I had a chance to read an article recently that was talking about the new so called Cyber Security strategy for the United Kingdom. John Reid, who is with the Institute of Security and Resilience Studies, was praising the formation of the new group, but also warned that much more work would be needed.
In short, the criticism was this: there was no actionable plan to move forward. There was too much time spent on just the overall dimensions of what could be done.
“In terms of actions, it fails to rise above protection,” he said.
Reid welcomed the idea of a strategic summit of professional services providers, saying that bringing together the public, private and academic sectors is the best recipe to drive real change, but questioned the distribution of cybersecurity funding.
While it is understandable, he said, that around 57% is going to intelligence, 14% to the military and 10% to law enforcement, it is disappointing that business innovation and skills has been allocated only 2%, and research and education is at the bottom of the list with no budget at all.
“We cannot and will not catch up if investment lacks depth [and does not support development and growth],” said Reid.
While no one thinks government can tackle the challenges of the radical changes brought about by the rise of cyberspace, government should lead the project to maximise the benefits and opportunities for innovation, while controlling and mitigating the threats.
The government’s role, said Reid, is in helping set up the concept framework as it would when tacking any problem that is difficult to solve. This framework will help plug the legislative gaps to get the law up to speed with technological changes and help create the environment drive innovation that is essential to both security and growth, he said.
Reid proposed a national cyber taskforce made up of people from the public, private and academic sectors that would define actions at a strategic level; not a “think-tank” , but a “do-tank” that is directly responsible to the national security council, he said, that can be expanded to include the economy, as the US has done.
“This will add a further step in meeting the challenges of cyberspace,” he concluded.
