In recognition of the UK’s increasing economic dependence on Internet-enabled capabilities, a number of established councils, professional bodies, academics, professional certification bodies and industry representative groups have decided to join forces in establishing a new collaborative alliance aimed squarely at advancing the ongoing development of the cyber security profession.
Complete with representation from a breadth of disciplines currently active in cyber security professional practice – among them computing, engineering, physical security, Critical National Infrastructure and focused cyber security bodies – this collaborative effort reflects constituent members’ common understanding that professional cyber security expertise is relevant to a broad range of disciplines.
The overriding aim is to provide clarity around the skills, competences and career pathways within this fast-moving area of professional security practice, although the initial objective is focused on supporting commitments expressed within the UK’s National Cyber Security Strategy around providing a focal point for advising national policy, including the stated intent to recognise professionals through Chartered status.
The Cyber Alliance brings together a range of established disciplines, each of which currently has a leadership role in underpinning UK resilience in the digital environment. The founding membership includes several bodies (more of whom anon) operating under a Royal Charter granted through The Privy Council, each of which is able to grant Chartered status within its discipline.
Membership is open to any organisation currently working on its common aims.
In alphabetical order, the current members include the BCS (the Chartered Institute for IT), the Chartered Institute of Personnel and Development (CIPD), the Chartered Society of Forensic Sciences (CSofFS), CREST, The Engineering Council, the Information Assurance Advisory Council (IAAC), the Institution of Analysts and Programmers (IAP), the IET, the Institute of Information Security Professionals (IISP), the Institute of Measurement and Control (InstMC), ISACA, (ISC)2, techUK, The Security Institute and The Worshipful Company of Information Technologists (WCIT).
The announcement follows constituent members’ recent participation in a series of Workshops led by the Department of Digital, Culture, Media and Sport (DCMS) to develop a national professional body for cyber security, with the Government’s proposals now open to public consultation. The DCMS’ statement on the matter can be read online at: https://www.gov.uk/government/consultations/developing-the-uk-cyber-security-profession
Without prejudice, Cyber Alliance members are now committed to engaging their membership in encouraging a broad and robust response from the community of practice currently working in the field.
Common objectives already agreed upon by Cyber Alliance members include the following:
*harnessing the full range of proven and established UK cyber security professional expertise
*providing a forum for benchmarking and shared standards for cyber security professional excellence
*enabling the development of the specialist skills and capabilities that will allow the UK to keep pace with today’s rapidly evolving cyber risks
*enabling a self-sustaining pipeline of talent that harbours the skills required to meet the UK’s national needs
*providing a focal point which can advise, shape and inform national policy
A developing profession
“The Worshipful Company of Information Technologists recognises that information and cyber security is a profession that will continue to develop and grow for the foreseeable future,” stated Professor Roy Isbell FIET FBCS CITP, ITC Security Panel chair at the WCIT.
“Cyber has also been recognised as a discipline that’s impacting all aspects of business and society. Just as the development of the engineering profession bolstered The Industrial Revolution, we need to identify the underpinning skills and expertise needed to meet the challenges of the current and fast-evolving digital era. The coming together and formation of a Cyber Alliance of leading organisations already working in information and cyber security is a robust and significant step forward that provides the focal point to both guide the development of the profession and advise national policy.”
Jeremy Barlow MBCS, director of standards at the BCS (the Chartered Institute for IT), explained: “The BCS strongly believes that collaboration at all levels is necessary in order to protect the public from current and future cyber threats. This collaborative development is therefore not only a functional necessity, but also speaks to a necessary culture change for organisations and individuals working in the cyber realm. As is the case with other established professions, there will be places where we compete, but we must collaborate and share as a diverse professional community for the good of everyone to ensure that we don’t let down those whom we ultimately serve.”
Barlow added: “This announcement is only the start of our work, but it’s well-founded on a shared mission, built on trust and compatible objectives and, what’s more, bodes well for the future. It’s fantastic to be able to declare this with such a large field of distinguished organisations, and perhaps surprising to see for many who have worked in cyber security. This is a true reflection of a new culture and a new level of public need for the best in cyber security.”
Lord Arbuthnot, chairman of the Information Assurance Advisory Council, observed: “The Information Assurance Advisory Council is pleased to support the Government’s objectives of enabling a clear and comprehensible career path for those entering cyber security and establishing an authoritative voice for the profession. The IAAC was one of the earliest members of the Cyber Alliance and particularly welcomes the breadth of its composition, reflecting the wide range of skills and aptitudes demanded to ensure a safe and secure information society able to benefit from the many opportunities of ‘The Information Age’. We believe this will underpin the objective of making the UK the best place in which to do business online and to enhance UK resilience, while also setting a standard for others to follow.”
Ahmed Kotb, the IET’s cyber lead, informed Risk Xtra: “It’s fundamental that cyber security is seen as an established profession. We’re in support of the need for a professional body to recognise the breadth of expertise within the industry. The Cyber Alliance offers the integration and co-ordination of existing Chartered and professional bodies across a range of cyber disciplines that can provide credibility and knowledge to help deliver this work. With cyber skills shortages already emerging at every level, we’re committed to working with the Government and the National Cyber Security Centre on the best solution. This will enable the rapid, yet capable development of specialist cyber skills in order to meet the growing needs of the industry, manage risk and secure the next generation of talent.”
Collaboration and co-operation in information security
“The IISP has always supported collaboration and co-operation across the information security industry and has been a champion of professionalisation and career development,” stressed Amanda Finch, general manager at the IISP. “Therefore, we’re delighted to be one of the founding members of the Cyber Alliance and to support the Government-backed initiative aimed at harnessing the valuable knowledge and experience that exists across the various and well-established industry bodies. Working together with common goals is increasingly vital as we face growing cyber security threats and global disruption.”
Talal Rajab, head of programme for cyber and national security at techUK, opined: “techUK is pleased to be a founding member of the Cyber Alliance and contribute towards the development of the cyber security profession. Our digital economy is underpinned by the need for cyber security expertise and skills across a range of disciplines. By bringing together these professional bodies and harnessing the full range of established cyber security professional expertise, the Cyber Alliance will go a long way towards providing a focal point for the sector on the cyber security skills, competences and standards needed to ensure that the UK has the depth of talent required to remain resilient in the face of the growing cyber threat.”
Peter Cheese, CEO of the CIPD, ventured: “As the professional body for Human Resources and people development, we’re delighted to support this move and help to raise awareness and understanding across our profession about the issues surrounding cyber security. Access to and use of data and technology is as much about people as it is about the technology itself, and on that basis we need to ensure that the individuals involved are properly aware and trained to understand and mitigate cyber risks both for themselves and for their organisations.”
Deshini Newman MA (Cantab) MBA FRSA, managing director (EMEA) at (ISC)2, commented: “We’re reaching an important milestone in the maturity of our profession with the intent of developing a nationally-recognised professional body and consideration for Chartered status. The UK is taking a leadership role in this effort that may well set an example for Governments around the world. We’re keen to support their work – ensuring the opportunity to build on the more than 30 years of international front line experience that has been comprehensively documented by (ISC)2 and its colleagues within the Cyber Alliance – and inspire a safe and secure cyber world. While cyber security was once purely the domain of focused specialists within the IT space, it has now evolved to include a much broader range of governance, risk and policy experts. A recognised skills gap still exists, though. This requires us to attract more bright minds to the field. Reaching professional maturity and meeting the need will depend on the breadth of perspective and support that the Cyber Alliance is working to harness.”
Harnessing knowledge and experience
Ian Glover, president of CREST, observed: “The information security industry relies on a wide range of skills and capabilities, from highly technical individuals providing penetration testing, incident response and threat intelligence services through to those responsible for policy, management, training, education and communications. Therefore, it’s important that the professional organisations representing different facets of our industry work together to harness knowledge and experience. While these bodies have worked together for many years, the formalisation of the relationships is a significant step forward in the professionalisation of the industry. CREST supports the Cyber Alliance initiative and is delighted to be a founding member.”
John Ellis FIAP (Cmpn) MBCS, operations director for the Institution of Analysts and Programmers, highlighted: “The IAP is committed to ‘Improving Software for Society’. We recognise the threats from the cyber world affect all of us working in the information technology arena… From those who create the hardware that routes your e-mails and Internet and the person who writes the app for your phone through to the computer scientist who’s developing the next generation of computer. While we should only have to concentrate on creating an environment that’s a good user experience, we find ourselves in a battle with those in the cyber world who would try to do us harm. We’re pleased to be working with our members and partners to ensure that the software of tomorrow is fit for purpose. This means it must be robust to cyber attacks. The bringing together of this group of distinguished bodies shows the computer industry’s commitment to working together to protect the public and business from those who try to exploit them. To this end, we’re pleased to support the Government’s objectives and help guide national policy.”
Michael Hughes CISA CRISC CGEIT, Board director of ISACA, stated: “At a time when cyber attacks have emerged as a clear threat to the economic and national security of countries throughout the world, it has been encouraging to witness the UK take a leadership role in driving toward a national strategy that will strengthen capabilities and put more robust deterrence in place. As a global organisation focused on advancing the positive potential of technology, ISACA is proud to be part of this collaborative Cyber Alliance that will ultimately allow the UK and its residents to prosper from society’s ongoing digital transformation from a position of both strength and security. We believe objectives such as the prioritisation of benchmarking cyber capabilities and a sharper focus on the need to fortify the pipeline of highly-skilled, well-trained cyber security professionals puts the Cyber Alliance on track to serve as a valuable resource in support of the UK’s National Cyber Security Strategy.”
Last, but by no means least, Mahbubul Islam (director of The Security Institute) told Risk Xtra: “The security industry has always been completely supported by The Security Institute as a professional body. We are fully committed in terms of propelling the delivery of convergence between physical and cyber security. By working on common security principles and objectives with the collaborative Cyber Alliance, we will continue to offer our full support for the UK Government’s National Cyber Security Strategy.”