The target had been the creation of a team of cyber crime investigators and the launch of cyber crime initiatives to counter the increased threat of attacks on HMRC systems, and its customers who use the internet, by the end of November 2011. This will not be achieved until the end of February.
Frank Coggrave, general manager at Guidance Software, is not surprised. “Cyber security has been undervalued and underestimated over the last five to ten years,” he says, “and training those experts needs to be not only about dealing with the here and now, but more crucially, anticipating what cyber criminals are going to do next.”
Coggrave takes heart in HMRC’s delay. “It is actually positive that HMRC is taking its time to complete the recruitment process, as hopefully this means their investigators will have all the necessary skills needed.” The problem is the complexity of the challenge. “A good cyber security person needs more than just certifications on security products,” he continues, “they need an analytical and forensic mind and they need to be able to investigate. These qualities are rare, and anything we can do to support these professionals should be encouraged.”
This comes against a backdrop of wider concerns about general computer education in the UK. Michael Gove, the Secretary of State for Education, has announced plans to revolutionize school computer education, currently called Information and Communication Technologies (ICT). It is, he says, ‘boring’; and he hopes to harness the cloud and ‘open source’ to improve things. “Instead of children bored out of their minds being taught how to use Word and Excel by bored teachers,” he suggests, “we could have 11-year-olds able to write simple 2D computer animations using an MIT tool called Scratch. By 16, they could have an understanding of formal logic previously covered only in University courses and be writing their own Apps for smartphones.”
It is current ICT schools training that has produced the bulk of our current security staff. “Traditional security skills have degenerated into simply patching firewalls,” says Coggrave. “However in today’s cyber security environment, it’s essential to have the forensic and analytical expertise to review incidents and take control of them.” Michael Gove is determined to start the process in our educational system.