Slashdot Mirror
UK Spy Agency Certifies Master's Degrees In Cyber Security
An anonymous reader writes Intelligence agency GCHQ has just accredited six UK universities to teach Master's degrees in online security that meet the intelligence agency's "stringent criteria." From the press release: "The certification of six Master's degrees in Cyber Security was announced by Rt.Hon Francis Maude, Minister for the Cabinet Office, when he visited GCHQ today. This marks another significant step in the development of the UK's knowledge, skills and capability in all fields of Cyber Security as part of the National Cyber Security Programme. The National Cyber Security Strategy recognises education as key to the development of Cyber Security skills and, earlier in the year, UK universities were invited to submit their Cyber Security Master's degrees for certification against GCHQ's stringent criteria for a broad foundation in Cyber Security."
Make sure you have your credit card number ready.
Why masters level? and not this at a lower level?
But in the UK school does not cost anywhere near what it does in the usa so people can take classes for 6-10+ years with out the big loans.
So the spy agency that admit s to (a) sharing data with the NSA, and (b) has pretty much admitted that it wants to be able to hack into any systems it wants in search of information, is now certifying information security courses that would, in theory, make their jobs harder...
What can possibly go wrong?
Masters degree in Online Security, really? You might as well take a MS-something certification and call yourself a windows professional.
The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else. They monitor their companies outgoing - ingoing data for certain things, and block certain services. They also have a strict policy on mobile devices, cellphones, USB-memory devices and usually give their employees their own...monitored...laptops, everything within a guaranteed controlled environment.
Except that "Guaranteed" part, because there are really no such thing as a guarantee within computer security, the only way to truly learn computer security is to practice hacking, thinking like a hacker, be a hacker and yes...have the same incentives as a cracker would have, and the fun a hacker would have solving new puzzles, breaking into new systems, learning every corner of that hardware inside out. You can't TEACH that at a school, heck...not even the most experienced hacker in the WORLD can teach ANYONE these things, there is so much...and you need to know everything from scratch, everything else is just being a well mannered script-kiddie that would be totally clueless if they received a "virus" that no one of their hardware/software systems could detect, simply because the programmer is so clever (we're talking hackers here, just in case you mistook a programmer for a programmer instead of a hacker, hint hint, wink wink and nudge nudge). And the reason they can't detect it, is because it's not been discovered yet. How can you teach that?!
Kids today don't even know what vectors are, they have NO clue how the bios work, gawd...I'm gonna grab myself a bag of popcorn and watch this freak show.
What this world is coming to - is for you and me to decide.
It's like the Mafia certifying degrees in extortion and smuggling, or drug cartels certifying degrees in meth amphetamine production.
They were caught breaking the law multiple times and without remorse, yet carry on like nothing has changed.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It's being accredited by GCHQ rather than designed or run, the university stipulates the course material, structure etc... GCHQ obviously felt that only the Masters level courses met their requirements (whatever they maybe) for accreditation. My Engineering degree was accredited by the IET, both Bachelors and Masters components but you didn't have to do the Masters if you wanted an accredited BEng so it is a bit unusual.
;-) It is written off at normal retirement age otherwise.
University in the UK is rapidly catching up with the US in terms of cost, I was amoung the first year of students who had to pay but it was only at £1000 per year. If I were to do my 5 year Masters in Computer Systems Engineering again now it would cost about £7000 for each of the 5 years (let's say $60000ish). They aren't typical loans however, government provided they charge a very low interest rate and are only paid back once you earn over a certain amount and increase in proportion to your salary. They do however survive bankruptcy and HMRC aren't known for writing debts off easily if you try skipping abroad etc...
Excluding doctors or vets it's unusual to spend more than 3 years doing an undergraduate degree at university in the UK, very unusual doing more than 4 years for a Masters. I elected to do a foundation year of extra mathematics and goffing off with jet engines... as you do.
There are many similar programs in the US. Here it is called the National Centers of Academic Excellence progam. It is overseen by the NSA of course. No matter what you think of them, at least they do know what they are doing in the technical realm.
The Bachelor's programs in information assurance cover far, far more about security than CS ever could, but still it is often not enough. Proper security requires an understanding in depth of a wide number of systems. The two extra years really is necessary to just lay the foundation of a security professional. These programs are designed to fill a need that exists and the free market has not managed to fix. There are just too many people out there that think they know about security, or even have careers in security that have holes in their knowledge. In other fields of IT that is fine, but not security. It only takes one crack, one little misconfiguration, bad update, or missed red flag to have the whole house of cards crumble to the ground.
I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the same way a con man can learn new cons.
Further, I regularly teach programmers who aren't naturally devious important basics - always validate input carefully, never use eval(), always multiple argument form of system() if it's used at all, don't write your own encryption, etc. What they learn may not be enough to keep me from hacking their systems, but it can certainly make it a whole lot harder.
Have a look through the nine online cyber security courses offered by TEEX I think you'll find they cover some good stuff, especially the more advanced courses. TEEX is part of the Texas A&M system and the courses are approved by DHS, do they demonstrate that a university system CAN provide some good education in this area, with courses approved by the relevant concern government agency.
Before I saw the TEEX courses, I expected them to suck. I was pleasantly surprised.
Francis Maude (the minister setting this up) - "Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware."
And if the spy agencies are the threat? Who will protect us from those who wish to protect us?
Perhaps the course will be teaching people how to evade the mass surveillance of GCHQ and their pals at the NSA? Seems unlikely!
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
Funny that the GCHQ would certify programs that *in theory* should help companies protect themselves from the spying of the GCHQ.
At least they have income based ones unlike most of the ones in the USA.
http://en.wikipedia.org/wiki/T... answers the first part of your question.
I fear there is not much chance of answering the second.
2 more years in college when 2 years + 2 years doing real IT work is a lot better for learning. A 4 year CS turns out people loaded holes in their knowledge.and 2 years of the ivory tower will give them even more skill gaps.
It depends who they want to get and why. If a gov needs a nations tops skills it kind of signals what tasks are expected in a public way.
Top people can be bought in as friends of friends with the right education and background.
Cyber Security Operations Centre was public in ~2010?
For other tasks they will cast a wide public net and skill people up in house.
It was the same with German in ww2, Russian before/after ww2, Ireland and Asian/African language needs now.
The public can follow along via what was done with 2006 with 'SIGMod initiative' (sigint modernisation programme) and Tempora https://en.wikipedia.org/wiki/...
In the distance past "National Service" tests offered a great way to filter an entire generation eg languages. Selected people could then be offered advanced university courses once trusted.
The problem is will the smart person found fit it and pass? Or fail and lose pay, rank and feel passed over. Best to try for top elite students as they have already fit in?
The UK has tried so many ways for getting and keeping staff over decades. Skills, pay, trust, lifestyle vs the waiting, understanding foreigner ready befriend staff.
Or the pure penetration agents who have the perfect connections and skills for next gen cyber computer tasks.
Domestic spying is now "Benign Information Gathering"
but there are 4 year schools that are more trades like and others that are pure theory.
We need to fix that today's generation issues before it be some needs masters and we really want a PHD as the loans for that will kill us all.
Module 1) Welcome to Cybersecurity
Module 2) Catching Julian Assange
Module 3) Not going after easyTree ...
Requiem for the American Dream
It's very unusual in the UK for a bachelors degree to be this specialised. There are some places that do a BSc in Game Design, but those subjects are a bit of a joke (ironically, many the course are typically not that bad, because they exist purely for marketing reasons and are 80% identical to the computer science degree, but with a few modules in things like 3D art). It's more common to do a BSc in a general field, like computer science or engineering and then a one-year MSc / MEng / MPhil in something a lot more specialised.
I am TheRaven on Soylent News
Calling a politician honourable is highly oxymoronic and ironic. It makes no sense whatsoever for all definitions of honourable that I have been able to find.
In the first session of the Welsh Assembly Government, one of the members referred to another has 'my honourable colleague'. The speaker interrupted, saying 'There are no honourable members here'.
I am TheRaven on Soylent News
... could work from home?
It little behooves the best of us to comment on the rest of us.