You will have heard about the UK Cyber Security Council. What is it and why was it brought about?
The UK Cyber Security Council was introduced in March 2021 to be an independent body that sets standards and defines career and learning paths for the cyber security industry. It was established by His Majesty’s Government (HMG) to define the professional standard needed to ensure the UK is a safe and secure place to live and work online.
The UK Cyber Security Council provides a “single governing voice for the industry to establish the knowledge, skills and experience required for a range of cyber security jobs, bringing it in line with other professions such as law, medicine, and engineering.
The Council was brought into place due to The National Cyber Security Strategy 2016-2021 policy paper that set out the UK Governments’ plans to make Britain cyber secure. Included within this report was the government’s desire to further develop the cyber security industry and accredit the profession by “reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.”
The basis of the ongoing strategy for the UK Cyber Security Council is set out in five themes:
- Professional Standards: Setting the standards for practitioners across the sector
- Professional Ethics: Creating and ensuring cyber professionals adhere to our Code of Ethics
- Careers and Learning: Providing guidance on how to join and progress within cyber security
- Outreach and Diversity: Striving for an inclusive and representative sector
- Thought Leadership and Influence: Positioning the Council as the voice of the profession.
The Cyber Security Council Standard for Professional Competence and Commitment includes these themes as they apply to individuals working in the profession and, in turn, how those individuals apply these attributes as they carry out their roles and responsibilities.
The role of the Council
Supporting the UK Government, UK Regulators, and the National Cyber Security Centre, the Council will play a key role in ensuring cyber practitioners have the skills and expertise needed to protect data and systems in the UK.
Cyber security is a maturing profession, with a range of areas that require specialist insight, development and practice. The Council’s Professional Standard and Registration Titles will bring structure and unity to the profession accordingly, and a level of consistent professional recognition, already embedded in fields such as engineering, audit and medicine
The Council will enable employers to identify the people they need to manage their cyber risks and meet their regulatory obligations. It will help practitioners navigate the complex world of existing qualifications, certifications, and courses. By setting an overarching professional standard and defining three professional titles, the Council will make the equivalence of cyber security qualifications clear.
Regulatory Compliance and Ethical Practice
Regulatory compliance and ethical practice are key pillars in the cyber security sector. The Government wants the Council’s standard to become a measure used to assess compliance by regulators across the UK. Regulators need to assess whether regulated entities have sufficiently invested in their cyber workforce to maintain cyber resilience. The Council’s standard is an effective measure of this resilience. Alongside the standard, the Council’s Ethical Declaration sets out a code of conduct for businesses and guiding principles for individuals on how to practice ethically. Each Council registrant will sign the Ethical Declaration, agreeing to promote credibility, integrity and professionalism. This will serve as assurance that those awarded Professional Registration Titles are both ethical and compliant.
Helping employers of cyber practitioners
Hiring decisions are the most important decisions that organisations make. In cyber security they are loaded with risk, as assessing competence is challenging. Employers who seek robust recruitment and development processes will use the UK Cyber Security Council’s standard for assurance that they are employing high quality, experienced practitioners. The Government Security Group is one example of an employer seeking this kind of assurance, and it is actively looking to align its recruitment frameworks to the Council’s standard, as the specialisms are released. Recruitment, progression, and career growth for individuals can be accelerated by engagement with the Council’s Professional Registration Titles – Associate, Principal and Chartered.
Helping customers of cyber services
Customers of cyber services often struggle to determine quality in the market: what does good look like? How has this been assessed? Do assessments have equivalence? Chartership will ensure an easy way to identify this for companies of all sizes. The need for this is particularly acute for the UK Government – the largest customer for cyber security services in the UK. Government is seeking to integrate the Council’s standard into public sector procurement processes, similar to what has been achieved with Cyber Essentials, to help customers validate the competence of a company’s cyber resilience. The standard will enable clear assessment of those bidding for Government contracts. Aligning yourself to the standard will help your organisation prove the quality of your services.
A Global Standard
Professionalising the cyber security workforce is not just a UK programme, it is the direction of travel for many like-minded states across the globe. Governments in other countries are increasingly looking at how best to assure professional competence and the UK government is pursuing mutual recognition of the Council standard internationally. Chartership with the UK Cyber Security Council will provide global credibility and give professionals an easy way to demonstrate equivalent competence when moving between countries.
Influence and Prestige
The Council’s standard, governance and institutional architecture will be led by cyber security professionals with Council titles. The UK Government is working towards the Council standard being the only Government-recognised quality mark for the UK cyber workforce. To shape the profession, you need to be part of it.