OFFICIAL Certified Master s Briefing Meeting 14 April 2014 Certification of Master s Degrees Providing a General Broad Foundation in Cyber Security Chris Ensor Michael Kirton Ellie England Graeme Dykes GCHQ This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemptions under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306, email infoleg@gchq.gsi.gov.uk
Welcome and Introductions Michael Kirton
Describe academic engagement programme motivation for setting up Master s certification application process and criteria Outline certification terms and conditions Answer questions and receive feedback Aims of Meeting
1335 1400: Cyber security education and skills programmes, C. Ensor Agenda 1400 1410: Q&A session 1 1410 1440: Master s applications and criteria, M. Kirton 1440 1500: Q&A Session 2 1500 1515: Break 1515 1530: Outline of certification terms and conditions, E. England 1530 1545: Q&A Session 3 1545 1600: Next steps, G. Dykes 1600 1630: Q&A session 4
Housekeeping Meeting is not classified Fire alarm, toilets Slides
Cyber Security Skills Chris Ensor, Deputy Director National Technical Authority for Information Assurance WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK
03/06/2013 1919 Government Code and Cipher School established within FCO 1939 GCCS moves to Bletchley Park 1946 GCCS moves to Eastcote as GCHQ. 1951 Intelligence arm moves to Cheltenham. 1953 Security arm merges with GPO research and becomes CESD 1973 CESD becomes CESG and merges back with GCHQ 1978 CESG moves to Cheltenham 1994 GCHQ recognised under the Intelligence Services Act
GCHQ & Academia UK GCHQ needs Academia to support its security mission Enhancing UK NTA knowledge base through original research Providing NTA with top quality people UK Providing effective education and training. make the UK a safe place to do business in Cyber Space
NCSS and Our Objectives
Developing the Workforce of the Future Develop a Cyber Security Profession Outcome 1: There is an increased pipeline of a cyber capable workforce Cyber Security module @ GCSE Cyber Security module @ A Level Cyber & Cipher Challenges Apprenticeships (e-skills UK) Internships (e-skills UK) Certified Masters Bursaries (CSSA) Head of Profession Heads of Specialism Skills Framework CESG Certified Professional Learning Pathways (e-skill UK) Certified Training Outcome 2: There is a sustained supply of competent cyber security professionals available, adequate to meet growing demand levels ACE - CSE Increase Cyber Security Research Influence Associated Professions Outcome 4: UK is recognised as having a leading edge cyber security research capability that can be exploited where appropriate ACE-CSRs Research Institutes Funded PhDs Centres for Doctoral Training Project management Software engineering Procurement Legal Audit Outcome 3: Appropriate cyber security knowledge is part of the day job for relevant noncyber security professionals across the public and private sectors
Areas of Excellence Cryptography, Key Management and Security Protocols Information Risk Management Hardware Engineering Information Assurance Methodologies Operational Assurance Techniques Strategic Technologies and Products Electromagnetic Physics and Security Engineering processes and assurance
ACE Cyber Security Research
PhDs 1 st Tranche Bristol - Authentication, Ciphers, and Encryption Cryptographically Secure and Relevant - Information leakage aware verification Imperial - Joint Modelling of Edge Evolution in Dynamic Graphs Lancaster - Social and Technical Objects for Resilience and Cyber Security (STORC) Oxford - Combining Binary and Source Analysis for Scalable Exploit Generation Queen s - Novel Application of Advanced Machine Learning Techniques for use in Side Channel Attacks RHUL - Randomness in Complexity - Theory Meets Practice - Computational Algebra Approach to Learning with Errors UCL - Measuring and Influencing Cyber Security Risk Perceptions
PhDs 2 nd Tranche Birmingham - BaDSeED: Backdoor Detection Systems for Embedded Devices Bristol - Secure Application Programming Interfaces for Key Management - Game Theory of Cryptographic Threat Mitigation Cambridge - Model-Based Assessment of Compromising Emanations Lancaster - Weak Signals as Predictors of Sophisticated Social Engineering Attacks Newcastle - Scalability of Attacks in Identity Federation Leading to Cyber Threats Oxford - Graceful Security Degradation - Realistic, Strong and Provable Key Exchange Security RHUL - Cryptobugs Detecting Incorrect Use of Cryptographic Routines UCL - Towards a Discipline of Traffic Analysis - Access Control: Models and Compliance
Centres for Doctoral Training
Research Institutes Filling the excellence gaps RI1 - The Science of Cyber Security 2M GCHQ & 1.8M EPSRC How secure is my organisation? How do we make better security decisions? RI2 - Automated Program Analysis and Verification 2M GCHQ & 2.5M EPSRC Program analysis and verification for Binaries, source code, JavaScript and other mobile code RI3 Trustworthy Industrial Control Systems CPNI & EPSRC
The Science of Cyber Security
Automated Program Analysis and Verification
Trustworthy Industrial Control Systems
e-skills UK Cyber Apprenticeships Cyber Module A-level Trustworthy Software Initiative Schools cipher challenge Cyber Industry Internships Cyber Module GCSE Cyber in IT Management for Business Academic Centres of Excellence for Education MSc Certification Research Institutes CDTs 4/15/2014 GCHQ Funded PhDs
03/06/2013 ACE Cyber Security Education Identify universities taking a holistic approach to education in cyber security subjects. Based on offering at least one suitably recognised Undergraduate or Postgraduate qualification First step will need to establish a scheme for recognising relevant qualifications, starting with Master s.
03/06/2013 The right Master s qualification in a relevant area of Cyber Security provides: Mid career bridge STEM bridge Top-up Research bridge Why Start with Master s?
Thank You.
Q&A Session 1
Master s Applications and Criteria Michael Kirton
Background pan-government strategy BIS, OCSIA start with general Master s map indicative topics to IISP Framework not define syllabus started drafting call document in October 2013 extensive consultation with stakeholders 6 drafts for internal and external review
Call document main section + 4 appendices key sections scope: section 3 appendix B: topic coverage appendix D: application structure for full certification appendix E: application structure for provisional certification
Scope one-year postgraduate Master s degrees or part-time equivalent cyber security: sole or main focus at least 80% of taught modules can be mapped to Security Disciplines A to H breadth of coverage at least 10 of the Skills Groups (i to xiii) covered substantial original research component
Full certification student cohort completed in 2012 2013 running in 2013 2014 external examiner s report available for 2012 2013 Provisional certification running in 2013 2014; no cohort completed in 2012 2013 start by October 2015
Full application letter of support (scored) sections C.2 to C.6 description of the applicant description of the Master s degree in cyber security assessment materials and external examiner s report original research dissertations student numbers and grades achieved
Provisional application letter of support (scored) sections D.2 to D.5 description of the applicant description of the Master s degree in cyber security assessment materials original research dissertations
Scoring 0: no evidence 1: very little evidence 2: some evidence 3: good evidence 4: excellent evidence each scored section must achieve a threshold score of 3
General suggestions address the points in the call document e.g., section 2: 2a, 2b,. 2f observe the page limits CVs off the shelf may not be suitable some customisation to the call may be necessary
Criteria - 1. HEI s letter of support for the application not scored use it wisely
Criteria 2. Description of the applicant coherent team team members with the appropriate knowledge and skills supported by the HEI Master s course regularly reviewed and kept up to date students have access to well-equipped computer laboratories
Criteria 3. Description of the Master s degree in cyber security quite a lot of detailed information required scope 80% of taught modules can be mapped to Security Disciplines taught modules cover at least 10 of the Skills Groups indicative topic coverage in Skills Group appendix B, point d, page 12 not required to cover all [indicative topics] explicitly sufficient weight of coverage..
Criteria 3. Description of the Master s degree in cyber security permitted combinations that do/do not satisfy scope identified research component > 45% of credits need to show remainder of degree adequately covers the Skills Groups
Criteria 4. Assessment materials and external examiner s report rigorous assessment of students knowledge external examiner full certification appropriate technical background positive report
Criteria 5. Original research dissertations well-defined process for allocation and monitoring well-defined and rigorous process for assessment dissertation topics must be in one or more Security Disciplines full certification representative dissertations full certification grade awarded should be appropriate research component < 25% need to show students gain sufficient understanding and experience of undertaking original research
Criteria 6. Student numbers and grades achieved full certification application expect majority of students to have 2-i STEM degree and/or relevant experience expect grade distribution to some extent reflect experience and entry qualifications consult with external examiner s report positive student survey results
Assessment process assessment panel meeting membership: academia, GCHQ, industry, wider government each proposal read by at least 3 panel members at least one academic agree consensus score for each scored section successful application HEI s letter of support threshold score or above for each scored section no prioritisation all who meet criteria achieve certification
Q&A Session 2 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemptions under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306, email infoleg@gchq.gsi.gov.uk
Break This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemptions under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306, email infoleg@gchq.gsi.gov.uk
Outline of Certification Terms and Conditions Ellie England Senior Commercial Manager
T&Cs characteristics Successful applicants will need to agree to T&Cs based on ACE-CSR T&Cs which 11 universities have signed Branding licence HEI can use the Marks to indicate certification non-exclusive, royalty free, revocable, worldwide, non-transferable Continuing obligations maintain standards inform GCHQ of any significant change provide information on student numbers etc.
T&Cs characteristics Term full certification: 5 years unless ended earlier if HEI seriously breaches T&Cs and breach can t be remedied provisional certification: from award until receipt of the full certification application time limit from first cohort finishing to submission of full application General no ability to assign confidentiality dispute resolution
Full Certification Mark
Provisional Certification Mark
Q&A Session 3
Next Steps Graeme Dykes
Next Steps Submitting Applications submission deadline 20 th June 2014, 1600 Email the relevant application documents to: ACE-CSE_project@gchq.gsi.gov.uk Content beyond the prescribed limits will not be reviewed Application questions to be emailed in, there will be FAQs in the CESG web site: http://www.cesg.gov.uk/awarenesstraining/academia/pages/masters-degrees.aspx Retrospective student awards
Next Steps Assessment Panel Will meet in July All qualifying applications will be reviewed Universities will be informed of the result Subject to agreeing the T&Cs National press announcement Individual press announcements
Next Steps Future Calls Plan to issue 2 nd call in autumn 2014 To include Master s with narrower focus 3 rd call early 2015 Considering Integrated Master s
Next Steps Future Plans Recognition of ACE-CSEs call late 2014 Criteria Consultation on-going Holistic view of the university To work with partners to manage the certification process IET & BCS
Q&A Session 4
Close ACE-CSE_project@gchq.gsi.gov.uk This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemptions under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306, email infoleg@gchq.gsi.gov.uk