Much has been said about the need for academics, businesses and the government to work together to address the future cyber security challenges that society faces. This is a sensible proposition, as cyber security affects everyone, and each sector brings different strengths and capabilities. But words and aspirations are one thing; making these partnerships work is something else entirely.
Full credit must be paid to the UK government for setting the ball rolling with a number of initiatives, most of which stem from the National Cyber Security Strategy. For example, the Academic Centre of Excellence in Research (ACE-CSR) scheme makes it easier for external partners to identify academic institutions with a critical mass of cyber security research capability and experience. The National Cyber Security Centre (NCSC) certified degree programme provides welcome pointers towards quality academic cyber security education programmes. And the NCSC’s CyberInvest initiative directly addresses collaboration by seeking to create partnerships between external funders and academic research institutions. All these have made positive contributions and helped to foster a more cohesive cyber security environment.
Collaboration has a lot to offer. Meeting new people and finding out what they’re doing is interesting, and working across sectors can be both satisfying, and good for your profile. There are two barriers that fruitful partnerships must overcome. The first is the potential for mismatch of expectations. The motivational drivers behind academia, business and government are not always the same, so successful engagement requires the identification of common ground. The second, arguably more significant, issue is that good relationships need time to grow. And time is something we all seem to lack these days.
One of the initiatives that emerged from the first National Cyber Security Strategy was the establishment of two Centres for Doctoral Training (CDTs) in cyber security, one at Royal Holloway and the other at Oxford. Since 2013, these centres have funded over 100 doctoral students to undertake PhD research. The programmes involve a first year of immersive cyber security training, before students undertake three years of research. The first graduates from these programmes are now emerging to take up leadership roles across the cyber security profession.
The CDTs in Cyber Security have been extremely successful initiatives, not just because they are producing cyber security leaders, as intended, but because they demonstrate a vehicle for constructive cross-sector collaboration. External organisations actively support the training programme (this year the Royal Holloway CDT made full-day visits to the NCSC, KPMG, HP Labs and Thales), host three-month internships (recent hosts included IBM, NATO and The Cabinet Office) and play an active role in governance (advisory panel representatives include Roke Manor, PwC and DCMS). Through these relationships students have, amongst other successes, worked with Mozilla to develop the new TLS1.3 standard, improved performance of CloudFlare technology, and designed cyber wargames that have been played in numerous boardrooms. Through these collaborations, CDT students have been making a real difference.
However, none of this has come easily, nor quickly. Good partnerships require investments from all sides – financially, emotionally and in terms of time. In cyber security we need more mechanisms, like the CDTs, where true partnerships can be given both the freedom and the time to develop, nurture and grow.