NSA Specs Cybersecurity Curriculum for 21st Century

NSA sponsors IT security training, despite scandal over its methods

Nearly 200 colleges and universities have joined a program, sponsored by the National Security Agency (NSA), that defines terms of a cybersecurity curriculum designed to create the next generation of national IT defense experts.

To qualify for certification as a National Center of Academic Excellence in Information Assurance or Cyber Defense – a program co-sponsored by the Department of Homeland Security and housed in the NSA headquarters in Ft. Meade, Md. – schools must teach classes in C, networking, discrete math, cyberdefense and other topics, according to an announcement published Nov. 12.

An October survey sponsored by defense contractor Raytheon Corp. found that only a quarter of students are interested in careers in cybersecurity, and that universities rarely suggest it as a potential career path.

In February, DHS launched a program designed to promote cybersecurity careers, further expanding the effort in September. The current push stems from the NSA’s National Centers of Academic Excellence – a long-running program designed to promote cryptography and cybersecurity.

More than 180 schools have become part of the program, though it’s not clear how many are developing cybersecurity curricula based specifically on NSA criteria. Schools in the program have access to resources to help teach cybersecurity but are not required to teach to specific criteria or adhere only to NSA-approved topics or classes for cybersecurity programs.

The NSA’s use-case example is a program called Advanced Cybersecurity Experience for Students (ACES) at the University of Maryland, which was created with a $1.1 million grant from defense contractor Northrup Grumman.

The ACES program – in which 57 students have enrolled – uses a multidisciplinary approach to security that is less technical than other security programs, according to a statement from Michel Cukier, director of ACES. It includes classes on computer science, engineering and business with a focus on analysis skills.

“Things will change, it’s a field where you need to learn all the time,” Cukier said. “We want to teach students that they need to keep their eyes open to get the most global picture to solve the problem.”

The current hot-spots in cybersecurity revolve around international cyberespionage incidents, including allegations that the NSA eavesdropped on the cell phone of German Chancellor Angela Merkel. The NSA online-spying scandal, involving Internet companies such as Google and Yahoo, could cost U.S. cloud providers up to $35 billion per year by scaring off international companies leery of its influence within the U.S., according to analysts quoted for a Nov. 8 San Jose Mercury News story.

But fears of widespread cyber-disaster, such as an e-attack that takes down the U.S. power grid, are probably unrealistic, according to Jason Healey, director of the Cyber Statecraft Initiative at conservative Washington think-tank The Atlantic Council, which sponsored a cyberwar-focused security conference Nov. 11.

Image: Shutterstock.com/Rena Schild, NSA,DHS