New government-backed guidelines encourage UK universities to teach cybersecurity as part of all of their computing degrees.
BCS, the Chartered Institute for IT, which accredits computer science degrees at about 100 UK universities, has included the subject in its accreditation criteria for the first time.
Carsten Maple, professor of cyber systems engineering at the University of Warwick and vice-chair of the Council of Professors and Heads of Computing, said that the guidelines marked a “significant shift” in the teaching of computer science.
“Cybersecurity is now being recognised as integral to every relevant computing discipline from computer game development to network engineering,” he said. “Previously, cybersecurity was treated as a separate discipline to computing with students being taught how to create applications or develop systems and technology but not how to secure them, leading to proliferation of systems with built-in vulnerabilities.”
The guidelines, which come into force in September, were drawn up following consultation with universities, government and industry bodies. They were co-published by (ISC)2, a not-for-profit organisation which specialises in information security, and CPHC.
The guidelines state that students should be taught about a range of cybersecurity concepts, such as designing secure systems, and responding to threats and attacks. They look to address a key plank of the government’s cybersecurity strategy, which called for improved knowledge and capability in the sector.
They also aim to reflect industry demands and therefore to improve the employability of computer science graduates, who are more likely to be unemployed than graduates of any other discipline, according to data from the Higher Education Statistics Agency.
Matthew Hancock, the Cabinet Office minister, described the new guidelines as an “excellent example” of how young people could be encouraged to consider a career in cybersecurity.
Adrian Davis, managing director for Europe, the Middle East and Asia at (ISC)2, said that the UK had “long been affected by both a cybersecurity talent shortage and a mismatch between the capabilities of computing graduates and the requirements of industry”.
“We are now amongst the first nations in the world to ensure that cybersecurity will be embedded throughout every relevant computing degree and, crucially, the most up-to-date skills will be taught as the framework is built and maintained with the input of front-line information and cyber-security professionals,” Dr Davis said.
Universities will get a two-year “grace period” (from September this year) to comply with the new teaching criteria.