Debate - Cybersecurity

Transcription

1 Debate - Cybersecurity within Computing Science Degrees Prof Liz Bacon BCS President Deputy Pro Vice-Chancellor, University of Greenwich Adrian Davis (ISC) 2 and Lyndsay Turley (ISC) 2

2 Cybersecurity Context Cybersecurity is one of the fastest developing requirements within industry and Government Global Information Security Workforce Study, commissioned by (ISC) 2, predicts that the workforce in cybersecurity will double within five years, with 11% year on year growth Since 2010 cyber threats have been classed as a tier 1 threat on the National Risk Register for the UK, alongside terrorism, natural hazards etc. 2

3 An explosion of vulnerability (1) 3

4 An explosion of vulnerability (2) 4

5 Shortage!!!! Lack of available entry level education or roles 5

6 Need for cybersecurity knowledge Cybersecurity considered an economic/societal priority Government/Industry looking to Universities for cybersecurity talent To prevent vulnerability: Cybersecurity knowledge is core to computing Call for more emphasis on professional/industry requirements within degrees 6

7 Current University Context Major supplier of talent to the industry Verizon report 92% of 100,000 incidents analysed over 10 years can be described by 9 basic patterns On average, top 3 patterns cover 72% of incidents Issue: Computing degrees (excluding specialist security degrees) aren t ensuring students are competent in the basics so mistakes are being repeated Industry needs cybersecurity savvy graduates 7

8 An opportunity missed? 56% of cybersecurity departments understaffed 7% of cybersecurity workforce under 29 years old 28% new entrants to cybersecurity profession come from a more general role in IT 13% unemployment of 2013 computer science graduates six months after leaving university HESA eskills UK 11% growth year on year growth to 2017 (ISC)2 /Frost & Sullivan less than 5% of university courses offer one optional module on security 2013 academic/industry workshop 8

9 Academic Perspective: To Date Different approaches to security in computing No incentive to incorporate more cybersecurity Not a popular option Reaccreditation to include was onerous Many other competing subject areas To do Clarify value of cybersecurity as a subject (white paper) Define how much and where security should be taught Highlight the significant professional resources that exist 9

10 Building on existing resource Within computing ACM BCS/IET CompTIA ecf The Tech Partnership (eskills UK) Within cybersecurity (ISC) 2 CBK IISP GCHQ/OSCIA CREST This project is not about creating something from scratch: there is a wealth of knowledge, research and practical material that can be adopted, incorporated, referenced and so on 10

11 Our Objectives for this Project Engage UK universities in the effort to close a recognised skills gap in cybersecurity Stem vulnerability by informing criteria in cybersecurity for courses accredited by the BCS and IET Note: Both have accreditation guidelines include security at a high level security can be inferred within many statements Motivate universities to recognise and embed knowledge areas most relevant to their programmes Enhance awareness & preparedness for career opportunities in IT and cybersecurity, business management 11

12 What we want to achieve Agree foundational cyber security knowledge areas for undergraduate CS degrees (not specialist security degrees!) Agree priority subject areas within computing science where cybersecurity education should be embedded Agree an approach to accreditation for courses where cybersecurity knowledge is relevant (computing science as first focus) 12

13 The challenges (1) Computing Science and related degrees are full Much to teach Accreditation to be kept What do we drop or replace? What is less or more important? Meeting academic / accreditation / vocational / employers requirements Stretched too thin? 13

14 The challenges (2) How much knowledge do we impart? Familiarity/awareness/? When do we impart that knowledge? Which Year is the right one to introduce cyber? We offer security as module already and have low take-up Why teach it? 14

15 Questions 1. What are the foundational cyber security principles? 2. To which computing subject areas do these principles apply? 3. What cybersecurity knowledge areas apply to the priority computing subject areas? 4. To what depth should cybersecurity be taught in each computing subject area where it is present? 15

16 Debate held 7 th Nov - outcomes 1. General agreement that cybersecurity needs to be a fundamental component of CS and related degrees 2. Aim is to support development rather than prescribe the curriculum 3. While current criteria cover the breadth of need, it was agreed more explanation is required to describe the scope of what should be included to achieve it 4. Supplementary guidelines would also help course designers recognise the requirement for security content within particular subject areas need balance between generality and detail 5. Re-accreditation shouldn't be necessary - should include relevant content within existing course structures 16

17 Next Steps - Timelines Q Q2 Produce draft accreditation paper for comment Workshop to: review accreditation paper agree incorporation into accreditation guidelines Present findings at CPHC Conference Work with BCS and IET to revise accreditation guidelines 17

18 Thank you Liz Bacon: Adrian Davis: Lyndsay Turley: