Upload
austin-little
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Cybersecurity Education:The Way ahead
So Many Possibilities
Dr. Vic Maconachy Chris InglisCapitol Technology University U. S. Naval Academy
CAE Community Meeting, - Columbia, MarylandAccreditations and Designations Working Session
November 4, 2014
TODAYWhat we know:
Huge and growing demand for educated cybersecurity workers
Huge and growing threats and vulnerabilities
What we are doing now:A good, wholesome and fitting response from government; provide initial & sustained leadership, examples and incentives. Similar to 1950’s National Defense Fund after Sputnik.
We recognize that currently there are certifications for training and “recognition” for education programs. We need both.
We are already seeing employers favor students, from traditional disciplines, who also have education and experience in cybersecurity.
For the Future:
A. As the discipline maturesa. Industry need will grow, beyond government’sb. Industry and government currently look for graduates from
nationally accredited programs: Start getting cybersecurity content into those programs
Discipline National Accrediting BodyEngineering & Computer Science ABETBusiness IACBEFinance AACSBIT CAHIIMEducation NCATELaw ABA
1 Commission on Accreditation for Health Informatics and Information Management Education
Why Accreditation?
Accreditation is both a process and a statusAccreditation is a means to assure and improve higher
education quality, assisting institutions and programs using a set of standards developed by peers.
Currently, 80 recognized organizations accredit more than 7,000 institutions and 19,000 programs serving more than 24 million students. (1)
Accreditation:Assists with student mobility (assists with credit transfer)Promotes accountabilityEncourages confidence an institution’s program of education is
described in a fair and accurate mannerSignals prospective employers that an educational program has
met widely accepted educational standards
Council on Higher Education. The Value of Accreditation. Washington, D. C. 2010.
Multiple PathsSustain current government “recognition”Promote inclusion of cybersecurity in criteria
updates with current national accreditors.Begin studies on feasibility and validity to
possible new national accreditation in cybersecurity. (Major role for industry and academia)
Pursue cybersecurity in the context of “Cyber Science”
Sustain Government “Recognition”Continue active government leadership and
resourcingSimilar to 1950’s National Defense ActStill inherently government functionResponse to state of national cyber insecurity
Inclusion in Existing AccreditationsProduce workforce with greater sense that
designing and implementing cybersecurity is a critical part of their job.
Puts cybersecurity capability directly into business, industry, government and the critical infrastructures.
Example already exists
Begin studies on possible future interdisciplinary cybersecurity degree national accreditation. WHY: We Must keep Improving
a. Truly confirm interdisciplinary nature of cybersecurityb. Study/Confirm need for generalists as Bachelor’s levelc. Explore potential for “Deep Dive” into specialty areas of
cybersecurity at graduate level. New NSA approach serves as a model.
Cyber Science1. Scope Definition – Right now, the concept of “cyber” is being thrown around without any explicitscope definition or restrictions. We need to define what it is that we are talking about.2. Process – Based on the IT historical exemplar that we have been loosely considering as a potentialmodel for this effort, there are three major components of the process to get from concept to a setof accreditation criteria:a. Identification of the professional community – This is important for three key reasons. First,it is the professional community and/or constituents that define the related Body ofKnowledge. Second, accreditation criteria are necessarily community driven. And third, inpractice a professional society needs to “own” the accreditation criteria.b. Identification of a Body of Knowledge (BOK) for the discipline – Of course, to have a BOK,one must first define the scope of the discipline and then determine a BOK for that scope.There have been some attempts to address this, but each seems to get bogged down by theall-too broad scope of the loosely defined term cyber. Without a proper scope definition, itis impossible to canonize any existing work as appropriate for CEP.c. Development of a set of ABET program criteria –
Just As Technology Does not Stand Still, So Does the Expertise of Those Who Would Do us Cybernetic Harm
The APTs Will Get Worse:
Study where and what are those “professionals and practitioners” learning as tradecraft.
Remember !“Train the way you fight”
Train & educate better than
the adversary
What next?Education Cannot Be the Weakest LinkAchieving this complete integration of
cybersecurity across current academic disciplines will take time, effort, collaboration, and advocates.
Until this integration is achieved, and even beyond, it is the role, responsibility and national expectation that government will lead in assuring our national cyber defense includes robust, evaluated, and recognized programs of study.
For TodayIn groups examine and report on:
Seeking national accreditationEmergence of “cyber” as a science of studyRelationship of national accreditation to
current CAE Program
We will reconvene before the end of the session and review results.
Group 1: Seeking national accreditation
Some questions to consider:Which current national accrediting bodies
should be approached? Why?How can industry & academia move this
forward?Is there a priority order for approaching those
bodies?Select one area of accreditation and outline
some of the proposed new areas of study. (Example: Computer science – Secure Coding)
Group 2:Emergence of “cyber” as a science of studySome questions to consider:
It what ways is this similar to the move to establish “computer science” as a discipline of study?
List potential stakeholders in this movement?What would you expect a person graduating
with a degree in Cyber Science to know and be able to do?
Group 3:Relationship of national accreditation to current CAE Program
Some questions to consider:Is providing guidance and leadership in this
area still (in whole or part) inherently a government function?
What elements of the CAE program can any national movements towards accreditation use/build upon?
Given the current state of national cyber security what role do you see government performing with regards to program recognition / accreditation?