MSc in cyber security: GCHQ to approve postgraduate 'degree courses in spying'

Surveillance agency wants to improve quality of courses

GCHQ is to start giving its official stamp of approval to Master’s courses, effectively creating the first certified degrees for spies.

The surveillance agency has sent out a briefing note to universities that offer MSc courses in cybersecurity, asking them to apply for certification by 20 June. Graduates of the selected courses will be able to say they have “successfully completed a GCHQ-certified degree”, it states.

The 39-page document says that the number of cybersecurity-related courses now on offer at institutions across the UK had made it increasingly difficult for students and employers to “assess the quality of the degrees on offer”. It is hoped that the new certification, which is valid for five years before having to be renewed, will remedy this.

The Information Security Group at Royal Holloway, University of London, began offering the first cybersecurity Master’s degree in the UK in 1992. The group’s founding director, Professor Fred Piper, who has now retired, has been helping GCHQ develop the criteria for the new certification.

He told The Independent the agency wanted “to know where to send their people” for the best training in cybersecurity – and the easiest way of doing that was by certifying courses themselves.

A spokesperson for GCHQ confirmed that it would be sending its employees on the certified courses.

“Whilst we will be offering opportunities for GCHQ staff to up-skill through Master’s courses that are successfully certified, we also believe they will have much wider applicability across the public and private sector and encourage other organisations to look for the certification as a mark of quality,” they said.

“We are always looking for suitable recruits but have no intention of ‘monitoring’ the courses for them.

“Our main aim here is to increase the future pool of cybersecurity professionals that are available to both the public and private sector.”

The briefing document says that to gain certification, the Master’s degree must offer a “general, broad foundation in cybersecurity”, including a detailed knowledge of internet threats including “common attacks”, “malicious code” and “adversarial thinking”.

The degrees are part of the Government’s national cybersecurity strategy, which has the stated aim “for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and  secure cyberspace”.

There are currently two centres for doctoral training in cybersecurity at the University of Oxford and Royal Holloway. The first group of students started in October 2013 but are not due to gain their PhDs until 2017.

Chris Ensor, deputy director for the National Technical Authority for Information Assurance, the information-security arm of GCHQ, said GCHQ has already sent some employees into schools to help them get pupils interested in maths, but that they could  do more.

“We’re a highly technical organisation with a highly technical workforce, so we depend on the young talent coming through all the way from schools to apprenticeships, degrees,” he said. “If that isn’t delivering what we need, then we have to do a lot more. If we get the talent pipeline to deliver what we need... then we all benefit.”