Does the UK actually need a cyber security ambassador?

News by Davey Winder

If the UK leads the world in cybersecurity, why does it need someone to crow about it? Brexit, perchance?

The appointment by the Department for International Trade of Dr Henry Pearson as Cyber Security Ambassador for the UK marks a government ambition to increase the footprint of 'Cyber UK' overseas. Announcing the appointment, International Trade Secretary Dr Liam Fox, said that "the UKís reputation for cyber expertise is recognised worldwide" and that the former adviser to the National Cyber Security Centre (NCSC) will play a central role in helping to achieve projected cyber exports of £2.6bn by 2021.

This does raise the question of if the UK already has worldwide recognition as a leader in the field of cybersecurity, why does it need an ambassador to sell it? Could the reality be that this appointment has more to do with uncertainty surrounding post-Brexit trading positions than anything else? SC Media UK has been talking to those in the industry to age their opinion of this move.

"Regardless of any political or socioeconomic changes occurring in the UK, a cybersecurity focused member of government is a great thing," Dan Pitman, principal security architect at Alert Logic argues, continuing "for promotion of the good work that the UK's cybersecurity organisations do, to drive positive change within the UK cybersecurity industry itself and its relationship with the rest of the world."

Adam Vincent, CEO at ThreatConnect, agrees. He told SC Media UK that the ambassador can make a real difference to the effectiveness of the UK's security stance by spurring on information-sharing and collaboration between the UK and international businesses. "Good cybersecurity is good for business," Vincent says "so growing the UKís security relationships will benefit UK PLC in turn."

Not everyone is quite so upbeat it has to be said. Take Professor Eerke Boiten, director of the Cyber Technology Institute at De Montfort University, who argues that while having such an ambassador with experience of operating at the governmental level as well as within the UK cyber security industry sounds sensible enough, "it does nothing to protect the UK cyber security industryís exports to the EU against the current insecurity already caused by the Brexit process, and likely worse after Brexit." That Brexit will likely complicate the existing problems of a skills shortage and widening threatscape is an "unfortunate truth" according to Amanda Finch, CEO of IISP. In conversation with SC Media UK she pointed out that while the reality is that these are not issues unique to the UK, "they are global problems that require international collaboration to overcome" and "cybersecurity ambassadors could play a pivotal role in orchestrating" that collaboration.

Meanwhile, Spencer Young, regional vice-president at Imperva, isn't convinced that Britainís exit from the EU has played any part in the appointment of Dr Pearson. "As much resource, and by inference investment, that CyberSecurity UK PLC can add is welcomed," Young says, adding "we have a deficit in our spend in this area compared to nearly all developed nations as a percentage of GDP so must improve to keep our companies and citizens safe."

Which begs the question of whether the UK cybersecurity industry is really as world-leading as Liam Fox would have us believe. Simon Church is the general manager (Europe) with Optiv and was heavily involved in the Cyber Security Export Strategy part of the industry advisory panel working with Dr Fox.

"For the UK to continue to reach the same levels of success observed by likes of Israel and Silicon Valley," Church told SC Media UK, "developing a passion for cyber among young Brits is vital." Until measures are put in place where the government reduces friction on funding available, as well as provides much-needed support and encouragement to UK cyber start-ups, Church warns that "Britain could lag behind the rest of the world in terms of innovation." Chris Doman, a security researcher at AT&T Alien Lab, would seem to agree.

"Currently, the UK can't match Israel's support for cyber start-ups that partner with, and sell into, the key US market," Doman insists, continuing "to that end, any extra help is appreciated but it will require far more than just one person to make a real impact." Henry Harrison, co-founder and CTO at Garrison, also thinks that compared to the likes of Israel and Silicon Valley the UK has a low cybersecurity profile. "The key question for Liam Fox is whether the UK needs to take a leaf out of Israel's book on investing in marketing the UK brand for cybersecurity to a broader market," Harrison says.

Others are more positive about the positioning of UK cyber. Take Zia Hayat, CEO at Callsign, for example. "The UK is home to some of the best cybersecurity research centres in the world" Hayat told SC Media UK, adding "in March this year the NCSC and the Engineering and Physical Sciences Research Council (EPSRC) jointly recognised 17 universities in the country as Academic Centres of Excellence in Cyber Security Research (ACE-CSR)" which is a stake in the ground showing we have the talent and knowledge to "be recognised on an international scale for our cybersecurity research capabilities." And Darren Williams, CEO at BlackFog, points to the number of cybersecurity start-ups and the high level of funding activity happening in the UK as "a strong indication of the UKís position as a global leader in the industry."

We'll leave the last word with Sharon Besser, CSO at Guardicore, who concludes that "unlike cricket, other types of competitive sports or many of the worlds industrial sectors, nations shouldn't compete to be Cybersecurity Number One. It is not a race; we all need to win, together..."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews