IT security training now the 'substantial' task of GCHQ

The government is turning co-ordination of its IT security training over to the information assurance arm of British intelligence agency GCHQ.

In the past, all government IT security training has been the charge of the Cabinet Office, through the office of the Central Sponsor for Information Assurance (CSIA). However, GCHQ said on Tuesday that its National Technical Authority for Information Assurance arm, known as CESG, will take on the role of co-ordinating the training effort.

"CESG will develop the content for information assurance education and training, and will approve service providers for its delivery, in consultation with the CSIA," GCHQ told silicon.com sister site ZDNet UK in an email exchange.

However, the Cabinet Office will continue to have strategic oversight of the training, the agency added.

The information assurance training covers areas such as data protection, security good practice and how to harden IT systems. As its scope covers both government agencies and their industry partners, the task is "substantial", GCHQ said.

To deal with the amount of training needed, CESG will certify training programmes offered by the security industry so public-sector bodies and their business partners can use these.

"CESG is looking to quality-assure training and education programmes through industry partners and in collaboration with government departments," GCHQ said. "To meet the volume, we anticipate that all forms of training will be used, from traditional training in classrooms to e-learning packages, workshops and seminars."

Training materials will in part be gathered by harvesting 'good practice' from the public sector, via workshops involving government agencies. One of these workshops has already taken place, on 14 May, GCHQ said. "Twelve different government departments were represented [at the workshop], including the Department for Work and Pensions, the Home Office, HM Revenue & Customs, and the National Policing Improvements Agency," the agency said.

The agency also intends to feed information security knowledge from private-sector sources into the training. However, CESG will not take on any training role for the private sector, GCHQ said.

"[Information assurance] professionalism across the private sector is addressed by the Institute of Information Security Professionals," said GCHQ. "[Information assurance] and information security good practice for the private sector is handled by the department for Business, Innovation and Skills. CESG supports government customers and those private-sector organisations delivering information services to those customers."

The expansion in CESG's role comes at a time when GCHQ is taking on more responsibilities in general. As part of the government's Cyber Security Strategy, a Cyber Security Operations Centre is being set up in Cheltenham to co-ordinate UK systems infrastructure defence and attack capabilities.

Original article: GCHQ takes on gov't IT security training from ZDNet UK