Post on 24-Jan-2015
description
transcript
Professor Jill SlayAustralian Centre for Cyber Security
School of Engineering and IT
Training the Cyber Warrior
Agenda
• With the heightened focus on cyber operations this presentation
looks at the issues concerned in training the ‘ cyber warrior’.
• Australian Centre for Cyber Security
• UNSW@ADFA and beyond
• ZINT 2100 Introduction to Cyber Security
• Short courses
• Masters degrees:
• Cyber Security Operations,
• Cyber Security
• Cyber Security (Digital Forensics)
• Professional Doctorates and PhDs
Australian Centre for Cyber Security –
launched this week• UNSW Canberra has been allocated strategic funds for
the period 2015 – 2020 to stand up The Australian
Centre for Cyber Security.
• The Centre provides multidisciplinary, long-term,
international thought leadership in cyber security through
research, education and external engagement at a time
when cyber security has moved to the top of political,
scholarly and commercial agendas globally.
Australian Centre for Cyber Security –
launched this week
• Incorporating existing cross-disciplinary research across
Law, Business, Political Science, Computer Science,
Engineering and Information Systems (current
membership is about 50 academic staff), achieving a
critical mass of research activity in cyber security ;
• Hiring, retaining and fostering up to 10 new leading,
internationally recognized research staff in cyber security
(at a broad range of academic levels and across a range
of disciplines) providing a cutting-edge and truly
interdisciplinary research environment;
Australian Centre for Cyber Security –
launched this week
• Developing and building on research linkages within the
cyber industry, both domestically and internationally;
• Being a source of thought leadership and expertise
across a range of relevant communities (political, cyber
industry, defence, academic, individual and
organizational users, and media);
• Being a significant contributor to (and promoter of) public
debate about cyber security;
• Cyber Test range: purchased from Northrop Grumman
but also supported by range of vendors and advisers.
Information Security v Cyber Defence
• The Civilian Perspective
• The traditional University Perspective
• The Israeli experience
• A way forward
The Civilian Perspective (expanded from CISSP © BOK)
• Engineering, CS, IS, maths, OR, AI, legal, psychological, political, business or
sociological or other teaching / learning and research approaches that can be
applied to:
• Access Control – a collection of mechanisms that work together to create security
architecture to protect the assets of the information system.
• Telecommunications and Network Security – discusses network structures,
transmission methods, transport formats and security measures used to provide
availability, integrity and confidentiality.
• Information Security Governance and Risk Management – the identification of an
organization’s information assets and the development, documentation and
implementation of policies, standards, procedures and guidelines.
• Software Development Security – refers to the controls that are included within
systems and applications software and the steps used in their development.
• Cryptography – the principles, means and methods of disguising information to
ensure its integrity, confidentiality and authenticity.
The Civilian Perspective (expanded from CISSP © BOK)
Security Architecture and Design – contains the concepts, principles, structures and standards used
to design, implement, monitor, and secure, operating systems, equipment, networks, applications,
and those controls used to enforce various levels of confidentiality, integrity and availability.
Operations Security – used to identify the controls over hardware, media and the operators with
access privileges to any of these resources.
Legal, Regulations, Investigations and Compliance – addresses computer crime laws and
regulations; the investigative measures and techniques which can be used to determine if a crime
has been committed and methods to gather evidence.
Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures
that can be utilized to physically protect an enterprise’s resources and sensitive information.
Information Warfare; Electronic Warfare
Political issues in Cyber Security
Human Factors
Psychology of acceptance of security; Economics of Security
Critical Infrastructure and especially process control systems
IS Security – Human and Business Issues
Cyber Security and Culture
National Security / Cyber Security nexus
Cyber security / Intelligence nexus
Privacy
Traditional University Perspective
• Some BIT degrees with a speciality in IT or NW Security
• Many others teach one or two courses in CS curriculum
• new IEEE ACM curriculum requires this
• Teach theory and formal security models with growing
emphasis on what hackers do and how they do it
• Always an ethical issue
• But most use VMs and Metasploit or equivalent
• Except one or two who teach security throughout the CS
curriculum – Ass Prof Richard Buckland!
Perspective from Israel
• Cyber Defence is totally different to Information Security• http://www.rafael.co.il/Marketing/556-1967-en/Marketing.aspx
UNSW Canberra@ ADFA
• Undergraduate Education
• Postgraduate Education
• Short Courses
• Postgraduate Research
Cyber warrior ?
• “There is an industry-based and social need to teach Information Assurance
in disciplines other than Computer Science or Software Engineering.
• This curriculum can assume no technical prerequisites but does assume
that the student comes from a background which is language rich and
where knowledge will be applied in a social or business and commercial
context.
• This kind of approach would bring a richness to a field which is often
ostrich-like in burying itself away from the social, legal, ethical and political
outcomes of technology development and dependence which is currently
inherent in our IEEE/ ACS/ ACM technically compliant approach.”
Cyber warrior ?
“Law: national and international, Computer, Criminal, and Civil
Social Science: Socio-political issues (privacy, encryption, surveillance),
Activism, Hacktivism, Cyberterrorism and Cyber-warfare, Socio-
psychological impacts of computing
Physical Security
Fundamentals of Cyber-crime
Ethics, Values and Moral Decision Making
Current Issues in Security
Advanced Security Risk Management
This curriculum would be appropriate to industry and to the protection of the
Australian National Infrastructure. “Slay, J 2005, ‘Developing the Cross-Disciplinary Nature of Information Assurance in the Undergraduate Curriculum’, in
Proceedings of the 9th Colloquium for Information Systems Security Education, Atlanta June 7th 2005.
Introduction to Cyber Security
• What is cyber-security?
• The context of the contemporary cyber-security debate
• Laws, Rules and Ethics of Cyber-security
• Cultural Contexts of Cyber-security
• Hard Cases for Cyber-security
• Technical issues
• Social Engineering
• NW Security
And 24 hours per student of practical in a Cyber Range!
Beyond the Undergraduate
• Short courses- taught by the community for the community
• Master of Cyber Security Operations
• For the manager
• Computer Defence
• Risk
• Acquisition
• Master of Cyber Security
• For the IT graduate
• CNO
• Cyber Kill Chain
• Professional Doctorate
• PhD