Cybersecurity educationBritish intelligence agency promotes cybersecurity education

Published 11 April 2014

As part of its national cybersecurity strategy to “derive huge economic and social value from a vibrant, resilient, and secure cyberspace,” the United Kingdom will issue certifications to colleges and universities offering advanced degrees in cybersecurity. The British intelligence agency, Government Communications Headquarters(GCHQ), has notified various institutions to apply for certification by 20 June 2014. Students who complete the approved courses will carry a “GCHQ-certified degree.”

As part of its national cybersecurity strategy to “derive huge economic and social value from a vibrant, resilient, and secure cyberspace,” the United Kingdom will issue certifications to colleges and universities offering advanced degrees in cybersecurity. The British intelligence agency, Government Communications Headquarters (GCHQ), has notified various institutions to apply for certification by 20 June 2014. Students who complete the approved courses will carry a “GCHQ-certified degree.”

According to the notice, the increasing number of cybersecurity-related courses across the country have made it challenging for students and employers to “assess the quality of the degrees on offer.” Institutions will have to renew their certification every five years for validation.

In 1992, the Information Security Group at Royal Holloway, University of London, offered the first cybersecurity Master’s degree in the United Kingdom. TheIndependent reports that Fred Piper, the group’s founding director, has been helping GCHQ develop the guidelines for the new certification. Piper said that GCHQ wanted “to know where to send their people” for the best training in cybersecurity, noting that the easiest way of doing that was if GCHQ certified the courses.

A GCHQ spokesperson confirmed that the agency would enroll its employees in the certified courses. “Whilst we will be offering opportunities for GCHQ staff to up-skill through Master’s courses that are successfully certified, we also believe they will have much wider applicability across the public and private sector and encourage other organizations to look for the certification as a mark of quality,” the spokesperson said. In order to gain certification, courses must offer a “general, broad foundation in cybersecurity” with detailed knowledge of internet threats including common attacks, malicious code, and adversarial thinking.

GCHQ has also invested in educating younger students for a role in the cybersecurity workforce. Chris Ensor, deputy director for the National Technical Authority for Information Assurance, the information-security division of GCHQ, said the agency has sent some employees into schools to help them get students interested in math, but more could be done. “We’re a highly technical organization with a highly technical workforce, so we depend on the young talent coming through all the way from schools to apprenticeships, degrees,” he said. “If that isn’t delivering what we need, then we have to do a lot more. If we get the talent pipeline to deliver what we need… then we all benefit.”

The University of Oxford and Royal Holloway both have programs for doctoral training in cybersecurity. The first group of students enrolled in the programs in October 2013, and the students are expected to gain their Ph.D.s in 2017.