The future of the UK's cyber security landscape will be decided next month as the government lays out its strategy for how it plans to protect the country from cyber threats over the coming five years. Since the last strategy in 2011 the UK's cyber security has matured, strengthened by a bedrock of major successes. The launch of the Computer Emergency Response Team (CERT-UK), the ongoing collaborations with the UK's Centre for the Protection of National Infrastructure (CPNI) and the establishment of the Cyber Essentials training scheme have been instrumental in the government's drive towards securing individuals and organisations against cyber-crime.
The Cabinet Office highlighted these achievements in its UK Cyber Security Strategy 2011-2016 annual report. However the cyber security world is evolving at a rate of knots as the capabilities and inventiveness of attacks grow. For example, hackers are now using behavioural as well as technical methods to steal data from their victims and Distributed Denial of Services (DDoS) attacks are now being sold for as little as $5 on the dark net. The UK's Cyber Security Strategy, due to be announced next month, will therefore need to grow in line with the increasingly dangerous and diverse range of cyber-attacks.
The Internet of Things, which has now become well established within many of our industries, needs to be a key focus of this. The Building Information Modelling (BIM) sector is expanding and will see technologies placed within constructions to track use across their lifespan and allow for remote access. Healthcare is another area that has been affected by the IoT revolution. Patient monitoring systems are becoming connected to allow for continuous tracking. Yet there is proof that these can be hacked, providing a route to then infiltrate the wider hospital network. Government policy must be clear on how organisations (and individuals) should protect themselves from such invasions and ensure the correct technologies are available. Industry can be encouraged to take a leading role in this or the government can directly involve itself in development. Whatever strategy is used, the increasing interconnection of our daily lives is a major challenge that needs confronting.
Machine learning is one such area that is beginning to pose a very serious threat. These programmes, used for defence or attack, sit within systems, adapting their behaviour based on what they experience within that infrastructure. The potential such attacks have to disrupt is huge. As they learn and adapt to the behaviour of their target's defences and IT, they become increasingly difficult to counter. However, the potential this technology has for defensive capabilities is just as great. By studying an organisation's network the programme can determine what characteristics of the environment are abnormal. This allows it to detect cyber-attacks that have never before been observed by the system's technology, sensing any unknowns or anomalies.
Currently we do not have a sufficient number of individuals with the knowledge or experience to build these advanced defensive technologies to counter the equally as advanced offensive technologies being used increasingly by cyber criminals. Equally robust machine learning based defence mechanisms need to be in place to seek, react to and neutralise such threats; making sure the UK has such ability will be crucial to the UK's ongoing security.
However, the pool of talent needed to confront such challenges, although growing, is sadly still too small. Industry reports state that by 2019 six million professionals will be needed, but the projected number is currently only four and a half million. It has been described as the "largest human capital shortage in the world". If we don't have the manpower to keep pace with the cyber security industry's talent requirements, then we won't be able to develop the technology and infrastructure to deal with new cyber threats.
Raising awareness of how big a part cyber security plays in our lives is key. Since the development of the internet online threats have moved out of the IT industry and into culture, consumer technology and popular consciousness. We must not only develop specific defences to new and varied types of attacks but broaden awareness amongst the population about these threats so that we all know how to protect ourselves when using technology. If this takes centre stage in the Cabinet Office's plans, then we will continue to maintain our position as a world leader in cyber security in the years to come.