James Snook, deputy director of business, crime and skills in the office for cyber security, which is part of the cabinet office, tells Tech City News about the government’s approach to online threats, plus what keeps him awake at night.
Q: Cybersecurity threats seem to be ever evolving, what are the biggest the UK Government currently faces?
The fact is, the cyber threats to the UK are varied, and all are significant. Cyber attacks are used for fraud, organised crime, espionage and pose the risk of disruption to our economy and critical services. It’s because of this that the Government has recognised cyber as a top-tier threat. That threat is increasing as attacks become both cheaper to launch and more complex.
Q: How have cybersecurity threats evolved over the past decade or so?
The volume and complexity of cyber attacks against the UK are rising sharply. Technology has evolved and people’s lives are increasingly online which means there are more targets to aim for.
A few years ago, mounting a sophisticated cyber attack meant having all the skills required, but recently an online market-place has developed, meaning all the elements of an attack can be bought and assembled from the computer of anyone with the money to pay for it.
So at the heart of the cybersecurity problem is the fact it is currently easier and cheaper to attack a network than it is to defend it – and this asymmetry is growing. We need to reverse that equation.
This is also a global issue. We play a major part in the most challenging issues facing the world, often leading the response – and that includes securing cyberspace, where Britain has helped lead the way.
Q: What would you say are the biggest challenges in securing cyberspace?
An issue that cuts right across the entire cybersecurity agenda is skills; there is a shortage of cybersecurity professionals and, without action, the global cybersecurity workforce shortage will widen to 1.5 million by 2020.
To solve this we need to create a pipeline for growing the cyber workforce, starting in the education system. One really exciting initiative is a major schools programme for our top student cyber talent involving expert mentoring from industry and academia, after-school clubs, summer schools and international opportunities for students.
We also need to open up more pathways into the cyber profession. We are creating degree level apprenticeships in cybersecurity, tailored for specific industry sectors like finance, energy and transport. We’ll also be funding retraining for highly skilled workers that want to move into cybersecurity.
Q: How are you promoting cybersecurity best practice in the UK?
We have achieved a great deal over the past few years. Since 2011, the Government has invested £860m in a national cybersecurity programme.
Through this, we established CERT-UK – the computer emergency response team which co-ordinates national level cyber incidents as well as acting as international point of contact.
The great news is that around 1,500 organisations across the UK belong to CERT-UK’s Cyber Security Information Sharing Partnership (CiSP) for industry and government – a platform through which government and industry partners can exchange real-time information on threats and vulnerabilities.
We’ve produced ‘Cyber Security Guidance for Business: 10 Steps to Cyber Security’ and ‘Cyber Essentials’ to provide guidance on safeguarding valuable assets from personal data to intellectual property and other guidance for SMEs. If you’re an entrepreneur or SME and you aren’t signed up already to Cyber Essentials, I would encourage you to do so.
It is also inspiring that there are now initiatives in place at every level of the UK’s education system to build our cybersecurity capability for the future. But it is clear there is a great deal more to do. That is why the Chancellor announced a further £1.9bn of transformative investment in cybersecurity over the next five years.
Q: With so many threats already in existence, what are you doing to tackle cyber criminals?
We’re making the UK a much harder target for cyber criminals. We’re creating the next generation of cyber law enforcement to work with industry to disrupt cyber attacks impacting the UK, including the National Cyber Crime Unit in the National Crime Agency.
We will continue to invest in transforming law enforcement capabilities at the national, regional and local levels to ensure they can deal with the increasing volume and sophistication of online crime.
It goes without saying that basic measures – like strong passwords and using anti virus software – can and should be used by everyone.
Q: What most excites you, from a professional point of view?
The opportunity to work with many smart and dedicated people, not only in the team I lead, but across government, industry and academia – both home and overseas – who together ensure Britain remains a world leader in this arena.
Q: What keeps you awake at night?
Complacency – in two forms.
Firstly, there are those organisations that are much more mature in their cybersecurity risk management than the majority of the economy. They should be commended for that. But we have to remember that being more secure than your peers doesn’t necessarily mean you’re as secure as you need to be. Companies need to measure themselves against the threat they face – and that threat is constantly evolving.
Then there are those organisations who think cyber is a problem for other people and it won’t affect them. That is just not true. Cyber attacks can and are affecting every single business.
My message for companies that think they haven’t been attacked is: “You’re not looking hard enough”. I recommend you register on the CiSP network and start benefiting by sharing information and intelligence on cybersecurity threats from across sectors and organisations.
This article first appeared in issue 9 – The Cybersecurity Issue – of Tech City News Magazine. View the digital version online and subscribe to receive future issues to your door, for free.