Francis Maude speech at Cyber Security Challenge Masterclass
The minister opened the final of the 2014 Cyber Security Challenge Masterclass, which tests the cyber security skills of amateur contestants.
Introduction
Thank you very much Judy [Baker, Chair of the Cyber Security Challenge].
It鈥檚 a great privilege to be asked to open the final of this year鈥檚
It鈥檚 in its fourth year, as you said, and congratulations to you for kicking it off Judy. It鈥檚 got 75 sponsors from across government, business and academia 鈥� working closely together toward a shared aim, which is incredibly important, of a safe and secure internet.
So thank you to Stephanie [Daman, CEO] and the entire board for the work you鈥檝e done to make this possible.
And it鈥檚 a particular pleasure to see your patron, Baroness Pauline Neville-Jones, here in the room tonight (13 March 2014).
Pauline recently stepped down as the Prime Minister鈥檚 Special Representative to Business on Cyber Security and in both this and her previous role as Minister for Security she鈥檚 helped advance the cause of cyber security immeasurably, particularly in raising awareness among senior business figures. And I think I can say if it hadn鈥檛 been for your passion and commitment to this Pauline, I think it鈥檚 much less likely that the government would have done this extraordinary thing which was 鈥� at a time of falling budgets overall and deep financial constraint 鈥� actually to commit a significant additional sum to this whole project and the programme and you deserve huge credit for that 鈥� so thank you from all of us.
We can never be complacent and there鈥檚 much work still to do 鈥� and there always will be, this will always be a work in progress 鈥� but over the past few years cyber security has rapidly moved up the agenda of company boards. UK businesses are now far better placed to manage the risks that exists.
The fact that so many leading companies are enthusiastically involved with this challenge is testament to this. Just look at the range of sponsors here tonight 鈥� BT, Juniper, GCHQ, National Crime Agency, Lockheed Martin and Bank of England. This kind of cooperation is precisely why we as a government are supporting the Cyber Security Challenge financially through our National Cyber Security Programme.
Cyber Security Challenge Masterclass final
Sometimes, when we talk about cyber security it鈥檚 all about the dark side 鈥� the threat. We shouldn鈥檛 lose sight of the fact that this is a threat because of the existence of something marvellous and how appropriate that in these few days when we鈥檙e celebrating 25 years of the World Wide Web, we should reflect on the transformation of all of our lives that the internet has brought; what a force for good it is in our lives, for the economy, for our ability to connect with each other and to organise our lives differently and better. It鈥檚 the biggest social and technological change in my lifetime.
And I think one of the strengths of the Cyber Security Challenge is that 鈥� in the middle of the sober and menacing nature of the cyber threat 鈥� it seeks to respond in a very positive way, by identifying and nurturing some of the exceptional talent that can be found in schools and universities and, of course, in offices and homes around the country.
So let me start by congratulating our participants. You鈥檝e been put through a series of challenging scenarios and you鈥檝e had to flex your intellectual muscles to get here tonight, so well done.
I鈥檓 told that there are 42 of you who have made it through to this face-to-face stage. Well, 42 as we know is a very auspicious number. According to The Hitchhiker鈥檚 Guide to the Galaxy, 42 is the answer to The Ultimate Question of Life, the Universe, and Everything.
Don鈥檛 worry 鈥� we鈥檙e not looking for anything quite as profound over the next couple of days.
Quite simply, we鈥檙e looking for raw talent.
There鈥檚 a gap between the increasing opportunities to work in cyber security and the availability of people with the right skills. And for the good of national security, commercial interests and the wellbeing of everybody, it鈥檚 a gap we need to close. And I鈥檓 increasingly confident we can. We haven鈥檛 yet, but we can.
Computer programmers and software engineers; logicians and statisticians; code breakers and code makers 鈥� as a nation, we鈥檝e produced some of the greats. We have in the UK a fantastically rich heritage, from the Babbage Difference Engine to Tim Berners-Lee鈥檚 World Wide Web.
We have some of the best universities in the world for science and technology too.
But the kinds of people we鈥檙e looking for won鈥檛 always come with a double first from Cambridge. Or even from Oxford, which I鈥檓 told is much easier.
We know that aptitude can be found in all sorts of places.
Take Tommy Flowers for instance 鈥� the man who developed Colossus, the world鈥檚 first programmable electronic digital computer. He worked as an electrical engineer for the General Post Office 鈥� the forerunner of BT, which makes tonight鈥檚 venue perhaps an especially fitting one. During the Second World War, the government鈥檚 code and cypher school at Bletchley Park was sceptical about his invention, so 鈥� poor fellow 鈥� he had to build it in his spare time using his own money.
But it worked and went on to play an instrumental role in the planning for D-Day, 70 years ago.
Bletchley Park was full of people from all kinds of different backgrounds.
Dillwyn Knox, a renowned expert in Egyptian papyrus.
Pioneering women like the zoologist Miriam Rothschild and the linguist Mavis Batey who, not content with cracking Enigma codes, went on to become a noted garden historian after the war.
And I noticed when I was at Cheltenham in GCHQ recently at the little museum they have of Bletchley memorabilia, a list of the names of people who had been recruited to Bletchley from universities during the last war. Next to J. R. R. Tolkien 鈥� the connection between Norse mythology and breaking cyphers is obvious 鈥� I noticed 2 names from my old Cambridge college, who were fellows there when I was there, who鈥檇 been recruited. And were they computer scientists or mathematicians? No, they were ancient historians. One of them produced a classic work on ancient Rome. What was needed was brainpower: sheer, intellectual brainpower. The ability to process difficult things and make sense of things that didn鈥檛 seem to make sense. Intellectually formidable, all of these people served their country, even though they probably didn鈥檛 recognise at the time the significance of what they were doing.
When Churchill went to visit Bletchley, he is reported to have said:
When I told you to leave no stone unturned recruiting for this place, I didn鈥檛 expect you to take me literally.
Well, tomorrow you鈥檙e going to be I鈥檓 told in the Churchill War Rooms 鈥� and we鈥檒l be looking for the kinds of people with the skills to be the next Tommy Flowers or Mavis Batey.
And we all know they鈥檙e out there, but they鈥檙e not always obvious.
On a visit a year or so ago, I remember meeting a young apprentice at a small cyber company in Malvern where, rather improbably, there is this cluster of cyber security related businesses. Not where you鈥檇 expect to find it 鈥� but great. And this young man who was 16, starting his apprenticeship, he鈥檇 been thrown out of school. He wasn鈥檛 succeeding academically, it wasn鈥檛 his thing. He was disruptive at school and they鈥檇 bunged him out. But he loved computers, he loved doing this stuff and was brilliant at it 鈥� and he鈥檚 found his niche. And I remember asking him how many like you were there in your school 鈥� and he replied about half the class.
That鈥檚 quite a rich talent pool to draw from and are we getting as good as we need to be at spotting that raw talent and using it? Helping people find their niche, the thing they鈥檙e brilliant at. And in this country, which is such a rich source of talent, ingenuity and creativity, we must be finding more of them, more quickly, earlier and getting them to work.
So that young man has found his niche and I鈥檓 sure he will go on to do amazing things. Some of the brightest and best are self-taught. We want to find people who might not have trodden the usual conventionally career path.
So that鈥檚 why we have been supporting the Cyber Security Challenge, through the National Cyber Security Programme, to demonstrate the excitement of this profession to as wide an audience as possible.
That includes young people, making their first tentative steps into the workplace.
But it also includes people already in the world of work, who have the skills, the aptitude or the ability, but haven鈥檛 previously considered this as a career 鈥� they might not think they have the right technical qualifications or because they鈥檝e already started on a different career trajectory.
So one of the things we want to do is to make it easier for sideways entry mid-career.
A case in point is the winner of the first Cyber Security Challenge 鈥� Dan Summers 鈥� who was working as a postman. He still works for Royal Mail 鈥� but now in vulnerability management.
I can tell you today, that almost 1 in 3 people who have previously reached the final face-to-face stage of this competition go on to find work in the field of cyber security.
So for a third of the contestants here tonight, the next 2 days could be the first step on this new career path.
And even those who choose not to pursue it as a career will leave this contest with an increased awareness, which they will take with them into other careers and workplaces.
Another previous masterclass winner, Jonathan Millican, will be speaking later and I look forward to hearing about his challenge.
Schools Challenge
But it鈥檚 by no means a case of 鈥渕ission accomplished鈥� and never will be. This will always be a work in progress. The internet is defined by its openness and its speed. It鈥檚 organic, self-sustaining and self-propelling. It doesn鈥檛 have a rewind button. You can鈥檛 pause it. It鈥檚 going to go on growing 鈥� and our training and education has to keep pace.
So to avoid a gap in our cyber defences in 10 or 20 years鈥� time, we need to look not just to the needs of the current workforce, but over the horizon, to those still in school.
562 schools no less have already registered for the Cyber Security Challenge Schools Programme, with an additional 170 still to be contacted for the next round. Potentially that鈥檚 almost 22,000 pupils who have gone from having little or no knowledge of cyber security to now recognising it as an exciting and realistic career opportunity.
So we鈥檝e made a further grant of 拢100,000 to the Cyber Security Challenge to expand the pilot regionally and nationally, so it can run twice yearly, and can link participating schools to local universities.
I鈥檓 pleased to see some of the schools here tonight 鈥� and the .
Cyber Security Strategy
Our support for the Cyber Security Challenge is an important part of our Cyber Security Strategy.
We鈥檝e backed the strategy with 拢650 million over 4 years 鈥� to which we added another 拢210 million last year, to take us through to 2015 to 2016.
In a time of austerity, most areas of government have had to contend with a squeeze on their budgets 鈥� so the fact we are increasing spending on cyber security demonstrates how high it rates in our priorities.
But spending, by itself, is not enough. Better skills underpin the government鈥檚 whole Cyber Security Strategy. We simply won鈥檛 achieve all the other objectives without it.
Earlier today, the Department for Business announced a range of measures we are taking to help increase our capability.
We鈥檝e now developed cyber security content for each stage of education, including teaching materials and e-learning courses to promote cyber security learning in schools. And we鈥檝e funded initiatives for graduates and post-graduate students, as well as internships and apprenticeships, because we want to strengthen the skills of new entrants.
But closing the gap between demand and availability of skills doesn鈥檛 just require a focus on education 鈥� we also need to ensure cyber security presents an attractive and appealing career choice.
So the task for industry and business and government is to work together to turn cyber security from a little understood role performed by a small number of technical experts, to a mainstream profession 鈥� one that鈥檚 respected and valued, with proper opportunities for development and progression, so it can attract and retain the best talent.
CESG, the information security arm of GCHQ at Cheltenham, now has a scheme to certify cyber security professionals in the UK. It helps government and business to recruit people with the right skills 鈥� at the right level 鈥� to the right jobs.
Together with the development of National Skills Standards and learning pathways, developed in conjunction with e-skills UK, it鈥檚 helping to define a career path because through regular opportunities for re-assessment it enables individuals to progress as their skills and experience grows.
Next week, the Department for Business is hosting a Cyber Security Skills Showcase to raise awareness about what government is doing and how industry can get involved 鈥� and I鈥檓 pleased that the Cyber Security Challenge will be represented there.
Finally, because of the relentless and ever-changing nature of cyber threats, we also need to be on the front foot to develop new skills and capabilities in the future.
Cyber security research
4 years ago, our understanding of cyber security was relatively low and there wasn鈥檛 really the means of expanding that knowledge in a sustained way, which is why we are also investing in research.
Today we have 11 new academic centres of excellence in cyber security research; there are 3 new research institutes and 2 centres for doctoral training. They鈥檒l help us appreciate and predict cyber risks and identify gaps in our defences 鈥� because, as the old adage goes, to be forewarned is to be forearmed.
Conclusion
So, in conclusion, over the next 2 days, you鈥檙e going to battle it out face-to-face until one of you emerges as 鈥淭op Gun鈥�. But actually, this is a competition from which everyone stands to gain.
Our workforce will be more skilled.
The UK will be a more secure place to do business.
People will be safer online.
Ultimately, better cyber security shouldn鈥檛 be viewed as a necessary evil 鈥� it should be seen as a massive opportunity. For many, including some of those in this competition, it鈥檚 an opportunity for a satisfying and rewarding career. It鈥檚 also one of the businesses of the future that can help the UK achieve strong lasting growth. And it will help us all reap maximum benefit from the limitless potential of the information age.
So very good luck to you all 鈥� thank you very much.