The UK government has pledged more money to address the IT security skills crisis and improve hardware and IoT security, although details on the latter are vague.
An announcement made on Data Protection Day yesterday claimed the UK plans to be a world leader in “designing out” cyber-threats, by funding R&D into more secure-by-design hardware and chips.
The £70m investment will be made through the Industrial Strategy Challenge Fund and backed by further investment from industry, although there were no further details.
An additional £30m will be made available for the Ensuring the Security of Digital Technology at the Periphery program, to improve IoT security.
“We want the UK to be a safer place to live and work online. We’re moving the burden away from consumers to manufacturers, so strong cybersecurity is built into the design of products,” said digital minister, Margot James.
“This funding will help us work with industry to do just that, improving the strength and resilience of hardware to better protect consumers from cyber-attacks.”
The announcement was greeted with skepticism in some quarters.
“The announcement that the UK will become a leader in cybersecurity resulting from a small investment in research is highly unlikely as hardware and research alone is not going to solve cybersecurity threats,” argued Joseph Carson, chief security scientist at Thycotic.
“The solution to reducing cybersecurity threats is a balance between both technology and people. If we are really going to reduce the threats then it needs to start with an investment in education along with a strong investment in technology that is simple, easy to use and does not require highly skilled workforce to use it.”
The government also pledged £500,000 as part of the next round of the Cyber Skills Immediate Impact Fund.
The money is designed to help improve diversity and reduce skills shortfalls in the information security sector.
Projects set to receive the funding include Crucial Academy, which aims to retrain veterans: focusing on women, neurodiverse and BAME individuals. Also on the list are the QA: Cyber Software Academy for Women and BluescreenIT’s HACKED program, which helps to train candidates with special needs, from disadvantaged backgrounds, and those classed as neurodiverse.
Sarah Armstrong-Smith, head of continuity and resilience at Fujitsu UK, welcomed the pledge for more funding.
“With cyber-criminals becoming more creative and savvy in their approach to cyber-attacks, a cybersecurity team which lacks diversity is more likely to leave a company vulnerable to attacks,” she argued.
“Different groups of people bring a variety of ideas and ways of thinking, which means that a more diverse and inclusive cybersecurity team will be key in facilitating a broader range of ideas and perspectives about how to prevent an attack from taking place.”