Friday, September 19, 2008

Spaf: You can't have 94 centers of excellence

I have a 45 minute commute (not bad at all for the region) each way so I spend lots of time listening to the radio and one of the first (annoying) things I noticed was the amount of advertising about "information assurance" training programs out there targeting the "hot IT security field." Some of these justify their expertise ("you'll learn from the best!") based on their NSA Center of Excellence accreditation.


And Spaf nails it when he justifies Purdue's decision not to remain in the program

More importantly, this goes to the heart of what it means to be “trustworthy.” Security and privacy issues are based on a concept of trust and that also implies honesty. It simply is not honest to continue to participate in (and thereby support) a designation that is misleading. There are not 94 centers of excellence in information and cyber security in the US. You might ask the personnel at some of the schools that are so designated as to why they feel the need to participate and shore up that unfortunate canard.
While this is true, I think there is definitely something else going on here that reflects the changes (and more importantly the ambivalence about the changes) in [Computer|Network|Information] field over the last decade. As knowledge goes mainstream, as a discipline no longer remains in the realm of experts or "the Academy" (as they would say in the culture wars of the 90s) there is always the temptation to lament the "watering down" of a field of expertise. This is also seen in the division between the "Security Education" v. "Security Training" and I'm not sure what the difference is.  As Liberal Arts grad, I saw (and still see) Computer Science/Engineer programs essentially all as training whether the program is at a suburban community college or a major land grant university. 

No comments: