grasped the immediate challenge of keeping CNI secure from cyber-threats,” she responded in a statement.
“Many of the plans set out in this response will come to fruition in a decade’s time. It fails to answer our questions about today and tomorrow – and this is concerning.”
Those plans also include funding for teaching improvements such as: a Continuing Professional Development (CPD) program which aims to upskill 8000 teachers so they can deliver GCSE computer science courses, and a £500/year commitment to creating new “T levels” courses by 2020.
The government also clashed with the committee over the level of cybersecurity training provided to civil servants.
The former recommended that “basic cyber security training and continuing professional development” be made compulsory for all, while the government responded that it already offers basic training via a Responsible for information – General User including Government Security Classifications course.
However, there were some signs of progress. Beckett welcomed the government’s commitment to publishing a coherent cybersecurity skills strategy by the end of the year.
“Today’s response from the government accepts the need to think creatively about current and future challenges relating to cyber skills. This is a start. The government sets store by its 2016 National Cyber Security Strategy, and today’s response to our report acknowledges that in terms of a standalone skills strategy, there is more to do,” she said.
“We have been assured that government has begun work on that strategy, which they promise by the end of 2018. When it arrives, we will look carefully to ensure that this is the case.”