Transcript Slide 1
Whitacre College of Engineering Panel
Interdisciplinary Cybersecurity Education
Texas Tech University NSF-SFS Workshop on Educational
Initiatives in Cybersecurity for Critical Infrastructure
Day 2 Summary
November 9, 2012
Support for this work was provided by the National Science Foundation’s Federal
Cyber Service: Scholarship for Service (SFS) program under Award No. 1241735.
Any opinions, findings, and conclusions or recommendations expressed in this
material are those of the author(s) and do not necessarily reflect the views of the
National Science Foundation.
Announcement
In the process of setting up a web site.
All presenters send slides to
[email protected]
Day 1 Summary
What is critical infrastructure?
What are some of the challenges?
What are potential solutions?
Day 2 Summary
Ronnie Killough, Southwest Research Institute
Oil & gas, Transportation, SmartGrid, Nuclear power, Railroads,
Water resources
What’s unique about security for cyber-physical systems?
• Multi-disciplinary, Domain-specific, non-standard, operational constraints
Cyber-physical project examples (multi-disciplinary)
• Design for security, worldwide client base
• Penetration testing (meters), risk vs. cost to secure, deployment, communications
• Security research (automotive)
Soft skills, multi-disciplinary, SW/HW/Networking: need new skills
Course on critical infrastructure domains, balance breadth/depth,
provide divergent paths for security development vs penetration
testing
Day 2 Summary
Ravi Sandhu, UT San Antonio
Cybersecurity for graduate education
Is cybersecurity becoming a discipline separate from CSE?
Vance: science of cyberspace, cyberspace is everywhere in every domain
The packaging challenge? What is the core of this discipline?
There is an infinite supply of attacks.
“The system is secure enough” – the bar for “enough” is fairly low
ATMs, online banking/ecommerce (simple success stories) – not attainable via
current cyber security science, engineering, doctrine
Develop a scientific discipline – find sweet spots for different applications,
need microsec that leads to desirable macrosec (as in critical infrastructure)
Changes are need to achieve a scientific discipline
Day 2 Summary
Chris Kulander, School of Law Panel
Oil and gas (strategic national interest): networked real-time data transfer
Theft of customer data, seismic data, proprietary info.
Sabotage: infiltration (foreign governments), attack of power grids, vandalism,
monkey-wrenching
Control Point – Survey Act
Victoria Sutton, School of Law Panel
Cybersecurity law education for lawyers
Developing a cybersecurity law certificate
Cybersecurity law landmark cases
Day 2 Summary
Suku Nair, Southern Methodist University
HACNet – security and reliability
MS in Security Engineering
Admission requirements: many don’t have CS backgrounds,
need one year of experience in Information Assurance
Different delivery modes (on campus, distance, on-site
executive, hybrid)
NSF Center (I/UCRC) and NSA Center of Academic
Excellence
COE Panel
Comments: Need to go back to the basics of
deep computing knowledge for computingoriented cybersecurity backgrounds.
Where do we go from here?
Suggestions: