Overcoming the Challenges of Teaching Cybersecurity in UK Computer Science Degree Programmes

This Innovative Practice Full Paper explores the diversity of challenges relating to the teaching of cybersecurity in UK higher education degree programmes, through the lens of national policy, to the impact on pedagogy and practice.There is a serious demand for cybersecurity specialists, both in the UK and globally; there is thus significant and growing higher education provision related to specialist undergraduate and postgraduate courses focusing on varying aspects of cybersecurity. To make our digital systems and products more secure, all in IT need to know some cybersecurity – thus, there is a case for depth as well as breadth; this is not a new concern, but it is a growing one. Delivering cybersecurity effectively across general computer science programmes presents a number of challenges related to pedagogy, resources, faculty and infrastructure, as well as responding to industry requirements.Computer science and cognate engineering disciplines are evolving to meet these demands – both at school-level, as well as at university – however, doing so is not without challenges. This paper explores the progress made to date in the UK, building on previous work in cybersecurity education and accreditation by highlighting key challenges and opportunities, as well as identifying a number of enhancement activities for use by the international cybersecurity education community. It frames these challenges through concerns with the quality and availability of underpinning educational resources, the competencies and skills of faculty (especially focusing on pedagogy, progression and assessment), and articulating the necessary technical resources and infrastructure related to delivering rigorous cybersecurity content in general computer science and cognate degrees.Though this critical evaluation of an emerging national case study of cybersecurity education in the UK, we also present a number of recommendations across policy and practice – from pedagogic principles and developing effective cybersecurity teaching practice, challenges in the recruitment, retention and professional development of faculty, to supporting diverse routes into post-compulsory cybersecurity education (and thus, diverse careers) – to provide the foundation for potential replicability and portability to other jurisdictions contemplating related education and skills reform initiatives and interventions.

[1]  Henry L. Owen,et al.  Georgia tech information security center hands-on network security laboratory , 2006, IEEE Transactions on Education.

[2]  Rajendra K. Raj,et al.  Infusing Principles and Practices for Secure Computing Throughout an Undergraduate Computer Science Curriculum , 2020, ITiCSE.

[3]  James H. Davenport,et al.  A UK Case Study on Cybersecurity Education and Accreditation , 2019, 2019 IEEE Frontiers in Education Conference (FIE).

[4]  Min-Seok Pang,et al.  Security Breaches in the U.S. Federal Government , 2017 .

[5]  Evon M. O. Abu-Taieh Cyber Security Body of Knowledge , 2017, 2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2).

[6]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[7]  Steven Bradley Managing plagiarism in programming assignments with blended assessment and randomisation , 2016, Koli Calling.

[8]  James H. Davenport,et al.  Language Choice in Introductory Programming Courses at Australasian and UK Universities , 2018, SIGCSE.

[9]  Gregory J. Conti,et al.  Cyber Education: A Multi-Level, Multi-Discipline Approach , 2015, SIGITE.

[10]  Shrikant Palkar Industry-academia collaboration, expectations, and experiences , 2013, INROADS.

[12]  James H. Davenport,et al.  An Analysis of Introductory Programming Courses at UK Universities , 2017, Art Sci. Eng. Program..

[13]  James H. Davenport,et al.  Innovative Pedagogical Practices in the Craft of Computing , 2016, 2016 International Conference on Learning and Teaching in Computing and Engineering (LaTICE).

[14]  Fred B. Schneider,et al.  Cybersecurity Education in Universities , 2013, IEEE Secur. Priv..

[15]  Steven Bradley,et al.  Creative Assessment in Programming: Diversity and Divergence , 2020, CEP.

[16]  Khaled Salah,et al.  Harnessing the cloud for teaching cybersecurity , 2014, SIGCSE.

[17]  Paul Hanna,et al.  Computer Science Degree Accreditation in the UK: A Post-Shadbolt Review Update , 2020, CEP.

[18]  Tom Crick,et al.  The ICT Steering Group’s Report to the Welsh Government , 2013 .

[19]  Mark Stockman Infusing social science into cybersecurity education , 2013, SIGITE Conference.

[20]  Theodore Tryfonas,et al.  Public Policy and Skills for Smart Cities: The UK Outlook , 2018, PETRA.

[22]  Jens Mache,et al.  Top 10 hands-on cybersecurity exercises , 2013 .

[23]  A. Irons,et al.  Delivering Cybersecurity Education Effectively , 2019, Cybersecurity Education for Awareness and Compliance.

[24]  Matthew Smith,et al.  Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study , 2017, CCS.

[25]  Cynthia Taylor,et al.  ');DROP TABLE textbooks;--: An Argument for SQL Injection Coverage in Database Textbooks , 2019, SIGCSE.

[26]  Ray A. Perlner,et al.  Digital Identity Guidelines: Authentication and Lifecycle Management , 2017 .

[27]  Sergey Bratus,et al.  Teaching the principles of the hacker curriculum to undergraduates , 2010, SIGCSE.

[28]  NEIL C. C. BROWN,et al.  Restart: The Resurgence of Computer Science in UK Schools , 2014, TOCE.

[29]  Faron Moller,et al.  A university-based model for supporting computer science curriculum reform , 2018, Journal of Computers in Education.

[30]  James H. Davenport,et al.  The Institute of Coding: A University-Industry Collaboration to Address the UK’s Digital Skills Crisis , 2019, 2020 IEEE Global Engineering Education Conference (EDUCON).

[31]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[32]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[33]  Tom Crick,et al.  Resilience and Effective Learning in First-Year Undergraduate Computer Science , 2020, ITiCSE.

[34]  Audun Jøsang,et al.  Global perspectives on cybersecurity education for 2030: a case for a meta-discipline , 2018, ITiCSE.