It was revealed over the weekend that the UK government electronic surveillance agency has sent out briefing notes to universities which offer MSc courses in cyber security, asking them to apply for certification by 20th June.
Should they accept, students who have completed and passed these courses would be able to say that they have “successfully completed a GCHQ-certified degree."
The government-backed body, which is still facing heat from Edward Snowden's ongoing allegations, reveals in the 39-page document that the certification would be valid for five years, after which it would need to be renewed.
It's not clear why the group is embarking on this scheme, although a look at the briefing document suggests that there is some disillusionment from within the government at the quality of courses being offered.
The briefing note says that the number of cyber security-related courses (there are around 90 currently, according to SC data) makes it difficult to “assess the quality of the degrees on offer”, and reveals that degrees certified by the GCHQ would offer a “general, broad foundation in cyber security” including detailed knowledge on things like malicious code and common attacks.
GCHQ came up with the criteria by working with Professor Fred Piper, the founding director of The Information Security Group at Royal Holloway, University of London – the first to offer cyber-security Master's degree in the UK 24 years ago. Professor Steven Furnell, of Plymouth University, has also helped GCHQ to develop assessment criteria for the Master's degrees.
GCHQ has also confirmed that it intends to send its own employees on these courses.
“Whilst we will be offering opportunities for GCHQ staff to up-skill through Master's courses that are successfully certified, we also believe they will have much wider applicability across the public and private sector and encourage other organisations to look for the certification as a mark of quality,” they said.
“Our main aim here is to increase the future pool of cyber-security professionals that are available to both the public and private sector.”
In response to the news, Eerke Boiten, director of the Cyber Security Research Centre at the University of Kent, told SCMagazineUK.com that he welcomed the move – but expressed concern at the number of courses that will meet the required standard.
“Given our university offers several MSc programmes in Security, of course this is a development that is likely to affect us,” he said via email.
“It was already known that GCHQ is keen to support study at postgraduate (rather than undergraduate) level in this topic, and that is the correct choice given the depth and breadth of knowledge required. The novelty of this particular move is that it is willing to broaden this support, from a small number of institutes that it has direct involvement with, to a wider range of universities offering the right content and quality.
“Having an accreditation kitemark available, however, will not by itself be an incentive for people to embark on an MSc in Cyber security, and so won't address the skills gap. I think it is also extremely likely that there will remain good MSc courses in the UK that will not receive the GCHQ accreditation: the GCHQ curriculum is very densely packed, and somewhat focused towards their definition of cyber-security. Universities may choose to take a somewhat different focus, or decide that it is more appropriate to cover a smaller number of topics to a much greater depth.”
Alan Woodward, professor at the University of Surrey, added that the move was ‘really encouraging', and believes that the GCHQ is a "natural reference" for controlling the quality of cyber security courses in the UK. His university wasn't involved in the pilot – which involved Oxford and Royal Holloway – but hinted it could well bid to get involved.
In related news, it appears as though the electronic surveillance body is also someway closer to appointing a new director.
Citing ‘senior Whitehall' figures, The Financial Times reports that a decision on the new leader is expected within a fortnight.
The choice is currently believed to be between Charles Farr - director of security and counter terrorism at the Home Office, Robert Hannigan – director-general of defence and intelligence – and a third intelligence officer who ‘cannot be named for security reasons'.
Sir Iain Lobban, the current GCHQ director, is to step down later this year having worked for the organisation since 1983.