Charles White, CEO of the Cyber Scheme, reflects on why the time to act is now..
There is a great Chinese proverb that says: “The best time to plant a tree is 20 years ago, the second-best time is now.” I love this because beautifully sums up where we are today with the cyber skills shortages we face. Go back 20 years and it was a mad rush towards digital transformation – what a good news story, better client experience delivered on a lower cost base.
Roll forward 5 years… “Oh, the online platforms we’ve created are not actually very secure, sorry about that – it seems youngsters in their bedrooms are hacking our systems for fun.” Roll on a further 5 years and we get to: “Hang on, the adversary has morphed into serious and organised crime and now we’re being extorted for millions.”
And on and on until today… we now have a new digital revolution taking place which we have snappily called ‘Industry 4.0’. This integration of intelligent digital technologies into manufacturing and industrial processes, and their speedy, often cost-driven but not security driven adoption into modern manufactured elements (cars, aeroplanes, watches, medical equipment, fridges, smart factories, intelligent cities to name a few) leaves us even more exposed to threat.
In the last 20 years we as a nation have underinvested in developing cyber skills. It’s only in the last decade that higher education establishments have offered dedicated cyber security degree and master’s courses (though their relevance in modern commercial settings is up for debate). Only within the last 12 years has legislation come about to protect personal data and discover/punish those that lose or abuse it.
The result of all this is that the pressure on existing cyber capability has expanded even more, without a corresponding increase in industry-ready entry level practitioners. Companies are under huge pressure to meet demand; the fact is that they no longer want entry level capability, they want 3 – 4-year veterans.
With this new Industrial Revolution (Industry 4.0) beginning to gather steam, there is a specific need to create a training ladder, to ensure practitioners are being sufficiently trained and assessed at every level of their career – which is exactly what we at The Cyber Scheme have done.
We need to cross skill and to upskill, bringing together each side of the revolution: Engineers, meet the IT crowd.
Both of course speak different languages, and have differing approaches to suit their specific areas, for example regarding health and safety. It’s one thing to electrocute yourself in an IT environment; quite another to bring down a manufacturing facility or a nuclear power plant. With the advent of IoT/OT technologies, the stakes are ever higher.
With training and with competence measurement we can build into the existing engineering and IT disciplines the knowledge, skills, abilities and tasks to counter the threat associated with these developments.
We have the scars and the memories of how the last 20 years have played out, and we know serious and organised crime will and does take advantage of our slowness – just look at the troubles Jaguar Land Rover and the automotive industry generally have encountered recently; that cool keyless entry isn’t so cool when a 15yr can steal your car inside 3 minutes.
The easy returns for crime gangs are just too tempting; we know we have to skill up before the bad guys do. That’s why now is the second-best time to plant that tree.