Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Spy Agency Certifies Master's Degrees In Cyber Security

samzenpus posted about 3 months ago | from the learning-lessons dept.

Education 45

An anonymous reader writes Intelligence agency GCHQ has just accredited six UK universities to teach Master's degrees in online security that meet the intelligence agency's "stringent criteria." From the press release: "The certification of six Master's degrees in Cyber Security was announced by Rt.Hon Francis Maude, Minister for the Cabinet Office, when he visited GCHQ today. This marks another significant step in the development of the UK's knowledge, skills and capability in all fields of Cyber Security as part of the National Cyber Security Programme. The National Cyber Security Strategy recognises education as key to the development of Cyber Security skills and, earlier in the year, UK universities were invited to submit their Cyber Security Master's degrees for certification against GCHQ's stringent criteria for a broad foundation in Cyber Security."

cancel ×

45 comments

Sorry! There are no comments related to the filter you selected.

Logon to enroll today! (1)

Anonymous Coward | about 3 months ago | (#47595433)

Make sure you have your credit card number ready.

Re:Logon to enroll today! (1)

davester666 (731373) | about 3 months ago | (#47597687)

Hint: Uncheck the "I use pot daily" checkbox.

Re:Logon to enroll today! (1)

Mikkeles (698461) | about 3 months ago | (#47598607)

Hopefully, new graduates would work to protect us from GCHQ and the ilk.

Re:Logon to enroll today! (1)

disposable60 (735022) | about 3 months ago | (#47599165)

Make sure you have your credit card number ready.

Like they don't have that already.

Why masters level? and not this at a lower level? (1)

Joe_Dragon (2206452) | about 3 months ago | (#47595439)

Why masters level? and not this at a lower level?

But in the UK school does not cost anywhere near what it does in the usa so people can take classes for 6-10+ years with out the big loans.

Re:Why masters level? and not this at a lower leve (5, Informative)

Philip Mather (2889417) | about 3 months ago | (#47595619)

It's being accredited by GCHQ rather than designed or run, the university stipulates the course material, structure etc... GCHQ obviously felt that only the Masters level courses met their requirements (whatever they maybe) for accreditation. My Engineering degree was accredited by the IET, both Bachelors and Masters components but you didn't have to do the Masters if you wanted an accredited BEng so it is a bit unusual.

University in the UK is rapidly catching up with the US in terms of cost, I was amoung the first year of students who had to pay but it was only at £1000 per year. If I were to do my 5 year Masters in Computer Systems Engineering again now it would cost about £7000 for each of the 5 years (let's say $60000ish). They aren't typical loans however, government provided they charge a very low interest rate and are only paid back once you earn over a certain amount and increase in proportion to your salary. They do however survive bankruptcy and HMRC aren't known for writing debts off easily if you try skipping abroad etc... ;-) It is written off at normal retirement age otherwise.

Excluding doctors or vets it's unusual to spend more than 3 years doing an undergraduate degree at university in the UK, very unusual doing more than 4 years for a Masters. I elected to do a foundation year of extra mathematics and goffing off with jet engines... as you do.

Re:Why masters level? and not this at a lower leve (0)

Anonymous Coward | about 3 months ago | (#47595903)

this sounds like microsoft certification bullshit all over again. Good luck with that :)

Re:Why masters level? and not this at a lower leve (1)

Joe_Dragon (2206452) | about 3 months ago | (#47596069)

At least they have income based ones unlike most of the ones in the USA.

Re:Why masters level? and not this at a lower leve (0)

Anonymous Coward | about 3 months ago | (#47596943)

Oh I would imagine that in order to get into the masters program you have to go through (successfully) a cryptography course at the undergraduate level along with a (successful) crapload of relevant math courses (combinatorics, linear algebra. graph theory, group theory, ring theory, tupple relational calculus, predicate calculus, etc.). Along with all of the math, there are 'tricks' that are used to 'muddle' the math, so that solutions are not obvious or apparent. One early (and common) trick was to use 100 digit numbers. No problem says the engineer, my calculator can deal with very large numbers.... except says the computer scientist, after doing the appropriate calculations, the 5 needed numbers are just before the decimal (so yes, you will have to carry all 100 digits or more to not have rounding problems). Later the 100 digits became 1000, then 10,000. Since modern 64 bit processors can with double precision only carry 128 bits, high precision math routines must be used to calculate the numbers (store intermediate results in main memory: 16GB of ram is 137438953472 bits).

Re:Why masters level? and not this at a lower leve (0)

Anonymous Coward | about 3 months ago | (#47597483)

All of that and far more is relevant to testing or making new cryptography systems. None of it is relevant to a security practitioner. We already have degrees for cryptographers. They are called a PhD. in mathematics. We already have degrees for people that translate their work into a useful form. Those are called CS degrees. What we don't have is a degree that covers everything else security related. Cryptographic math, while being the hardest of information security subjects, is also the least touched on an everyday level. Years go by without a viable advancement. It is just a small piece of a very large puzzle. We have plenty of people to work on that piece as it is. Security really fails because we don't have enough people to put the other pieces together.

Re:Why masters level? and not this at a lower leve (0)

Anonymous Coward | about 3 months ago | (#47597139)

I wouldn't want to be accredited by the GCHQ, They are just as a irresponsible as the NSA. The Gestapo and KGB could only dream of their capabilities.

If nitwit David Cameron had an ounce of sense he would be disbanding the GHCQ and formed a new organization. He won't because of course he approved all the *illegal* spying (including his own citizens). Cameron's government has violated too many rights with mass indiscriminate surveillance to be trustworthy. Its like trusting a serial pedo to babysit your kids because he "promises" not to touch them again. Anyone that believes that they won't keep going with mass surveillance is incredibly naive.

With pseudo-patriot leaders like Cameron I can see why many Scots want out of the UK. He thinks he's defending the UK but he's actually destroying both its moral credibility and any hope of an I/T industry. Only an incompetent government would buy technology from five eyes nations these days. Guaranteed backdoors in both software and hardware. It's already killing US tech sales abroad. Cisco, MS, Apple, HP, IBM are now losing billions in sales in China alone.More countries are following one by one. UK sure to be one of them.

Re:Why masters level? and not this at a lower leve (0)

Anonymous Coward | about 3 months ago | (#47598967)

GCHQ obviously felt that only the Masters level courses met their requirements (whatever they maybe) for accreditation.

Probably making sure that the course material does not cover how to keep the government out of your network.

Re:Why masters level? and not this at a lower leve (4, Informative)

Anonymous Coward | about 3 months ago | (#47595651)

There are many similar programs in the US. Here it is called the National Centers of Academic Excellence progam [nsa.gov] . It is overseen by the NSA of course. No matter what you think of them, at least they do know what they are doing in the technical realm.

The Bachelor's programs in information assurance cover far, far more about security than CS ever could, but still it is often not enough. Proper security requires an understanding in depth of a wide number of systems. The two extra years really is necessary to just lay the foundation of a security professional. These programs are designed to fill a need that exists and the free market has not managed to fix. There are just too many people out there that think they know about security, or even have careers in security that have holes in their knowledge. In other fields of IT that is fine, but not security. It only takes one crack, one little misconfiguration, bad update, or missed red flag to have the whole house of cards crumble to the ground.

Re:Why masters level? and not this at a lower leve (1)

Joe_Dragon (2206452) | about 3 months ago | (#47596603)

2 more years in college when 2 years + 2 years doing real IT work is a lot better for learning. A 4 year CS turns out people loaded holes in their knowledge.and 2 years of the ivory tower will give them even more skill gaps.

Re:Why masters level? and not this at a lower leve (0)

Anonymous Coward | about 3 months ago | (#47596821)

Problem is, for today's generation, if you don't have that 4 year degree then you aren't going to get a job at any price. Simple as that.

Re:Why masters level? and not this at a lower leve (1)

Joe_Dragon (2206452) | about 3 months ago | (#47597063)

but there are 4 year schools that are more trades like and others that are pure theory.

We need to fix that today's generation issues before it be some needs masters and we really want a PHD as the loans for that will kill us all.

Re:Why masters level? and not this at a lower leve (1)

AHuxley (892839) | about 3 months ago | (#47596663)

It depends who they want to get and why. If a gov needs a nations tops skills it kind of signals what tasks are expected in a public way.
Top people can be bought in as friends of friends with the right education and background.
Cyber Security Operations Centre was public in ~2010?
For other tasks they will cast a wide public net and skill people up in house.
It was the same with German in ww2, Russian before/after ww2, Ireland and Asian/African language needs now.
The public can follow along via what was done with 2006 with 'SIGMod initiative' (sigint modernisation programme) and Tempora https://en.wikipedia.org/wiki/... [wikipedia.org]
In the distance past "National Service" tests offered a great way to filter an entire generation eg languages. Selected people could then be offered advanced university courses once trusted.
The problem is will the smart person found fit it and pass? Or fail and lose pay, rank and feel passed over. Best to try for top elite students as they have already fit in?
The UK has tried so many ways for getting and keeping staff over decades. Skills, pay, trust, lifestyle vs the waiting, understanding foreigner ready befriend staff.
Or the pure penetration agents who have the perfect connections and skills for next gen cyber computer tasks.

Re:Why masters level? and not this at a lower leve (3, Informative)

TheRaven64 (641858) | about 3 months ago | (#47597877)

It's very unusual in the UK for a bachelors degree to be this specialised. There are some places that do a BSc in Game Design, but those subjects are a bit of a joke (ironically, many the course are typically not that bad, because they exist purely for marketing reasons and are 80% identical to the computer science degree, but with a few modules in things like 3D art). It's more common to do a BSc in a general field, like computer science or engineering and then a one-year MSc / MEng / MPhil in something a lot more specialised.

Oh, please... (1)

Stolpskott (2422670) | about 3 months ago | (#47595497)

So the spy agency that admit s to (a) sharing data with the NSA, and (b) has pretty much admitted that it wants to be able to hack into any systems it wants in search of information, is now certifying information security courses that would, in theory, make their jobs harder...
What can possibly go wrong?

I needed that laugh of the day, thanks! (4, Insightful)

MindPrison (864299) | about 3 months ago | (#47595501)

Masters degree in Online Security, really? You might as well take a MS-something certification and call yourself a windows professional.

The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else. They monitor their companies outgoing - ingoing data for certain things, and block certain services. They also have a strict policy on mobile devices, cellphones, USB-memory devices and usually give their employees their own...monitored...laptops, everything within a guaranteed controlled environment.

Except that "Guaranteed" part, because there are really no such thing as a guarantee within computer security, the only way to truly learn computer security is to practice hacking, thinking like a hacker, be a hacker and yes...have the same incentives as a cracker would have, and the fun a hacker would have solving new puzzles, breaking into new systems, learning every corner of that hardware inside out. You can't TEACH that at a school, heck...not even the most experienced hacker in the WORLD can teach ANYONE these things, there is so much...and you need to know everything from scratch, everything else is just being a well mannered script-kiddie that would be totally clueless if they received a "virus" that no one of their hardware/software systems could detect, simply because the programmer is so clever (we're talking hackers here, just in case you mistook a programmer for a programmer instead of a hacker, hint hint, wink wink and nudge nudge). And the reason they can't detect it, is because it's not been discovered yet. How can you teach that?!

Kids today don't even know what vectors are, they have NO clue how the bios work, gawd...I'm gonna grab myself a bag of popcorn and watch this freak show.

Re:I needed that laugh of the day, thanks! (1)

Joe_Dragon (2206452) | about 3 months ago | (#47595523)

Some schools can't even teach base stuff that is not theory based.

Security what about basic desktop work as well?

Re:I needed that laugh of the day, thanks! (1)

Half-pint HAL (718102) | about 3 months ago | (#47595601)

The most clueless people I've ever met working with IT, are those that work with the company's security. They have an exact set of rules to follow, and nothing else.

...which is why it's important to have an outside body accrediting degrees, to discourage meaningless diploma mills.

Re:I needed that laugh of the day, thanks! (1)

Joe_Dragon (2206452) | about 3 months ago | (#47595605)

and to stop the idea of college for all.

We need more trade / tech schools that are NOT TIED to the DEGREE system.

Re:I needed that laugh of the day, thanks! (0)

Anonymous Coward | about 3 months ago | (#47595653)

Heh, good post. Anyway, cyber security is a moving target. Papers mean nothing till teens can clear out billion-dollar companies databases and websites lol. This is just a government run money pump.

Re:I needed that laugh of the day, thanks! (1)

Teun (17872) | about 3 months ago | (#47595681)

Indeed, knowledge is not always up to expectations and need.

But then what you seem to forget is from new computers the BIOS has all but disappeared and has been replaced by something called UEFI.
You should update your knowledge starting by something like this [kubuntuforums.net] :

Just Google who is Steve Riley and you'll be a little smarter.

Re:I needed that laugh of the day, thanks! (1)

MindPrison (864299) | about 3 months ago | (#47595719)

Just Google who is Steve Riley and you'll be a little smarter.

I just did, and now I'm just a little dumber.

Re:I needed that laugh of the day, thanks! (2)

Teun (17872) | about 3 months ago | (#47595785)

Yeah, that's how I feel reading his stuff :)

partly true. It's harder if they validate their in (2)

raymorris (2726007) | about 3 months ago | (#47595713)

I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the same way a con man can learn new cons.

Further, I regularly teach programmers who aren't naturally devious important basics - always validate input carefully, never use eval(), always multiple argument form of system() if it's used at all, don't write your own encryption, etc. What they learn may not be enough to keep me from hacking their systems, but it can certainly make it a whole lot harder.

Have a look through the nine online cyber security courses offered by TEEX I think you'll find they cover some good stuff, especially the more advanced courses. TEEX is part of the Texas A&M system and the courses are approved by DHS, do they demonstrate that a university system CAN provide some good education in this area, with courses approved by the relevant concern government agency.

Before I saw the TEEX courses, I expected them to suck. I was pleasantly surprised.

Bizarre (5, Insightful)

AmiMoJo (196126) | about 3 months ago | (#47595511)

It's like the Mafia certifying degrees in extortion and smuggling, or drug cartels certifying degrees in meth amphetamine production.

They were caught breaking the law multiple times and without remorse, yet carry on like nothing has changed.

Re:Bizarre (0)

Anonymous Coward | about 3 months ago | (#47595545)

It's like the Mafia certifying degrees in extortion and smuggling, or drug cartels certifying degrees in meth amphetamine production.

They were caught breaking the law multiple times and without remorse, yet carry on like nothing has changed.

What has changed?

Re:Bizarre (1)

Anonymous Coward | about 3 months ago | (#47595673)

I think a degree in extortion endorsed by the Mafia would be a pretty good degree don't you?
Would you prefer a degree in cyber security endorsed by a bingo club?

Re:Bizarre (0)

Anonymous Coward | about 3 months ago | (#47597857)

Interesting, so far as I recall, it's only NSA that has substantive allegations of law breaking against it. Do you have references for actual actions by GCHQ that have been demonstrated to be against the law, or even alleged to be so, by a credible legal entity?

Satire that Writes Itself. (2)

Blue Stone (582566) | about 3 months ago | (#47595813)

Francis Maude (the minister setting this up) - "Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware."

And if the spy agencies are the threat? Who will protect us from those who wish to protect us?

Perhaps the course will be teaching people how to evade the mass surveillance of GCHQ and their pals at the NSA? Seems unlikely!

Re:Satire that Writes Itself. (1)

coofercat (719737) | about 3 months ago | (#47598529)

Yeah, we sort of need "The Only University Masters course NOT certified by GCHQ" ;-)

Come to think of it, if there were such an online course, I'd probably take it...

Aww this is cute (0)

Anonymous Coward | about 3 months ago | (#47595889)

If they claim such "stringent criteria" then why are government websites and networks so simple to exploit and compromise? Yeah I'm not sure I truly trust someone with a seal of approval from these guys. It's like getting a degree in FUD, I'll just take a comp-sci or networking degree instead thank you.

Right Honorable (0, Offtopic)

Anonymous Coward | about 3 months ago | (#47595917)

Ive always found this to be highly confusing.

Why does a politician have the title of "right". Right of what? As opposed to left, or as opposed to wrong?
And what caused the most confusion is the Honourable title.

Calling a politician honourable is highly oxymoronic and ironic. It makes no sense whatsoever for all definitions of honourable that I have been able to find.

Can any Political Scientists ( yet another weird title ) care to explain what is meant here?

Re:Right Honorable (1)

Ambient Sheep (458624) | about 3 months ago | (#47596195)

http://en.wikipedia.org/wiki/T... [wikipedia.org] answers the first part of your question.

I fear there is not much chance of answering the second.

Re:Right Honorable (0)

Anonymous Coward | about 3 months ago | (#47596467)

It's the opposite of "The Most Dishonourable".

You know, like Bush Jr. The Most Dishonourable President of The United States of America.

Re:Right Honorable (1)

TheRaven64 (641858) | about 3 months ago | (#47597891)

Calling a politician honourable is highly oxymoronic and ironic. It makes no sense whatsoever for all definitions of honourable that I have been able to find.

In the first session of the Welsh Assembly Government, one of the members referred to another has 'my honourable colleague'. The speaker interrupted, saying 'There are no honourable members here'.

Spy agency certifying anti-spying program (4, Funny)

relisher (2955441) | about 3 months ago | (#47595941)

Funny that the GCHQ would certify programs that *in theory* should help companies protect themselves from the spying of the GCHQ.

Re:Spy agency certifying anti-spying program (0)

Anonymous Coward | about 3 months ago | (#47597593)

CGHQ are also responsible for securing government communications, it's what the G and C stands for, so they are interested in making sure that there are people able to work in government and not make the mistakes that have been common in the past. They have to balance being able to intercept communications with the ability to secure UK government communications.

Graduation Requirement #1 Suck the Dick Lovingly (0)

Anonymous Coward | about 3 months ago | (#47596365)

How many of the 'recruits' will fulfill the highets and most important requirement ?

When the penis is presented, what will they do ?

Course outline (1)

easyTree (1042254) | about 3 months ago | (#47597403)

Module 1) Welcome to Cybersecurity

Module 2) Catching Julian Assange

Module 3) Not going after easyTree ...

Perhaps Snowden could ... (1)

CaptainDork (3678879) | about 3 months ago | (#47599119)

... could work from home?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?