With CyberCrime consistently in the news and towards the top of the National Security agenda, Parliament Street is hosted a timely panel discussion on the topic on Wednesday 11th January 2017.
The panellists were –
Dr. Robert Nowill, Chairman of the Board of Directors at Cyber Security Challenge UK Ltd.
Andy Settle, Cyber Security Analyst and Senior Cyber Security and Threat Intelligence Consultant with IBM
Below is a review of the event by its chair, Kate Baldwin:
Red team or blue team: training the next generation to defend
There is no question that the UK is facing a severe cyber skills shortage. Earlier this month, the Public Accounts Committee found that the UK’s ability to defend against cyberattacks is undermined by the skills shortages and a “chaotic” approach to handling data breaches.
How the UK can best address the skills crisis was a key discussion point at the at the Cybercrime: the Next Threat debate in Parliament last month, with Dr. Bob Nowill, Chairman of the Board of Directors at Cyber Security Challenge UK, Andy Settle, Cyber Security Analyst and Senior Cyber Security and Threat Intelligence Consultant with IBM, and Yair Cohen, Founder of The Internet Law Centre.
While there is no question that a great number of young people have talent in computing, a serious challenge remains in ensuring that those teenagers have the opportunity to exercise their skills in a safe environment.
The 2014 TalkTalk breach was cited as a key example of where a young person’s skill was wrongly applied. Not only did the hack expose the personal details of 160,000 customers, but also resulted in the boy facing a high profile court case and, ultimately, a 12-month youth rehabilitation order.
Discussing the choice that young people face, Andy Settle spoke in military terms of the appeal for many hackers in joining the ‘red team’, rather than the defensive ‘blue team’. Dr. Bob Nowill highlighted the importance of programmes, such as the Cyber Security Challenge UK, in growing the skill base of Britain’s youth, and showing them the potential of good cyber skills, such as highlighting the far greater benefits of a well-paid career over that of a lone hacker.
Andy continued to explain how the red team / blue team divide is not only impacting individuals choosing whether to hack or defend. He pointed to a greater problem in the cybersecurity industry, where many companies and consultants’ work focuses on demonstrating the vulnerability of systems, rather than building solutions that will enable companies to better defend against the evolving threat landscape.