“Hundreds of computer experts will work one or two days a week at the agency’s Cheltenham headquarters and they have already been dubbed ‘iPlods’, under plans being discussed by ministers,” reports the Daily Telegraph.
The problem faced by GCHQ is two-fold. There simply aren’t enough home-grown mathematicians in the UK, and it cannot match the salaries offered by the private sector. Both are perennial problems in the UK. UK society has always placed higher store on the classics than on engineering: Cicero and Shakespeare are placed above Einstein, for example. Earlier this month, GCHG head Iain Lobban alluded to this in an Alan Turing speech at Leeds University. Commenting on the role of Polish cryptanalysts in breaking the enigma code, he said, “The Poles had taken a different path to the British and had recruited mathematicians, rather than classicists, to become their cryptanalysts.”
The second difficulty can be resolved by borrowing staff from the private sector rather than competing with it. The problem has got worse over recent years. Just as high-tech companies have long been attracted to areas around leading universities, they have also been attracted to GCHQ’s Gloucestershire location. The proximity of better pay and offices is an increasing temptation for the staff GCHQ already has.
Although a GCHQ spokesman told the Telegraph that “the suggestion of a part-time army was ‘purely speculative’,” it is given credence in many areas. “The move to use private sector capability to help the public sector overcome existing skills shortages and tackle cyber security risks is welcome,” says Mark Brown, director of information security at Ernst & Young. “Closer collaboration between the two sectors is key to protecting the UK against increasing cyber criminal threats.” Such a policy would solve both GCHQ’s manpower problem, while promoting the government’s much vaunted desire to encourage security collaboration between the public and private sectors.
But it’s only a sticking plaster on the wider issue that is getting worse. “Since the late 1990s the number of UK-born graduates studying mathematics and science degrees has fallen by almost 70%,” comments Brown. “This has lead to an increasing shortage in relevant skills and has put the UK's efforts to tackle growing cyber security risks on a backfoot.” The long-term solution can only be to encourage more bright youngsters to follow studies in mathematics and engineering; and then to persuade them to take careers in security.