ISJ Exclusive: Putting the UK first

An exclusive interview with UK Cyber Security Ambassador, Dr Henry Pearson, discussing how the UK will further enhance its global position in the cyber security industry.

At various points in recent history, the UK has been the leader in a number of industries, car manufacturing and financial services are just two examples of that. Now, the UK government has set its sights on topping the global cyber security industry.

Cyber attacks are widely regarded as the biggest threat facing private organisations. A recent report stated that 31% of organisations have experienced a cyber attack in the past year. The WannaCry virus in 2017 infected more than 400,000 machines and came at a cost of US$4 billion, showing the significance of the threat that cyber attacks pose.

It is not just industrial enterprises that are being targeted, nations are carrying out cyber espionage or warfare on each other in an attempt to steal secrets, spread disinformation or in the worst cases, sabotage critical national infrastructure. In recent months, Russia, China, Iran and North Korea have all been blamed for state-sponsored cyber attacks on numerous targets in the West.

So, how does the UK plan on being at the forefront of this ever-growing industry? The man pulling everything together is Dr Henry Pearson, UK Cyber Security Ambassador. Dr Pearson was appointed in April 2019 following a successful nearly 40-year career in the defence industry and advising the UK Government. International Security Journal sat down with Dr Pearson to discuss the UK’s position in the global market, the cyber skills shortage and what can be done to protect against state-sponsored attacks.

The four pillars

A recent report released by the Department for International Trade assessed the total value of UK cyber security exports to be £2.1 billion in 2018, the largest single security export sector for the UK. Dr Pearson explained why organisations are happy to use products from UK manufacturers: “I think there are four main reasons. We are experts, we are innovative, we have a very good reputation and we are trustworthy.

“One of the biggest factors behind our stellar reputation is the National Cyber Security Centre (NCSC), which has been operational for over two years now. The operations team there is dealing with around 600 major cyber security incidents each year many of which take months to fully resolve. It has very quickly become a world leader in terms of coordinating cyber security at a national level. A key principle they have is that this should not just be done at a government level but it should also link into industry.

“Therefore they have introduced an Industry 100 programme which sees 100 individuals from various sized companies regularly spending time within the NCSC to share their expertise. This kind of information sharing is enabling us to lead the way when it comes to product innovation and dealing with cyber threats.”

It is this level of cooperation that has led cyber security solutions manufactured in the UK to be the preferred option for many countries around the world. Dr Pearson has a remit to continually explore new regions and opportunities for export growth, but he is not working alone.

At a more regional level, Michael Powell is the UK Cyber Security Industry Representative for North America and Simon Hosking is performing a similar role in the Gulf. Dr Pearson said that their work is invaluable: “There are certain regions which are a priority for us and North America is definitely one of them, we have some very good people on the ground over there.

“I already have two years’ experience working in cyber security in the Gulf and for me personally, that area is a major focus. I am also just beginning to seek opportunities in South East Asia.”

Drilling down into the specific industries that UK companies are finding success in, Dr Pearson stated: “If you look at the total money spent on cyber security, government is by far the biggest spender. After that, it is the financial services sector then healthcare and then you see industries such as transport. It is my job to engage with foreign governments so that they can develop trust in UK solutions which will maximise the chances of UK companies winning bids.”

According to Dr Pearson, although government spending is likely to grow, there are other areas of interest that he is now looking to pursue: “I think the really significant growth is going to be seen in utilities and other critical national infrastructure. Smart city technology is another example where cyber security isn’t always a prime concern but it should definitely be something that security teams are aware of.”

Cyber warfare

Critical national infrastructure will be heavily invested in due to the growing threat of state-sponsored attacks severely damaging a nation’s ability to function. Countries such as China, Russia, Iran and North Korea are all engaged in launching cyber attacks against the USA, other Western nations and much of the rest of the world, for example the recent attacks on Gulf nations’ infrastructure reported widely in the media. Growing awareness of such cyber attacks provides good export opportunities for the UK.

Dr Pearson revealed that this is an ongoing concern for the UK authorities: “Our biggest threat at the moment is from state-sponsored attacks. Whether that be to steal money, intellectual property or just good, old fashioned espionage to see what is going on.

“As part of countering this, we have adopted a tactic that is becoming frequently used within the international community and that is when there is sufficient evidence against a particular country, we call out that country for being responsible for the attack. We believe that it does have some success in deterring future attacks against us.”

Showing the skills

Another long-term strategy that the government has adopted to protect against the cyber threat is to encourage younger people to take up cyber security as a career. There is a well-documented skills shortage within the cyber industry that is holding back the UK’s ability to grow even further. A lack of diversity in the workforce and slow career progression have been pointed to as some of the causes behind the talent gap.

It is an area that the government is putting a lot of effort into: “Developing skills has been a huge focus for my predecessors over the last five years and I will continue that work. There has been a programme of increasing investment for a number of years, beginning in academic research all the way down to enhancing the quality of a Master’s degree in cyber security. We now have a well-recognised set of accredited and certified Master’s degrees in cyber security with students being taught the right skills.

“We have also introduced the Cyber First programme which is aimed at identifying talented individuals from age 11 with the objective of getting them upskilled and enthusiastic as early as possible. The programme has been developed over the last five years and offers courses and competitions for interested individuals to take part in.

“The final stage of that programme involves us offering £4,000 a year bursaries to selected students to study cyber security, it also guarantees them an internship working in government or a secure industry during the summer holidays. In return, we ask the individual to make a two-year commitment to work within the cyber security industry immediately after leaving university. After two years, they can decide to work somewhere else if they would like.”

On the subject of diversity, Dr Pearson is equally as pleased with the government’s planning: “We recognise that a very low proportion of professionals within the industry are female. To tackle this, we launched a competition specifically for girls in which a school can enter a team of ten girls to take part in the scheme. Last year, I believe there were around 4,000 girls taking part with the winning team being invited to meet senior politicians in Westminster. The idea is that these different schemes will produce hundreds of highly-skilled graduates and build a talent pipeline within the UK.”

Going straight to the top

Coming back to the short term, the UK government has a clear aim to be the industry leader in cyber security and Dr Pearson is confident that it will achieve that and may even have been reached already: “I would say that we are already number one. Perhaps not in the volume of exports but certainly in the level of skill and innovation we are displaying. Our Secured by Design initiative has been supported by the likes of Google and Microsoft which shows we are on the right track.

“Cyber security exports grew by 13% from 2017 to 2018 which is fantastic, but we still have a long way to go to catch up with the Americans. I will be doing everything I can to support UK companies to continue exporting to existing markets as well as to find new opportunities for them to consider in areas which they may not have thought of before.”

And with that, Dr Pearson was off to his next appointment. It is clearly a big job that he has in store but after listening to the plans he has in place, the UK cyber security industry is in very capable hands.

https://www.gov.uk/government/organisations/department-for-international-trade

For more exclusive interviews with industry-leading figures, subscribe to receive our FREE monthly digital edition on the link here: https://internationalsecurityjournal.com/digital-magazine/