Earlier this year UK universities were invited to submit their Cyber Security Master's degrees for certification against GCHQ's criteria, with the six successful Master's degrees judged to provide well-defined and appropriate content for a broad foundation in Cyber Security, delivered to the highest standard.
GCHQ came up with the criteria by working with Professor Fred Piper, the founding director of The Information Security Group at Royal Holloway, University of London – the first to offer cyber-security Master's degree in the UK 24 years ago. Professor Steven Furnell, of Plymouth University, also helped GCHQ to develop assessment criteria for the Master's degrees.
Masters degrees awarded GCHQ-certified status are:
Full certified status:
Edinburgh Napier University
MSc in Advanced Security and Digital Forensics
MSc in Cyber Security
University of Oxford
MSc in Software and Systems Security
Royal Holloway, University of London
MSc in Information Security
Provisional certified status:
MSc in Cyber Defence and Information Assurance
University of Surrey
MSc in Information Security
Full certification is being offered to Master's degrees currently running whose students completed their degree in academic year 2012 to 2013; provisional certification is offered for those Master's degrees which started academic year 2013, or are due to start in Autumn 2014.
Later this year Master's certification will be extended to specialist degrees in areas such as digital forensics.
A spokesperson for GCHQ told SCMagazineUK, "The certification places no restrictions on nationality requirements. The entrance requirements will remain in the control of the universities themselves and be unaffected by the new certification."
In a statement to press, Nigel Smart, professor of cryptology, University of Bristol said: “For the first time, UK universities which become certified will have a means to promote the quality of the cyber security they teach. Over the next few years, as GCHQ certification is applied to more specialised areas of cyber security, I expect the number of UK universities achieving certification of their Master's degrees to increase.”
There are around 90 cyber-security related university courses in the UK, but the quality had previously been described as variable.
Consequently there has been a positive response among prospective employers with Mark Hughes, President of BT Security, saying: “The fact that GCHQ recognises these courses as high calibre gives us, at BT, the confidence that those graduating with a Master's from one of these universities will have the sound knowledge base in cyber security that we would be looking for.” GCHQ has also confirmed that it intends to send its own employees on these courses.
The National Cyber Security Strategy recognises education as key to the development of Cyber Security skills and GCHQ is developing a programme to identify and recognise Academic Centres of Excellence in Cyber Security Education (ACEs-CSE),with the first applications from universities to be recognised being judged in late 2015.
Only universities whose Master's degrees have been GCHQ-certified are expected to be eligible to apply for ACE-CSE recognition. Chris Ensor, deputy director for the National Technical Authority for Information Assurance at GCHQ notes that: “Recognition of these degrees is an important first step towards recognising Academic Centres of Excellence in Cyber Security Education (ACEs-CSE).”