The UK government says it understands the need to make sure it has enough highly skilled IT professionals to respond...
to cyber threats.
"The government shares the Committee's concerns regarding maintaining a highly skilled
cadre of internet security specialists and is taking a number of proactive steps to address
the issue," the document says.
According to the response document, policies for the recruitment and retention of specialist staff are the responsibility of individual departments, but under the National Cyber Security Programme the government will support individual departments and agencies in developing cyber security training and skills programmes for their staff.
In addition, the Cabinet Office and GCHQ are both supporters of initiatives such as
the Cyber Security Challenge, which promotes careers in cyber security via annual
competitions and events, while providing advice and opportunities to individuals who
wish to start a career in the information security field.
To ensure GCHQ maintains its competitiveness in the market for experienced internet specialists, the document says a retention payment system is already in use.
"Those bonuses and the unique appeal of the GCHQ mission help to keep leaver rates low, but GCHQ is also considering other measures to attract and retain suitably skilled staff in greater numbers and welcomes the closer involvement of other government departments to help to achieve this," the document says.
However, the skill of IT professionals at the government's disposal for cyber defence is not the only issue at stake, according to Joseph Souren, European general manager for security firm Wave Systems.
It is also about the technology used to provide the security, he says, because workers can only use the technology in front of them and no matter how good they are, they need the right tools to provide the security.
"The UK government needs to ensure that the next generation of network security professionals understands and can deploy Trusted Computing standards, which means focusing on the device, not the user," he said.
The UK should follow the recommendations of its technical authority on information assurance, CESG, and use device-based security within government agencies, as the US government has done, says Souren. Security in today's IT infrastructure focuses on building layers of software defence and these systems have been exposed to high-profile breaches, he says.
He believes that organisations should seriously consider adding device identity as an independently managed layer to help protect their data.
Souren claims that device-based security solution offers unmatched protection and he believes it will play an integral role as organisations move to the cloud.
"It's a framework championed by major organisations, enterprises and governments across the globe but there is still a lack of awareness about device-based security, even though around a half billion business-grade PCs and laptops have been deployed equipped with the technology to put these systems into practice," he said.
MetaKeywords MetaDescription Sensitive Landingpage False