Transcript Slide 1
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity for Critical Infrastructure Day 2 Summary November 9, 2012 Support for this work was provided by the National Science Foundation’s Federal Cyber Service: Scholarship for Service (SFS) program under Award No. 1241735. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. Announcement In the process of setting up a web site. All presenters send slides to [email protected] Day 1 Summary What is critical infrastructure? What are some of the challenges? What are potential solutions? Day 2 Summary Ronnie Killough, Southwest Research Institute Oil & gas, Transportation, SmartGrid, Nuclear power, Railroads, Water resources What’s unique about security for cyber-physical systems? • Multi-disciplinary, Domain-specific, non-standard, operational constraints Cyber-physical project examples (multi-disciplinary) • Design for security, worldwide client base • Penetration testing (meters), risk vs. cost to secure, deployment, communications • Security research (automotive) Soft skills, multi-disciplinary, SW/HW/Networking: need new skills Course on critical infrastructure domains, balance breadth/depth, provide divergent paths for security development vs penetration testing Day 2 Summary Ravi Sandhu, UT San Antonio Cybersecurity for graduate education Is cybersecurity becoming a discipline separate from CSE? Vance: science of cyberspace, cyberspace is everywhere in every domain The packaging challenge? What is the core of this discipline? There is an infinite supply of attacks. “The system is secure enough” – the bar for “enough” is fairly low ATMs, online banking/ecommerce (simple success stories) – not attainable via current cyber security science, engineering, doctrine Develop a scientific discipline – find sweet spots for different applications, need microsec that leads to desirable macrosec (as in critical infrastructure) Changes are need to achieve a scientific discipline Day 2 Summary Chris Kulander, School of Law Panel Oil and gas (strategic national interest): networked real-time data transfer Theft of customer data, seismic data, proprietary info. Sabotage: infiltration (foreign governments), attack of power grids, vandalism, monkey-wrenching Control Point – Survey Act Victoria Sutton, School of Law Panel Cybersecurity law education for lawyers Developing a cybersecurity law certificate Cybersecurity law landmark cases Day 2 Summary Suku Nair, Southern Methodist University HACNet – security and reliability MS in Security Engineering Admission requirements: many don’t have CS backgrounds, need one year of experience in Information Assurance Different delivery modes (on campus, distance, on-site executive, hybrid) NSF Center (I/UCRC) and NSA Center of Academic Excellence COE Panel Comments: Need to go back to the basics of deep computing knowledge for computingoriented cybersecurity backgrounds. Where do we go from here? Suggestions: