Universities now have access to the UK’s first higher education cybersecurity learning guidelines for undergraduate degrees to be referenced within BCS, the Chartered Institute for IT, accreditation criteria for computing and IT-related degrees. Published by (ISC)2, the largest not-for-profit membership body of certified information and software security professionals with nearly 110,000 members worldwide, and the Council of Professors and Head of Computing (CPHC), the guidelines reflect broad consultation with more than 30 universities and industry bodies. Developed in support of the UK government’s National Cybersecurity Strategy, the guidelines define cybersecurity imperatives and learning outcomes affecting the next wave of computing degrees from as early as September 2015.
Matthew Hancock, Minister for the Cabinet Office said, “The UK has a world-class cybersecurity sector, but we can only continue in this vein if we have the highly skilled workforce we need to thrive. Initiatives, such as this, are excellent examples of encouraging the best young people to consider careers in cyber.”
This ground-breaking effort means that over 100 UK universities will benefit from specific guidance for embedding and enhancing relevant cybersecurity principles, concepts and learning outcomes within their curricula at all levels. Students can be taught a broad spectrum of cybersecurity concepts, from threats and attacks to designing secure systems and products to governance based on up-to-date industry expertise.
The aim is to bring computing degrees into closer alignment with industry requirements. This effort could see over 20,000 graduates a year entering the UK workforce with the cybersecurity understanding and knowledge necessary to securely build the digital future and the IT infrastructure upon which the UK economy relies. Directly addressing objective four of the Government’s National Cyber Security Strategy: “to equip the UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cybersecurity objectives”, the initiative will also address a severe skills shortage by introducing more people to the opportunity of pursuing a career within the cybersecurity profession.
“This marks a significant shift in the teaching of security in higher education; cybersecurity is now being recognised as integral to every relevant computing discipline from computer game development to network engineering. Previously, cybersecurity was treated as a separate discipline to computing with students being taught how to create applications or develop systems and technology but not how to secure them; leading to proliferation of systems with built-in vulnerabilities,” said Carsten Maple, professor of Cyber Systems Engineering at Warwick University and Vice chair of the Council of Professors and Heads of Computing. “Academia, industry and government have all recognised this, which is why we have come together to address this issue and provide a practical and accessible way of incorporating cybersecurity into our curricula, and move the discipline forward.”
“The UK has long been affected by both a cybersecurity talent shortage and a mismatch between the capabilities of computing graduates and the requirements of industry. These compounding issues have ultimately been compromising our ability to both build and defend the digital economy and UK plc,” said Dr. Adrian Davis, CISSP, managing director for EMEA at (ISC)2. “We are now amongst the first nations in the world to ensure that cybersecurity will be embedded throughout every relevant computing degree and, crucially, the most up-to-date skills will be taught as the framework is built and maintained with the input of front-line information and cybersecurity professionals. UK graduates entering the workforce will be able to immediately put their skills to use.”
(ISC)2’s recent Global Information Security Workforce Survey, the largest ever conducted with nearly 14,000 global respondents, found that 63 percent of UK public and private sector organisations have too few cybersecurity workers. One in five UK respondents admitted they would take over eight days to rectify a security breach.
“As an Institute we are already heavily involved in tackling the skills gap in this field; from developing the profession through to ensuring that standards are met,” Bill Mitchell, Director of Education at BCS, explains. “This latest initiative means that additional guidance on cybersecurity elements will be provided to complement the existing information security criteria for computing-related degrees accredited by the BCS. Building cyber security into UK computing degree courses will go some way to resolving the skills gap situation by helping students to develop the skills that employers need.”
The new “Cybersecurity Principles and Learning Outcomes” guidelines document was developed over two years throughout a series of workshop consultations with leading experts. These workshops included industry bodies such as the Institution of Engineering and Technology and Tech Partnership UK, government departments including the Cabinet Office and the Department for Business Innovation and Skills; and more than 30 universities that offer undergraduate computing science degrees from the newest post-92 universities to the Russell Group.