UK security industry forms oversight body in response to government consultation on sector's future

The government has proposed ways to attract new professionals to security, increase diversity and ensure leadership

The government has opened a new consultation on its proposals for the implementation of the 2016-2021 National Cyber Security Strategy (NCSS). In response, industry-leading bodies have formed an alliance to ‘advance the development of the cyber security profession'.

The NCSS describes the government's ambition to ensure a constant supply of homegrown talent for the security sector. To achieve this aim, it is important to ensure an environment for the sector to develop on its own, as well as engaging with stakeholders with an interest in security.

The document splits proposals into four groups: Professional Development; Professional Ethics; Thought Leadership and Influence; and Outreach and Diversity.

Professional Development

This section describes the need to support individuals in their cyber security careers, as well as incentivising them to stay within the security trade. It talks about developing a common standard, applicable to all workers in the sector, that will give businesses ‘the confidence that individuals they entrust to secure their information have the capabilities they say they do'.

A ‘coherent set of career specialism pathways' should be developed by the end of 2019, which is widely agreed across the industry and government. One year later, proposals should be developed for the implementation of a common Royal Chartered Status for individuals; and by mid-2021, an industry-wide framework should have been agreed that will lead towards a nationally recognised career structure.

Professional Ethics

Ethics and integrity are vital for the security trade, whose workers must be trusted above almost any other. In this section, the document discusses the need and support for a cohesive Code of Ethics, applies across the security industry.

A draft code should have been agreed by the end of 2019, covering obligations to clients and the law, and guidance on the limits of personal responsibility if a persons' design, product or data are misused. Implementation should take place by the end of 2020.

Thought Leadership and Influence

While the UK has a strong and vibrant security ecosystem, the lack of coordination can reduce the profession's impact. The document describes the need for ‘strong and visible' leadership, which can bring together and speak on behalf of the various specialisations and organisations in the industry.

Through 2019, the industry should develop a roadmap for how it will provide coordinated leadership and influence other sectors. That coordination should be in evidence by the end of 2020, with an agreed strategy to define and strengthen relationships with other sectors such as law and insurance. This leadership body should be producing proposals to strengthen the profession by the end of 2021.

Outreach and Diversity

This section describes how the security sector reaches potential new members, especially the next generation of professionals. It says, ‘We believe the perception of a career in cyber security needs to change. The profession must show opportunities for flexible, rewarding and hugely interesting work not only to those who might traditionally be interested in cyber security, but a much wider range of people who have the core skills and capabilities to succeed'.

According to the government's proposals, the security profession should have agreed ‘a clear mission statement' about how to develop the next generation of professionals, and boost diversity, by the end of 2019. Throughout 2020 it should establish a national network of industry, government and educational sector partners to provide events to attract people to the profession; and by 2021, ‘other initiatives' could be moved to the sector from the government.

Oversight is needed

An independent body would be necessary to deliver these objectives, and so the document also proposes the formation of a UK Cyber Security Council, formed of existing professional bodies - but one that will not ‘replace or replicates existing professional organisations'.

Following the government's release of the document, 17 UK organisations have come together to form a cross-industry alliance, to ‘help shape national cyber security standards, drive advances in cyber education and advise the government on national cyber security policy'.

Common objectives for the as-yet-unnamed alliance are:

The members include: BCS, The Chartered Institute for IT; the Chartered Institute of Personnel & Development (CIPD); the Chartered Society of Forensic Sciences (CSofFS); CREST; The Engineering Council; IAAC; The Institution of Analysts and Programmers (IAP); The IET; Institute of Information Security Professionals (IISP); Institute of Measurement and Control (InstMC); ISACA; (ISC)2; techUK; The Security Institute; and WCIT, The Worshipful Company of Information Technologists.

Jeremy Barlow, director of standards at BCS - Computing's partner in production of the UK IT Awards - said:

"This collaborative development is...not only a functional necessity, but speaks to a necessary culture change for organisations and individuals working in cyber. As with other established professions, there will be places where we compete, but we must collaborate and share as a diverse professional community for the good of everyone to ensure we do not let down the people we ultimately serve.

"Our announcement today is only the start of our work, but it is well-founded on a shared mission, built on trust and compatible objectives, and bodes well for the future. It's fantastic to be able to declare this with such a large field of distinguished organisations, and perhaps surprising to see for many who have worked in cyber security. This is a true reflection on a new culture and a new level of public need for the best in cyber security."

The consultation will be closed on the 31st August.