Doctor-style register intended for UK IT security professionals • The Register
Frustrated by the lack of activity of the “normative” UK Cybersecurity Council, the government is keen to pass new laws to make it the statutory regulator of the UK’s infosec trade.
The government’s plans, quietly announced in a consultation paper released last week, include an official register of IT security practitioners – meaning security specialists could be struck off or banned from working if they don’t respond to the “requirements of competence and ethics”.
The proposed setup is very similar to the General Medical Council and its register of doctors licensed to practice medicine in the UK.
Department of Digital, Culture, Media and Sport (DCMS) officials have even linked their new professional regulation plans to future amendments to the Computer Misuse Act, suggesting that people who are not registered professionals in the UKCSC may not be able to claim new legal defences.
Part of the new National Cybersecurity Strategy launched at the end of last year calls for the creation of a government-controlled body “at the top of the profession” in the UK.
Right now, everyone is operating with a hodgepodge of industry-created certifications for staff, with companies passing NCSC-backed audits for access to sensitive government contracts. The UKCSC aims to impose a single UK-specific structure for all of this.
Yet over the past year it appears the UKCSC has accomplished little, with official disapproval all but buried in a very lengthy public consultation document titled ‘Integrating Standards and Pathways into the Profession cybernetics by 2025″.
“We heard through the pledge that recognition of the UK Cyber Security Council through a statutory basis would further support its role as a standard setting body for the profession,” the consultation said, adding that the UKCSC received “grants for the first four years”. to enable it to develop a business model.
A suspicious person might think that the industry seems to be ignoring the self-proclaimed “voice of the cybersecurity profession” much to the horror of the DCMS. Lamenting the amount of money and effort invested in the UKCSC so far, the consultation said:
Last year’s launch of the UKCSC immediately hit the rocks after having the world visit its official website; a website on a domain that he did not own or control. Putting this sort of organization in charge of the entire cybersecurity industry in the UK as a state-owned gatekeeper doesn’t seem like a good move.
The consultation on the UKCSC Statutory Foundations is open and runs until 11.45pm on Sunday 20 March. Express yourself or not, but don’t complain if you don’t do anything and you don’t like the result. ®