The UK's National Cyber Security Programme is not yet delivering on its much-vaunted economic benefits but is still a worthwhile exercise, according to a report by government auditors.
An update by the National Audit Office for Parliament's Public Accounts Committee on the government’s National Cyber Security Programme said that "good progress" has been made in improving its understanding of the most sophisticated threats to national security.
More ReadingUK.gov creates £500K fund to help universities teach cyber skillsUK.gov teams up with moneymen on HACK ATTACK INSURANCEUK.gov lobs another fistful of change at SME infosec nightmaresDon't buy that phone! It ATTRACTS CRIMINALS, UK.gov will tell peopleGCHQ recruits spotty teens – for upcoming Hack Idol
However, the level of understanding of threats to wider public services is "varied" – which sounds like a diplomatic way of saying poor to middling.
The programme’s objectives include tackling cyber crime and making the United Kingdom among the best places in the world to run secure e-commerce operations.
"While exports in UK cyber products and services have increased by 22 per cent between 2012 and 2013, progress in encouraging trade and exports has been slow," the auditors concluded. "Some progress has been made in encouraging businesses and citizens to mitigate risks, particularly in getting larger companies to take action. The government has, however, had a limited impact in targeting SMEs, where it has struggled to communicate guidance in a way that meets their needs."
The programme has been handed a budget of £860m to spend by March 2016.
Responding to the auditors' report, Hugh Boyes from the Institution of Engineering and Technology (IET) called for a greater emphasis on training to bridge the skills gap.
“The report highlights industry concerns about the confusing range of advice available and the lack of cyber security skills," Boyes commented. "These are valid concerns that need to be addressed."
"The current cyber security skills initiatives have been focused on providing the skills for individuals employed in cyber security roles. This is a short term solution which does not address the need to improve the security awareness and skills of everyone involved in the design, production and use of software-based systems," he added. ®