UK Spy Agency Certifies Master's Degrees In Cyber Security

An anonymous reader writes Intelligence agency GCHQ has just accredited six UK universities to teach Master's degrees in online security that meet the intelligence agency's "stringent criteria." From the press release: "The certification of six Master's degrees in Cyber Security was announced by Rt.Hon Francis Maude, Minister for the Cabinet Office, when he visited GCHQ today. This marks another significant step in the development of the UK's knowledge, skills and capability in all fields of Cyber Security as part of the National Cyber Security Programme. The National Cyber Security Strategy recognises education as key to the development of Cyber Security skills and, earlier in the year, UK universities were invited to submit their Cyber Security Master's degrees for certification against GCHQ's stringent criteria for a broad foundation in Cyber Security."

I needed that laugh of the day, thanks!

[MindPrison]

Masters degree in Online Security, really? You might as well take a MS-something certification and call yourself a windows professional.

The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else. They monitor their companies outgoing - ingoing data for certain things, and block certain services. They also have a strict policy on mobile devices, cellphones, USB-memory devices and usually give their employees their own...monitored...laptops, everything within a guaranteed controlled environment.

Except that "Guaranteed" part, because there are really no such thing as a guarantee within computer security, the only way to truly learn computer security is to practice hacking, thinking like a hacker, be a hacker and yes...have the same incentives as a cracker would have, and the fun a hacker would have solving new puzzles, breaking into new systems, learning every corner of that hardware inside out. You can't TEACH that at a school, heck...not even the most experienced hacker in the WORLD can teach ANYONE these things, there is so much...and you need to know everything from scratch, everything else is just being a well mannered script-kiddie that would be totally clueless if they received a "virus" that no one of their hardware/software systems could detect, simply because the programmer is so clever (we're talking hackers here, just in case you mistook a programmer for a programmer instead of a hacker, hint hint, wink wink and nudge nudge). And the reason they can't detect it, is because it's not been discovered yet. How can you teach that?!

Kids today don't even know what vectors are, they have NO clue how the bios work, gawd...I'm gonna grab myself a bag of popcorn and watch this freak show.

Re:I needed that laugh of the day, thanks!

[Teun]

Yeah, that's how I feel reading his stuff :)

Bizarre

[AmiMoJo]

It's like the Mafia certifying degrees in extortion and smuggling, or drug cartels certifying degrees in meth amphetamine production.

They were caught breaking the law multiple times and without remorse, yet carry on like nothing has changed.

Re:Why masters level? and not this at a lower leve

[philip.mather5551]

It's being accredited by GCHQ rather than designed or run, the university stipulates the course material, structure etc... GCHQ obviously felt that only the Masters level courses met their requirements (whatever they maybe) for accreditation. My Engineering degree was accredited by the IET, both Bachelors and Masters components but you didn't have to do the Masters if you wanted an accredited BEng so it is a bit unusual.

University in the UK is rapidly catching up with the US in terms of cost, I was amoung the first year of students who had to pay but it was only at £1000 per year. If I were to do my 5 year Masters in Computer Systems Engineering again now it would cost about £7000 for each of the 5 years (let's say $60000ish). They aren't typical loans however, government provided they charge a very low interest rate and are only paid back once you earn over a certain amount and increase in proportion to your salary. They do however survive bankruptcy and HMRC aren't known for writing debts off easily if you try skipping abroad etc... ;-) It is written off at normal retirement age otherwise.

Excluding doctors or vets it's unusual to spend more than 3 years doing an undergraduate degree at university in the UK, very unusual doing more than 4 years for a Masters. I elected to do a foundation year of extra mathematics and goffing off with jet engines... as you do.

Re:Why masters level? and not this at a lower leve

There are many similar programs in the US. Here it is called the National Centers of Academic Excellence progam. It is overseen by the NSA of course. No matter what you think of them, at least they do know what they are doing in the technical realm.

The Bachelor's programs in information assurance cover far, far more about security than CS ever could, but still it is often not enough. Proper security requires an understanding in depth of a wide number of systems. The two extra years really is necessary to just lay the foundation of a security professional. These programs are designed to fill a need that exists and the free market has not managed to fix. There are just too many people out there that think they know about security, or even have careers in security that have holes in their knowledge. In other fields of IT that is fine, but not security. It only takes one crack, one little misconfiguration, bad update, or missed red flag to have the whole house of cards crumble to the ground.

partly true. It's harder if they validate their in

[raymorris]

I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the same way a con man can learn new cons.

Further, I regularly teach programmers who aren't naturally devious important basics - always validate input carefully, never use eval(), always multiple argument form of system() if it's used at all, don't write your own encryption, etc. What they learn may not be enough to keep me from hacking their systems, but it can certainly make it a whole lot harder.

Have a look through the nine online cyber security courses offered by TEEX I think you'll find they cover some good stuff, especially the more advanced courses. TEEX is part of the Texas A&M system and the courses are approved by DHS, do they demonstrate that a university system CAN provide some good education in this area, with courses approved by the relevant concern government agency.

Before I saw the TEEX courses, I expected them to suck. I was pleasantly surprised.

Satire that Writes Itself.

[Blue+Stone]

Francis Maude (the minister setting this up) - "Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware."

And if the spy agencies are the threat? Who will protect us from those who wish to protect us?

Perhaps the course will be teaching people how to evade the mass surveillance of GCHQ and their pals at the NSA? Seems unlikely!

Spy agency certifying anti-spying program

[relisher]

Funny that the GCHQ would certify programs that *in theory* should help companies protect themselves from the spying of the GCHQ.

Re:Why masters level? and not this at a lower leve

[TheRaven64]

It's very unusual in the UK for a bachelors degree to be this specialised. There are some places that do a BSc in Game Design, but those subjects are a bit of a joke (ironically, many the course are typically not that bad, because they exist purely for marketing reasons and are 80% identical to the computer science degree, but with a few modules in things like 3D art). It's more common to do a BSc in a general field, like computer science or engineering and then a one-year MSc / MEng / MPhil in something a lot more specialised.