The government has been accused of lacking urgency in its work to tackle a lack of suitably skilled cybersecurity workers in the critical national infrastructure sector.
Parliament’s Joint Committee on the National Security Strategy said ministers had “no real sense of the scale of the problem” and lacked ideas on how it could be addressed.
The committee, which brings together MPs and peers, said last year’s WannaCry attack which hit the NHS particularly hard – but did not specifically target the health service – had demonstrated the need for vigilance and provided evidence of the risks that critical national infrastructure was exposed to.
But it said that consistent concerns expressed by industry were being met a lack of detailed analysis of which sectors and specialisms were most acutely affected. It also pointed to delays in a standalone skills strategy designed give impetus to better match the supply of skills to demand as evidence of a lackadaisical attitude on the part of government.
The committee said the strategy had been promised in November 2016 but was now not scheduled to be published until December this year.
Committee members said that it was not enough that the Department for Digital, Culture, Media and Sport had been identified as the lead ministry for the issue and called for a minister to be allocated to lead on cybersecurity skills.
They also called on the government to put in place “robust mechanisms for cross-government co-ordination and co-operation” on the issue.
Committee chair Dame Margaret Beckett said that not only was there a problem with the availability of people with cybersecurity skills but also a problem with the “worrying lack of focus” displayed by the government in dealing with the situation.
“We’re not just talking about the ‘acute scarcity’ of technical experts which was reported to us; but also the much larger number of posts which require moderately specialist skills,” she said.
“We found little to reassure us that government has fully grasped the problem and is planning appropriately.
“We acknowledge that the cybersecurity profession is relatively new and still evolving and that the pace of change in technology may well outstrip the development of academic qualifications.
“However, we are calling on government to work closely with industry and education to consider short-term demand as well as long-term planning.”
Beckett said that “as a very first response” the government should work in close partnership with the CNI sector and providers to create a cyber security skills strategy that would gve clarity and direction.
“It is a pressing matter of national security to do so,” she said.