Industry Reaction to GCHQ Speech

Some industry reaction to George Osborne’s GCHQ speech below from (ISC)² – the largest not-for-profit membership body for cyber and infosecurity workers worldwide below. The Chancellor referenced (ISC)²’s Global Workforce Study and the 1.5 million workforce shortage statistic in his speech so they’d be very well placed to offer further commentary on what was discussed.

Dr Adrian Davis, Managing Director for EMEA said :

“This is a welcome speech that raises the level of appreciation for cyber security requirements; puts the issues on an economic platform; and acknowledges its role in assuring prosperity as well as national security.

However, while the Chancellor advocates a plan that acknowledges the priority of cyber initiatives, he places a huge reliance on everyone outside of government to do their part to ensure real impact. I say this because the funding investment over the next 5 years, although double previous commitment, is a fraction of what is really required to bring society up to speed. This is a plan that is all about catalysing action from stakeholders, partners and the broader business community. While more details are to come on Monday, it appears they continue to defer direct development toward specialist expert capability and technical innovation driven by the very focussed perspective that comes out of GCHQ. I am wary of having the management of the entire plan – from law enforcement to business support – centralised within a centre of excellence that reports to GCHQ. GCHQ is a valued and an incredible resource and there is no doubt that the new initiatives will have their value but to really catalyse action and investment, these plans must ensure broader input from the private, business and professional communities.

On the skills front, the UK government has been a leader and it’s good to see that the UK government continues to recognise that expert capabilities are needed to match the developing threat through the National Cyber Security Strategy and that they are prioritising embedding knowledge at every level of education. There is a lot of work to do here and we remain committed to being a strong partner in this area of development.  I would like to emphasise that this is a need that goes far beyond our own profession and that we need to work to embed cybersecurity across many disciplines, not just develop the experts.

In short the Chancellor has done a great job of acknowledging the challenge, outlining the priority government has to put toward it, but I wonder if the broader call to action was clear enough to ensure all who need to take note actually do so.”[su_box title=”Dr Adrian Davis, Managing Director for EMEA, (ISC)²” style=”noise” box_color=”#0e0d0d”]Dr Adrian Davis, is a Managing Director for EMEA, (ISC)², (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 100,000 members in more than 135 countries. Globally recognised as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP^®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP^®), the Certified Cyber Forensics Professional (CCFP^SM), Certified Authorisation Professional (CAP^®), HealthCare Information Security and Privacy Practitioner (HCISPP^SM), and Systems Security Certified Practitioner (SSCP^®) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programmes and services based on its CBK^®, a compendium of information and software security topics.[/su_box]