Examination Material - updated 10 September 2020

10 September 2020:     The independent investigator Adrian Lennox-Lamb has begun work and anyone who has information that may be relevant to the investigation can contact him via the confidential email address – [email protected].

Please rest assured, the identity of anyone contacting him at this email address will be known only to him.

Adrian Lennox-Lamb is a former Detective Chief Inspector and senior investigating officer, with experience of major crime investigation and anti-corruption.  He has over 12 years’ experience of workplace investigations in the public, private and third sectors and has no previous connections within the cyber security community.

♦   ♦   ♦   ♦   ♦

3 September 2020:    Further our previous updates on 12th, 17th and 20th August (see below), we wanted to provide a further update on what CREST has been doing to support the investigation into the recent deposit of confidential exam material into the public domain.

Firstly, the independent investigator has begun work ascertaining the full circumstances.  He would like to hear in confidence from anyone who may have relevant information about the unauthorised publication of the confidential material and urges them to contact him via a confidential email address ([email protected]).  Anyone with information can be fully assured that their identity will be known only to the investigator and will not be disclosed to any other parties.

Secondly, the investigator will be working with the NCSC to support their own investigation into the leaked material as well as liaising directly with NCC Group.  The timeline for the investigation will be defined at the end of this week (4 September).

Finally, our thanks go to our assessors and the exam development group who have worked hard to create new content for our Certified Infrastructure and Certified Web Applications examinations.  We will be able to recommence delivery of these practical examinations from 7 September for Infrastructure and from 5 October for Web Applications.  All of the affected candidates have already been provided with these dates and will be given priority for examination bookings.

We will provide further updates when we have them.

♦   ♦   ♦   ♦   ♦

20 August 2020:   Following our most recent communication dated 17 August, we wanted to let you know that the CREST (GB) Executive has voted in Rob Dartnall to act as Interim chair in place of Mark Turner (NCC group).  Rob Dartnall is CEO and Director of Intelligence for Security Alliance Ltd, a Cyber Threat Intelligence company.  Mark Turner is recused for the duration of the investigation.  In addition to this, all NCC Group assessors have temporarily stepped away from any activities related to CREST examinations.

CREST would also like to announce that an independent investigator has been appointed.  He is a former Detective Chief Inspector and has been selected for his independence, integrity and investigatory skills.

We have also appointed legal counsel to advise CREST and to oversee any necessary dialogue with NCC Group, the investigator or any other third parties involved.  This is to further ensure the independence of the investigation.

As a reminder, all CREST Certified Infrastructure Tester (CCT Inf) and CREST Certified Web Application Tester (CCT App) practical examinations have been suspended while the examination content is updated.  This decision was taken to protect the integrity of the examinations and the subsequent certifications.  It is anticipated that the update will be complete within the next 3-4 weeks and the syllabus will not change.

CREST will be interfacing and co-operating with other independent investigations.

We will provide further updates when we have them.

♦   ♦   ♦   ♦   ♦

17 August 2020:
     CREST is aware that further documents were posted online on Saturday 15 August 2020. To ensure that the integrity of the CREST Certified Infrastructure Tester (CCT Inf) and CREST Certified Web Application Tester (CCT App) certifications are maintained, these CCT practical examinations will be suspended while the examination content is updated.  It is anticipated that this will be complete within the next 3-4 weeks and we will be speaking to those candidates who are scheduled to take examinations in August and September to keep them informed of progress.

All candidates due to take CCT practical examinations this week and next have already been informed.  The syllabus will not change.

♦   ♦   ♦   ♦   ♦

12 August 2020
:     Further to our earlier statement on 11 August – see below – you may already be aware some content was posted by an unidentified individual on Github that appears to be training material from NCC Group for CREST examinations.  This is currently being investigated.  We are sure you appreciate that an investigation of this nature takes time.  However, we wanted to update you fully on the current position:

1.  The data publicised has been reviewed by the assessors’ panel and falls into three categories:

  1. Content which is not judged to relate to examination content and appears to be internal training material.
  2. Content which relates to current or recent past examination content, whose purpose appears to be to instruct others in passing the examination rather than providing technique instruction in a more general sense.
  3. Content which makes unsubstantiated suggestions including that further examination content exists, whose purpose appears to be to instruct others in passing the examination.

2.  The content is of no technical value to candidates looking to undertake a CREST practical exam.

3.  The content falling under (a) will be reviewed and tested against evidence.  This will also ensure we understand its compliance with the wider set of CREST policies.

4.  NCC will be providing further details in relation to the content falling under categories (b) and (c) in a written response to CREST.  The route that the investigation takes, and the consequential next steps, will depend on the responses that are provided.

5.  NCC are co-operating fully with CREST.

6.  The assessors have confirmed that the content which falls under (b) is no longer current; this was deprecated in components between June 2018 and July 2020.

CREST will be appointing an independent panel to investigate the case including the extent to which NCC were aware, or should have been aware, of the content of their training material.  For the avoidance of doubt, the CREST GB Chair, Mark Turner (NCC Group) has recused himself from any involvement in this investigation.

CREST takes breaches of its non-disclosure agreements very seriously and expects high standards of ethical behaviour from both its member companies and those holding CREST qualifications.  CREST will take appropriate action once its investigation has been completed.

We fully understand all of the concerns that have been expressed and this investigation will take full account of them.  Further updates will be provided as soon as we have them.

♦   ♦   ♦   ♦   ♦

11 August 2020:     CREST is aware of the content that has been posted by an individual on Github. We have conducted our initial investigation and this does not affect the integrity of current CREST examinations. The content appears to mainly be internal training material produced by member company. There is also a small amount of old exam material that has been posted by the individual however this is out-of-date and is no longer used in CREST examinations. We can confirm that neither the “crestnda” or the “crestapproved”  replies on Github were posted by CREST and that these accounts are not affiliated with us in any way.  We are continuing to investigate this incident.