Forgot your password?
typodupeerror
Education Security United Kingdom

UK Spy Agency Certifies Master's Degrees In Cyber Security 45

Posted by samzenpus
from the learning-lessons dept.
An anonymous reader writes Intelligence agency GCHQ has just accredited six UK universities to teach Master's degrees in online security that meet the intelligence agency's "stringent criteria." From the press release: "The certification of six Master's degrees in Cyber Security was announced by Rt.Hon Francis Maude, Minister for the Cabinet Office, when he visited GCHQ today. This marks another significant step in the development of the UK's knowledge, skills and capability in all fields of Cyber Security as part of the National Cyber Security Programme. The National Cyber Security Strategy recognises education as key to the development of Cyber Security skills and, earlier in the year, UK universities were invited to submit their Cyber Security Master's degrees for certification against GCHQ's stringent criteria for a broad foundation in Cyber Security."
This discussion has been archived. No new comments can be posted.

UK Spy Agency Certifies Master's Degrees In Cyber Security

Comments Filter:
  • by Anonymous Coward

    Make sure you have your credit card number ready.

  • Why masters level? and not this at a lower level?

    But in the UK school does not cost anywhere near what it does in the usa so people can take classes for 6-10+ years with out the big loans.

    • by Philip Mather (2889417) on Sunday August 03, 2014 @06:02PM (#47595619)
      It's being accredited by GCHQ rather than designed or run, the university stipulates the course material, structure etc... GCHQ obviously felt that only the Masters level courses met their requirements (whatever they maybe) for accreditation. My Engineering degree was accredited by the IET, both Bachelors and Masters components but you didn't have to do the Masters if you wanted an accredited BEng so it is a bit unusual.

      University in the UK is rapidly catching up with the US in terms of cost, I was amoung the first year of students who had to pay but it was only at £1000 per year. If I were to do my 5 year Masters in Computer Systems Engineering again now it would cost about £7000 for each of the 5 years (let's say $60000ish). They aren't typical loans however, government provided they charge a very low interest rate and are only paid back once you earn over a certain amount and increase in proportion to your salary. They do however survive bankruptcy and HMRC aren't known for writing debts off easily if you try skipping abroad etc... ;-) It is written off at normal retirement age otherwise.

      Excluding doctors or vets it's unusual to spend more than 3 years doing an undergraduate degree at university in the UK, very unusual doing more than 4 years for a Masters. I elected to do a foundation year of extra mathematics and goffing off with jet engines... as you do.
    • by Anonymous Coward on Sunday August 03, 2014 @06:13PM (#47595651)

      There are many similar programs in the US. Here it is called the National Centers of Academic Excellence progam [nsa.gov]. It is overseen by the NSA of course. No matter what you think of them, at least they do know what they are doing in the technical realm.

      The Bachelor's programs in information assurance cover far, far more about security than CS ever could, but still it is often not enough. Proper security requires an understanding in depth of a wide number of systems. The two extra years really is necessary to just lay the foundation of a security professional. These programs are designed to fill a need that exists and the free market has not managed to fix. There are just too many people out there that think they know about security, or even have careers in security that have holes in their knowledge. In other fields of IT that is fine, but not security. It only takes one crack, one little misconfiguration, bad update, or missed red flag to have the whole house of cards crumble to the ground.

      • 2 more years in college when 2 years + 2 years doing real IT work is a lot better for learning. A 4 year CS turns out people loaded holes in their knowledge.and 2 years of the ivory tower will give them even more skill gaps.

    • by AHuxley (892839)
      It depends who they want to get and why. If a gov needs a nations tops skills it kind of signals what tasks are expected in a public way.
      Top people can be bought in as friends of friends with the right education and background.
      Cyber Security Operations Centre was public in ~2010?
      For other tasks they will cast a wide public net and skill people up in house.
      It was the same with German in ww2, Russian before/after ww2, Ireland and Asian/African language needs now.
      The public can follow along via what was
    • by TheRaven64 (641858) on Monday August 04, 2014 @04:58AM (#47597877) Journal
      It's very unusual in the UK for a bachelors degree to be this specialised. There are some places that do a BSc in Game Design, but those subjects are a bit of a joke (ironically, many the course are typically not that bad, because they exist purely for marketing reasons and are 80% identical to the computer science degree, but with a few modules in things like 3D art). It's more common to do a BSc in a general field, like computer science or engineering and then a one-year MSc / MEng / MPhil in something a lot more specialised.
  • So the spy agency that admit s to (a) sharing data with the NSA, and (b) has pretty much admitted that it wants to be able to hack into any systems it wants in search of information, is now certifying information security courses that would, in theory, make their jobs harder...
    What can possibly go wrong?

  • by MindPrison (864299) on Sunday August 03, 2014 @05:37PM (#47595501) Journal
    Masters degree in Online Security, really? You might as well take a MS-something certification and call yourself a windows professional.

    The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else. They monitor their companies outgoing - ingoing data for certain things, and block certain services. They also have a strict policy on mobile devices, cellphones, USB-memory devices and usually give their employees their own...monitored...laptops, everything within a guaranteed controlled environment.

    Except that "Guaranteed" part, because there are really no such thing as a guarantee within computer security, the only way to truly learn computer security is to practice hacking, thinking like a hacker, be a hacker and yes...have the same incentives as a cracker would have, and the fun a hacker would have solving new puzzles, breaking into new systems, learning every corner of that hardware inside out. You can't TEACH that at a school, heck...not even the most experienced hacker in the WORLD can teach ANYONE these things, there is so much...and you need to know everything from scratch, everything else is just being a well mannered script-kiddie that would be totally clueless if they received a "virus" that no one of their hardware/software systems could detect, simply because the programmer is so clever (we're talking hackers here, just in case you mistook a programmer for a programmer instead of a hacker, hint hint, wink wink and nudge nudge). And the reason they can't detect it, is because it's not been discovered yet. How can you teach that?!

    Kids today don't even know what vectors are, they have NO clue how the bios work, gawd...I'm gonna grab myself a bag of popcorn and watch this freak show.
    • Some schools can't even teach base stuff that is not theory based.

      Security what about basic desktop work as well?

    • The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else.

      ...which is why it's important to have an outside body accrediting degrees, to discourage meaningless diploma mills.

      • and to stop the idea of college for all.

        We need more trade / tech schools that are NOT TIED to the DEGREE system.

    • by Teun (17872)
      Indeed, knowledge is not always up to expectations and need.

      But then what you seem to forget is from new computers the BIOS has all but disappeared and has been replaced by something called UEFI.
      You should update your knowledge starting by something like this [kubuntuforums.net]:

      Just Google who is Steve Riley and you'll be a little smarter.

    • I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the sa

  • Bizarre (Score:5, Insightful)

    by AmiMoJo (196126) * <mojo @ w orld3.net> on Sunday August 03, 2014 @05:39PM (#47595511) Homepage

    It's like the Mafia certifying degrees in extortion and smuggling, or drug cartels certifying degrees in meth amphetamine production.

    They were caught breaking the law multiple times and without remorse, yet carry on like nothing has changed.

    • by Anonymous Coward

      I think a degree in extortion endorsed by the Mafia would be a pretty good degree don't you?
      Would you prefer a degree in cyber security endorsed by a bingo club?

  • by Blue Stone (582566) on Sunday August 03, 2014 @06:50PM (#47595813) Homepage Journal

    Francis Maude (the minister setting this up) - "Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware."

    And if the spy agencies are the threat? Who will protect us from those who wish to protect us?

    Perhaps the course will be teaching people how to evade the mass surveillance of GCHQ and their pals at the NSA? Seems unlikely!

    • by coofercat (719737)

      Yeah, we sort of need "The Only University Masters course NOT certified by GCHQ" ;-)

      Come to think of it, if there were such an online course, I'd probably take it...

  • by relisher (2955441) on Sunday August 03, 2014 @07:26PM (#47595941)
    Funny that the GCHQ would certify programs that *in theory* should help companies protect themselves from the spying of the GCHQ.
  • Module 1) Welcome to Cybersecurity

    Module 2) Catching Julian Assange

    Module 3) Not going after easyTree ...

  • ... could work from home?

  • The same agency will certify companies[1]. For a fee[2]. And an agreement that you forward all vuln reports to their spooks[3].
    1. [1] - http://www.cesg.gov.uk/service... [cesg.gov.uk]
    2. [2] - http://www.cesg.gov.uk/service... [cesg.gov.uk]
    3. [3] - http://www.cesg.gov.uk/service... [cesg.gov.uk]

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Working...