A few weeks ago the IET responded to the DSIT and DCMS on these very points. Our key points were as follows: The rapid increase in software complexity and our everyday reliance on it can lead to vulnerabilities which are exploited by crime-focused, state-sponsored or ideologically-based terrorism. This can result in business critical, financial and reputational damage. Cyber risks need to be managed as a core element of the UK’s national recovery plan, and as part of key company board decisions. Consistent resource investment is needed to maintain technological excellence and competitiveness. Greater government / industry intervention is required around barriers in the open source community; transparency and communication of software materials, vulnerabilities and incident management; procurement supplier assurance / management; software maintenance, configuration and management. Proportionate regulation would allow for innovation, whilst minimising risk levels. Software vulnerabilities also occur via accidental issues through a lack of awareness of what software code is doing. This could get worse with the development of AI. Senior leaders and managers need to drive cultural change around software competence. There’s a challenge finding people with the required skills at competitive salary rates. Competency frameworks and lists of recognised qualifications would help provide organisational reassurance over developer competence in particular areas. Key cyber security roles should have protected status (in the same way as ‘medical doctor’) to help drive up and guarantee standards. What are your thoughts on this? And how will risks be managed with the proliferation and increased sophistication of AI technologies? Our full consultation response is attached below: PDF

What software resilience and security issues do organisations face? How can they be managed effectively?

A few weeks ago the IET responded to the DSIT and DCMS on these very points.

Our key points were as follows:

The rapid increase in software complexity and our everyday reliance on it can lead to vulnerabilities which are exploited by crime-focused, state-sponsored or ideologically-based terrorism. This can result in business critical, financial and reputational damage.
Cyber risks need to be managed as a core element of the UK’s national recovery plan, and as part of key company board decisions. Consistent resource investment is needed to maintain technological excellence and competitiveness.
Greater government / industry intervention is required around barriers in the open source community; transparency and communication of software materials, vulnerabilities and incident management; procurement supplier assurance / management; software maintenance, configuration and management.
Proportionate regulation would allow for innovation, whilst minimising risk levels.
Software vulnerabilities also occur via accidental issues through a lack of awareness of what software code is doing. This could get worse with the development of AI.
Senior leaders and managers need to drive cultural change around software competence.
There’s a challenge finding people with the required skills at competitive salary rates. Competency frameworks and lists of recognised qualifications would help provide organisational reassurance over developer competence in particular areas.
Key cyber security roles should have protected status (in the same way as ‘medical doctor’) to help drive up and guarantee standards.

What are your thoughts on this? And how will risks be managed with the proliferation and increased sophistication of AI technologies?

Our full consultation response is attached below: