Upload
informa-australia
View
191
Download
9
Tags:
Embed Size (px)
Citation preview
Development of an Engaged Teaching and
Research Agenda in Cyber Security
Professor Jill Slay
Australian Centre for Cyber Security
Agenda
• This presentation will focus on the development of
teaching and research in Cyber Security.
• It will discuss the way in which short courses and
undergraduate and postgraduate courses and programs
have quickly been organised around existing skills gaps
at UNSW's Australian Centre for Cyber Security. .
• It will also focus on current and expected research
initiatives in this broad field and the national benefits that
can be realised from such a centre.
Questions
1. Where did our current Cyber Security curricula originate?
2. How do we define a Cyber security professional?
3. How do we decide on what is in the curriculum?
4. What might engaged research in Cyber Security look
like?
Following 4 slides and thoughts credited to my mentor :Professor COREY SCHOU
Informatics Research Institute, Idaho State University, Box 4043, Pocatello, Idaho
ACM Inroads Volume 6 Issue 2, June 2015
Pages 64-69
Where did Cyber Security originate
• In 1970, the Defense Science Board Report on Security
Controls for Computer Systems predicted that:
– [t]he issue of providing security controls in computer systems will
transcend the Department of Defense. Furthermore, the
computing industry will eventually have to supply computers and
systems with appropriate safeguards.
• This foreshadowed emerging security needs of the
information industry.
Historically – Cyber Security moved to Computer Science
Domain
• In 1980’s, Institute for Defense Analyses developed
curricular materials for computer science.
• The modules included introduction to information
protection, operating systems security, network security,
database security, formal specification and verification,
and risk analysis. Later they added security literacy, law
and legislation, policy, and control systems.
Historically – then DoD customised it!
• In 1986, Assistant Secretary of Defense (C3I) Donald
Latham proposed a model that both simplified and
complicated life.
• He added the historical context going back to
transmissions security, communications security and
computer security and adding non-engineering
dimensions such as physical and personnel security.
Historically – Schou’s reflections
• “So much for a simple model based on engineering principles.
• I learned that models beget models. In our case, Latham begat Todd
and Guitian which begat McCumber, which begat Common Body of
Knowledge (CBK), which begat NIST 800-16 [17], which begat the
Committee on National Security Systems (CNSS), which begat the
Maconachy, Schou and Ragsdale [MSR] model used by ACM as
part of their model curriculum which begat IGS …Essential Body of
Knowledge (EBK) …National Initiative for Cybersecurity Education
(NICE)]… and so the beat goes on;
• It continues unto the present day. Some of the descendants of the
early work are broad while others are deep; the only certainty is that
there is little agreement. So, whose list do we choose to ensure a
viable education model? Frankly, we need not choose—we need
them all; we need breadth and selected depth”.
Does Cyber Security belong to Computer Science?
• “There is an industry-based and social need to teach Information
Assurance in disciplines other than Computer Science or Software
Engineering.
• This curriculum can assume no technical prerequisites but does
assume that the student comes from a background which is
language rich and where knowledge will be applied in a social or
business and commercial context.
• This kind of approach would bring a richness to a field which is
often ostrich-like in burying itself away from the social, legal, ethical
and political outcomes of technology development and dependence
which is currently inherent in our IEEE/ ACS/ ACM technically
compliant approach.”
Does Cyber Security belong to Computer Science?
“Law: national and international, Computer, Criminal, and Civil
Social Science: Socio-political issues (privacy, encryption,
surveillance), Activism, Hacktivism, Cyberterrorism and Cyber-
warfare, Socio-psychological impacts of computing
Physical Security
Fundamentals of Cyber-crime
Ethics, Values and Moral Decision Making
Current Issues in Security
Advanced Security Risk Management”
This curriculum would be appropriate to industry and to the protection
of the Australian National Infrastructure. “Slay, J 2005, ‘Developing the Cross-Disciplinary Nature of Information Assurance in the Undergraduate Curriculum’, in
Proceedings of the 9th Colloquium for Information Systems Security Education, Atlanta June 7th 2005.
Cyber Security Curriculum– breadth and depth• Engineering, CS, IS, maths, OR, AI, legal, psychological, political,
business or sociological or other teaching / learning and research
approaches that can be applied to:
• Access Control – a collection of mechanisms that work together to create
security architecture to protect the assets of the information system.
• Telecommunications and Network Security – discusses network
structures, transmission methods, transport formats and security measures
used to provide availability, integrity and confidentiality.
• Information Security Governance and Risk Management – the
identification of an organization’s information assets and the development,
documentation and implementation of policies, standards, procedures and
guidelines.
• Software Development Security – refers to the controls that are included
within systems and applications software and the steps used in their
development.
• Cryptography – the principles, means and methods of disguising
information to ensure its integrity, confidentiality and authenticity.
Cyber Security CurriculumSecurity Architecture and Design –concepts, principles, structures and
standards used to design, implement, monitor, and secure system.
Operations Security – used to identify the controls over hardware, media and
the operators with access privileges to any of these resources.
Legal, Regulations, Investigations and Compliance – addresses computer
crime laws and regulations; the investigative measures and techniques.
Physical (Environmental) Security – addresses the threats, vulnerabilities
and countermeasures that can be utilized to physically protect an
enterprise’s resources and sensitive information.
Information Warfare; Electronic Warfare;
Political issues in Cyber Security; Strategy and Diplomacy;
Human Factors; Psychology of acceptance of security;
Economics of Security; National Security / Cyber Security nexus
Cyber security / Intelligence nexus
Privacy
UNSW Canberra@ ADFA
• Undergraduate Education
• Postgraduate Education
• Short Courses
• Postgraduate Research
ZINT 2100
• An undergraduate course for all students at UNSW Canberra
(ADFA) – 150 per semester
• Cross-disciplinary providing breadth
Humanities – 12 hours
• Understanding Cyber-security Policy
• Cyber-security, National Security and International Security: The
Threat and the Policy Challenge
• Law, Strategy and Cyber-security
• Ethics of Cyber-security
• International cyber-security case study – China
• Domestic policy considerations
ZINT 2100
IT – 12 hours plus 16 hours practical in Cyber Range
• Threats in Cyberspace
• Defence Concepts
• Computer Network Basics
• Cryptography Basics
• Attack / Pen Test Tools
• Attack / Pen Test Lifecycle
• Preparing a Defence and Monitoring
• Responding to an attack and learning lessons
• Wireless
• Industrial Control Systems
• Case Studies and Review
Postgraduate Coursework
• Designed to bridge skills gap but also to provide academic rigour at
Masters level
• Developed to take part of skills burden from employers
• Assumes student already has some breadth of underpinning
undergraduate education or equivalent experience
• Assumes student knowledge is not balanced – some lack practical
skills but have well-developed theoretical foundations & vice versa
Masters Degree in Cybersecurity
Core Courses
ZEIT8020 - Computer Network Operations
ZEIT8025 – Reverse Engineering of Malware
ZEIT8021 - Information Assurance and Security (CISSP)
ZEIT8026 - Network Security Operations
Elective Courses
ZEIT8024 - Software Security Lifecycle (CSSLP)
ZEIT8027 -Critical Infrastructure and Control System Security
ZEIT8028 - Computer Forensics (CCFP *)
ZEIT8029 - Network Mobile and Device Forensics (CCFP *)
Masters Cyber Security Operations
Core Courses
ZEIT8017 – Cyber Crime and Cyber Security
ZEIT8018 - Cyber Defence: Governance, Management and Acquisition
ZEIT8138 - Making Decisions with Risk
ZEIT8032 - Information Assurance Principles
Elective Courses
LAWS 8030- Cybercrime, Security and Digital Law Enforcement
ZEIT8115 - Information Operations
ZEIT 8226 Systems Engineering Practice
ZEIT8136 Software Project Management
ZEIT8302 Project Administration
ZEIT8303 Project Mgmt Body of Knowledge
ZEIT8230 Requirements Eng
ZEIT8403 Capability Option Analysis
Masters Cyber Security, Strategy and Diplomacy
Core Courses: Students must take 24 UOC of the following courses.
ZEIT8032 - Information Assurance Principles
ZHSS8441 - Cyber Security and World Politics
ZHSS8455 - Australian Cyber Diplomacy
ZHSS8457 - Cyber Security in Asia
Masters Cyber Security, Strategy and Diplomacy
MORE ELECTIVES (HASS) TECHNICAL ELECTIVES (ACCS)
ZHSS8430 - China's Security Policy and Military
Modernisation (6 UOC)
ZHSS8431 - Comparative Defence Planning (6
UOC)
ZHSS8435 - Contemporary Strategy (6 UOC)
ZHSS8438 - The Justice of War: States, Self-
Defence, & Force (6 UOC)
ZHSS8439 - Reforming Repressive Regimes (6
UOC)
ZHSS8440 - Delinquent Organisations in World
Politics (6 UOC)
ZHSS8442 - Conflict Transformation (6 UOC)
ZHSS8456 - Australian Cyber Forces (6 UOC)
(Proposed May 2015)
ZHSS8458 - Cyber Policy in China (6 UOC)
(Proposed May 2015)
ZHSS8400 - Research Project: Politics Single
Session (12 UOC)
ZHSS8401 - Research Project - Politics Full
Year (6 UOC)
ZEIT8015 - Cyber Operations (6 UOC)
ZEIT8017 - Cyber Crime and Cyber Security (6
UOC)
ZEIT8018 - Cyber Defence: Governance,
Management and Acquisition (6 UOC)
ZEIT8019 - Intrusion Analysis and Response (6
UOC)
ZEIT8020 - Computer Network Operations (6
UOC)
ZEIT8024 - Software Security Lifecycle (6 UOC)
ZEIT8025 - Application and Software Security and
Forensics (6 UOC)
ZEIT8026 - Network Security Policy Management
(6 UOC)
ZEIT8027 - Critical Infrastructure and Control
System Security (6 UOC)
ZEIT8028 - Computer Forensics (6 UOC)
ZEIT8029 - Network and Mobile Device Forensics
(6 UOC)
Short coursesShort courses are intense, practical and deep – taught by industry
experts. Technical content is ‘scaffolded’.
• Identifying vulnerabilities through protocol “FUZZING” and Static
Binary Analysis And Crash Test Party 2 days
• Cyber Law Seminars 4 days
• Cyber Adversary Tradecraft 4 days
The increasing awareness in the public domain of cyberspace threats is
causing nearly all government agencies to include cyber as part of their
strategic agenda. This course is aimed at government personnel who are
involved with contributing to government cyber strategy, policy or
operations. Delegates will develop a detailed understanding of the
processes, tactics and tools used by a cyber-adversary in exploiting
computer networks to fulfill an information requirement.
• Intranet Network Security
In this workshop participants will examine the Netflow protocol in detail and
learn how this is used to aggregate Internet traffic into flow records which can
then be examined, visualised and stored to both monitor and manage a
network and to also forensically identify malicious activity and potential threats.
Students develop and manage a botnet as part of the exercise.
• Security Boot camp
This is a 101 IT security course designed to teach you about IT security issues,
looking at the types of attacks that are happening at the moment, how they
work and how to protect yourself and your organisation against them. This
course culminates in some basic Red (hacker) Vs Blue (defender) scenarios
using specifically design cyber labs and the cyber range at UNSW Canberra.
• Wireless Security 2 days
This technical course looks at security issues of a broad range of wireless devices from
wireless computers, mobile phones as well as other devices. This course has an in-
depth look at types of protocols, various discovery and attack techniques.
• Introduction to Pen Testing 5 days
This course looks at the OWASP and OSTINT content. This course will provide an
introduction to Penetration Testing and work through the differences between
Vulnerability Assessments and actual Penetration Tests. The course will take the students
into the world of the attackers and the lengths they will go to gain a foothold in the
networks of their victims.
• Intrusion Analysis and Response 4 days
This workshop gives a law enforcement perspective on methods of attacking and
defending a network. It looks at the underlying issues in secure information
infrastructures including servers, networks, firewalls, workstations, and intrusion
detection systems. The course will explore the attackers’ mindsets and methods, and
work through the different ways of protecting the estate. The course will cover keystone
technologies required in an effective security defence solution including an introduction to
usable and effective policies that staff will follow and not be encouraged to work around.
Research Publications
• The 52 UNSW staff associated with the Australian Centre for Cyber
Security are committed to inter-disciplinary study of the field.
• They represent a wide number of “home” disciplines (science,
engineering, information technology, law, politics, geography, and
international relations).
• All work in some way on cyber-related issues.
• A review of their publications reflects those most closely focused on
cyber-related themes published in 2014, the year ACCS was
launched, or since
• 5 books,
• 265 articles,
• 7 submissions and reports.
Research Topics
• Acoustics
• Aerodynamics and engine performance
• Air traffic control
• Algorithm development
• Anomaly detection
• Australian policy and law
• Authentication and identity
• Autonomous vehicles
• Biometrics
• Brain-machine interaction
• China cyber
• Chip design
• Computer games
• Corporate ethics
• Critical infrastructure protection
• Crowd sourcing
• Cyber attack
• Cyber emergency response
• Cybernetics
• Data sovereignty
• Data summarization and aggregation
• Digital skills
• Diplomacy for cyber security
• Disruptive systems
• Drones and privacy
• eGovernment
• Environmental planning
• eVotingFingerprinting
• Forensics and law enforcement
• Free access data
• Geographic visualisation
• GPS
• Green energy
• Highly secure computing
• Home networks in the cloud
• Industrial control systems
Research Topics
• International law and governance
• Internet freedom and censorship
• Intrusion detection
• Law enforcement
• Logistics
• Malware removal
• Media law
• Medical informatics
• Mineralogy
• Mobile computing
• Mobile video applications
• Mobile video streaming
• Naval design
• Network analysis for social capital
• Network traffic management
• Outer Space
• Piracy
• Privacy technologies and policies
• Pure mathematics
• Red-teaming
• Remote sensing
• Risk management
• SCADA
• Sea states
• Secure data collection
• Security in civil nuclear power
• Security in the cloud
• Smart grids
• Social media and revolution
• Social media in emergency response
• Trust
• User/machine interface
• Wearable computing
• Wi-fi security
Conclusion
• Cyber Security is necessarily cross-disciplinary
• A Cyber Security Professional has both broad and deep knowledge
• Curriculum has to develop breadth and depth and is always evolving
– computer scientists are not necessarily the best people to do this
• Research topics are broad and any research question can be
tackled from a variety of research perspectives and use contrasting
methodologies
• Curriculum and research need to evolve with the changing nature of
the threat