School for spies: UK creates 'university degrees' in cyber security
GCHQ, the UK government surveillance agency, is to give its stamp of approval to postgraduate courses in cyber security, essentially certified degrees for spies.
The 39-page document from GCHQ, seen by the Independent, says that the increasing number of courses in security related subjects at institutions across the UK means that it is becoming more and more difficult to “assess the quality of the degrees on offer.”
In order to gain certification a master’s degree must offer a “general, broad foundation in cyber security” and must also include a detailed knowledge of threats to online activity including “common attacks”, “malicious code” and “adversarial thinking.”
The new GCHQ certificates will be valid for five years before having to be renewed, and it is hoped the new system will create more clarity in what’s on offer.
The Cheltenham based surveillance agency has sent out a brief to all universities in the UK offering an MSc in cyber security to apply for certification before June 20.
A spokesperson for GCHQ told the Independent that as well as appealing to the public in general, the agency planned to send their own employees on the certified courses.
“Whilst we will be offering opportunities for GCHQ staff to up-skill through Master’s courses that are successfully certified, we also believe they will have a much wider applicability across the public and private sector and encourage other organizations to look for the certification as a mark of quality,” they said.
The spokesperson added that their aim was to increase the future pool of cyber-security professionals in the UK, and while GCHQ is always looking for suitable recruits, they do not have any intention of monitoring the courses.
GCHQ has already certified two institutions for PhD’s in cyber security, the University of Oxford and Royal Holloway, part of the University of London. Students on the Oxford course began their studies in October 2013, but are not due to complete the course until 2017.
Royal Holloway began offering the first cyber-security master’s degrees in the UK in 1992. Called the Information Security Group, Fred Piper, its founding director, has been helping GCHQ to develop the criteria for the new certification.
He explained to the Independent that the main reason for the new certificates was so that the spy agency would know the best place to send its own people.
However, the Information Security Group webpage on the Royal Holloway’s site makes no mention of GQHQ and instead says that it has always fostered strong links with industry and government and gives its motto as "Academia and Industry in Harmony."
Chris Ensor, the deputy director for the National Technical Authority for Information Assurance, which acts as the information-security arm of GCHQ, said that while they had sent some employees into schools to encourage pupils to be interested in maths, they could do more to recruit the right people.
“We’re a highly technical organization with a highly technical workforce, so we depend on the young talent coming through all the way from schools to apprenticeships and degrees,” he said.
The GCHQ certificates are part of the UK government’s broader cyber-security strategy, which aims “for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace.”