A comprehensive 'Body of Knowledge' to inform and underpin education and professional training for the cyber security sector is set to be created through a major international programme of work.
An increasing political, societal and economic concern, cyber attacks cost an estimated $400 billion (according to Lloyds) to global economies. The scale of the issue was further highlighted recently when the Bulletin of the Atomic Scientists factored cyber attacks into their decision to move the symbolic Doomsday Clock closer to midnight.
However, there is a long-recognised skills gap within the cyber security sector, an issue that experts agree is compounded by a fragmented and incoherent foundational knowledge for this relatively immature field.
Mature scientific disciplines, such as mathematics, physics, chemistry and biology have long-established foundational knowledge and clear learning steps from pupils studying GCSEs at secondary school to undergraduate degrees at university, and beyond.
Leading efforts to bring cyber security into line with the more established sciences is a project led by Lancaster University's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor George Danezis, Dr Emil Lupu, and Dr Howard Chivers - that will pull together knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge.
"The creation of a Cyber Security Body of Knowledge is an essential step towards creating the necessary foundational knowledge to inform the education and development of future cyber security professionals, and the discipline as a whole," said Professor Rashid, Director of Lancaster University's Security Lancaster Research Centre. "The aim is for it to become the Bible for the cyber security field and a resource that the whole community can use."
The Cyber Security Body of Knowledge would be made open-source and would be of benefit to educators, schools and for professional development programmes. In addition to bringing together cutting-edge knowledge, it will also make recommendations about which elements should form content for curricula at different levels.
There will be opportunities for both academia and cyber security professionals to participate in the two and a half-year development process by acting as authors or participating in the community of reviewers to scrutinise the body of knowledge. The process will also be informed by an Industrial Advisory Board. "The Cyber Security Body of Knowledge will be a resource for the community by the community", said Professor Rashid.
This project will be funded through the National Cyber Security Programme - a £1.9 billion transformational investment to provide the UK with the next generation of cyber security.
Minister of State for Digital and Culture Matt Hancock said: "We have recently announced a Cyber Schools Programme so thousands of the best and brightest young minds are given the opportunity to learn cutting-edge cyber security skills alongside their secondary school studies. This follows a series of other initiatives to find, finesse and fast-track tomorrow's online security experts as part of the Government's National Cyber Security Programme. I welcome the development of the Cyber Security Body of Knowledge which will play a vital role in helping professionals share their expertise to help inspire the next generation of talent across the country."
Chris Ensor, Deputy Director for Cyber Security Skills and Growth at the National Cyber Security Centre (NCSC) said: "NCSC and GCHQ are undertaking ambitious skills programme that includes a suite of initiatives designed to strengthen and develop the pipeline of talent feeding the UK's cyber security workforce.
"The Cyber Security Body of Knowledge is an important part of this urgent work that seeks to inspire and train talented young people to develop their cyber skills."