The UK's critical infrastructure is open to cyber-attacks because of a lack of experts able to thwart threats, warns a report by the National Audit Office (NAO).
The NAO, which scrutinises public spending on behalf of parliament, warns in its ‘UK cyber security strategy: Landscape review' that "the UK lacks technical skills and that the current pipeline of graduates and practitioners would not meet demand."
NAO interviewed personnel across government, business and academia to compile the report.
"Those we interviewed from academia considered that it could take up to 20 years to address the skills gap at all levels of education," warns the report. It adds that the government is working to overhaul ICT education in schools in order to gear it towards computer science and programming and "expects cyber security to be a strong strand of the future GCSE computer science syllabus".
The NAO estimates that cyber-crime costs the UK economy between £18bn and £27bn a year. There were 44 million cyber-attacks during 2011, with the NAO suggesting that 80 per cent could have been prevented by simple network "hygiene", such as the use of strong passwords.
Indeed, the report points out that the most common passwords of 2012 were "password", "123456" and "12345678", which cyber-criminals could easily exploit.
"The threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber-attack," said NAO chief Amyas Morse.
"It is good that the government has articulated what success would look like at the end of the programme. It is crucial, in addition, that progress towards that point is in some form capable of being measured and value for money assessed."
The UK Cyber Security Strategy was launched in November 2011 to combat the increasing threat of cyber-crime. Speaking on the anniversary of its launch, Cabinet Office Minister Francis Maude - responsible for overseeing the strategy - said the UK was in a better cyber security position than it had been the year before. Others, however, beg to differ.
[Turn to next page]