A recent article in Harvard Business Review, made an analysis of the US Cyber Security status and suggested “Here are four things that the private sector — and I mean CEOs, not CTOs — should be loudly and persistently demanding of Washington right now:…”
Lets take a look at these 4 issues from a UK perspective.
1. A Government funded FFRDC-type institution, to pay for basic research and early risk phase investment in commercial security systems.
Royal Holloway (University of London) and Oxford University have each received funding of almost £4m to provide new centres for doctoral training (CDT) to address the UK’s national need for cyber security expertise.
2. A support system, financial and legal, for smaller and startup companies that can’t afford to spend their money and time worrying about the security of their networks.
The TSB are offering Innovation Vouchers to support SMEs, entrepreneurs and early stage start-ups who see value in protecting and growing their online business by having effective cyber security.
3. A national cyber-guard or cyber Peace Corps equivalent, that would spread software and practices first around the US, and then around willing allies and friends abroad.
UK: √ (partly).
This is largely industry led with activities like Cyber Champions and the Trustworthy Software Initiative.
4. A major national effort to educate the public and market a new “culture of security” for Internet behavior. It’s the human link that is and almost certainly always will be the weakest link in any security system. So we need constant messaging about the basic blocking-and-tackling of online behavior to get individuals to recognize their own risky actions and their personal responsibility for security.
This is a key tenant of the National Cyber Security Strategy, with lots of activity focusing at all levels including for the board (10 Steps to Cyber Security), home users (Get Safe Online) to internships for school leavers run by IAAC.
These are just some of the initiatives under the UK National Cyber Security Strategy. Some have questioned whether this sufficient. Is the UK doing enough, or should we, as industry, echo the four HBR cyber security requests into UK Government?