The powers, remit and budget of the newly formed government Office of Cyber Security and Information Assurance (OCSIA), are unclear the House of Commons Science and Technology Committee has warned in a report published today.
The OCSIA is nominally responsible for providing a strategic direction on cyber security and information assurance for the UK. It is also supposed to have a strong working relationship with private sector partners, to exchange information and promote best practice in improving cyber security and tackling e-crime.
However, in evidence to the Science and Technology Committee, the Royal Academy of Engineering said "there is no one place in Government where responsibility lies, and different departments ask the same of advice of the same people."
The Academy said "OCSIA resourcing needs to be resolved, clarifying whether OCSIA is merely raising awareness of this issue, or whether it will be setting out and enacting a cyber security strategy".
Others that gave evidence to the Committee warned that “unless the OCSIA has some teeth to enforce co-ordination across Government, being a mere observer in this game isn’t going to be enough”, the Committee stated in the Scientific advice and evidence in emergencies report.
The Committee said the OCSIA was unable to state what budget it had to improve the UK's cyber security.
The Committee concluded, "The Government clearly recognises the importance of cyber security, but we are uncertain how the OCSIA will meet its objectives, particularly as we were unable to ascertain its budget.
"In its response to this report, we recommend that the Government clarify the powers and funding of the Office of Cyber Security and Information Assurance."
As part of his Strategic Defence Review last year Prime Minister David Cameron said £650 million would be allocated over a four-year period to the fight against cyberattacks.
Since then however it has not been made clear how this money will be distributed and whether any of it will find its way directly to the OCSIA.
In other conclusions from the main report, the Committee recommends that "the Government actively ensures that requirements for security clearance do not deter academics from providing scientific advice to government".
It also says "an understanding of human behaviour is essential in risk assessment, planning and response", citing debate around expectations on the public in maintaining cyber defences.
The Committee says "it is disappointed at the lack of focus on social and behavioural science in government to date". The Committee expects that the newly established Cabinet Office Behavioural Insight team "will provide input to risk assessment for emergencies".