Security News > 2022 > January > UK government opens consultation on medic-style register for Brit infosec pros
Frustrated at lack of activity from the "Standard setting" UK Cyber Security Council, the government wants to pass new laws making it into the statutory regulator of the UK infosec trade.
Government plans, quietly announced in a consultation document issued last week, include a formal register of infosec practitioners - meaning security specialists could be struck off or barred from working if they don't meet "Competence and ethical requirements."
The proposed setup sounds very similar to the General Medical Council and its register of doctors allowed to practice medicine in the UK. Officials in the Department for Digital, Culture, Media and Sport even linked their new professional regulation plans with future Computer Misuse Act amendments, floating the idea that people who aren't UKCSC-registered professionals might not be able to claim any new legal defences.
Part of the new National Cyber Strategy launched late last year is for there to be a government-controlled body "At the top of the profession" in the UK. At the moment everyone's running with a hotchpotch of industry-created certifications for staff, with companies passing NCSC-backed audits for access to sensitive government contracts.
Over the past year it appears UKCSC hasn't achieved very much, with official disapproval of this being all but buried in a very long public consultation document titled "Embedding standards and pathways across the cyber profession by 2025.".
"We have heard through engagement that providing recognition of the UK Cyber Security Council through legislative underpinning would further support its role as the standard setting body for the profession," said the consultation, adding that UKCSC has received "Grant funding for the first four years of operation to allow it to develop a business model."