Cracking the internet threat: how Bletchley Park offers hope to banks
City sees revived wartime facility as key to finding a new wave of cyber crimefighters,
Trying to get Bletchley Park up and running for the first time since the end of the Second World War is not a simple job – teenage hackers hoping to spend their school days encrypting codes from the site will have to wait a little longer.
Plans to transform the facility – once used to crack codes during the war – into the UK’S first National College of Cyber Security next September have been delayed by a year after the latest application round for free schools (the sixth form college will be free to its 450-odd students) was held up amid political uncertainty.
Given the crippling shortage of talent in the cyber security sector, that’s bad news for everyone. Lloyd’s of London warned earlier this month that a serious cyber attack could cost the economy more than £92bn, with the financial services industry most at risk given its reliance on computer systems and the fact that most hackers are drawn to money. While banks can pay large sums to hire the best experts, studies show that most UK specialists are over 45. As they start to retire, and hackers get more sophisticated, the stereotype of a cyber criminal – a sullen, nerdy teenager – is exactly what the City will need on its side.
“The skills deficit is really significant. Those in more senior roles are in the forties age range [so] not only have you got to find new people but you’ve got to replace existing people,” said Alastair Macwillson, a British cyber security expert who is pushing to get Bletchley Park’s code-breaking college up and running as soon as possible. The new target date is October 2019.
But the talent gap in this area has little to do with a lack of interest in cyber crime – Macwillson said the “avalanche” of queries since plans for the Bletchley Park college first emerged last November has been so overwhelming that a taster event due earlier this year was pulled. That’s despite the Government already trying to bring young people into the industry through work placements, bursaries and competitions.
Banks and other financial institutions are paying particular attention to this next generation of cyber crime fighters, all too aware that the threat to their industry – as predicted by Alex Dewdney, the National Cyber Security Centre’s (NCSC) director for engagement – is “very real”.
Thecityuk, the body for Britain’s finance sector, wants to work with the NCSC to make sure some of the people being trained in this area are funnelled its way. Marcus Scott, the group’s chief financial officer, said he wanted to see cyber schools in all UK cities with a big financial services presence so that those trained up do not all go and work at GCHQ.
“We know that industry is crying out for these skills in volume; not just
‘Hackers are getting much more into the nuts and bolts of how the financial services sector works’
a hand-picked elite needed to work at GCHQ to ensure national security, but an entire generation of skilled people to protect British industry,” he said, adding that a large pool of talent was necessary so that the Government is not deprived of the people it needs.
While in many ways the finance sector is already ahead of the pack – banks including JP Morgan formed a group with the US government last year to share cyber information with each other – experts warn that hackers are getting increasingly sophisticated and are therefore finding it easier to break the system.
“Hackers are getting much more into the nuts and bolts of how financial services works,” said George Quigley, a KPMG partner who specialises in cyber security. “You’re talking serious organisations here with financial muscle behind them.”
However, it can be difficult for institutions to know how or what to protect themselves against in a world that’s so intangible and with tactics that are constantly changing. Dave Palmer, the director of technology at cyber security firm Darktrace, said he has seen tactics such as listening into conversations via video conferencing units emerge over the past year, with attacks likely to keep changing as hackers acquire new skills. “It’s like a nuclear arms race, [you’re] always going to have to keep moving defences,” Quigley said.
For some in the financial services industry the concern isn’t just about being attacked – as Lloyd’s of London pointed out last week, rising cyber threats mean a rising demand for cyber insurance. “We feel fairly comfortable about getting our arms around what a natural disaster will cost – [but cyber] hasn’t got geographical boundaries, it can cross borders, it’s intangible, it’s a new type of risk,” Inga Beale, the Lloyd’s of London chief executive, said, voicing concerns barely two months after hospital services across the UK were crippled by a ransomware cyber attack.
Forced to juggle a rising list of unknowns, insurers will likely be joining the banks, asset managers and hedge funds eager to hire Bletchley Park’s first graduates come October 2019.