By Laurie Williams
According to a recent IBM Tech Trends report, both educators and students view security as extremely important. In fact, 56 percent of students and 44 percent of educators ranked it as one of the top three issues the IT industry will face over the next two years. In addition, a UK government report said that it may take 20 years to address the current cybersecurity skills gaps.
To help try and change that, North CarolinaStateUniversity is partnering with IBM to help better prepare the next generation of engineers with a secure-by-design focus and curriculum.
Why dedicate so many resources to building cybersecurity skills? The world operates with interconnected systems and as technology progresses these systems will only proliferate. The linchpin to success in securing these systems is in the design stage – not at the end of the process.
At North Carolina State University, my students are focusing on healthcare systems, specifically building and analyzing electronic medical record applications. The students leverage IBM AppScan to test these applications for potential vulnerabilities. Critical cyber systems must inspire trust and confidence. They must predictably protect the integrity of data and resources as well as the privacy of data owners, and perform securely, safely, and reliably.
Earlier this year, I had the opportunity to collaborate with IBM researchers to identify common themes and pinpoint some of the major challenges academic institutions are facing in relation to building next generation cybersecurity skills. Four common trends were identified:
1.) Information security is increasing in relevance. No longer just a highly-specialized area, information security impacts people every day. It has become personal in an interconnected world that’s reliant upon smart phones, social media, e-commerce and cloud services. In other words, information security impacts us every day.
2.) Increasing attention and demand from students, private industry and government agencies. More and more industries, from banks and financial services companies to aerospace and defense firms, as well as healthcare providers, are seeking graduates with specialized security skills. Training an expert cybersecurity workforce is now a national priority for many countries.
3.) The field of cybersecurity has significantly expanded with more domains to secure and more ways to attack. This means more to teach and to learn. Today, attacks are extremely hard to detect; attackers are stealthier and more evasive. In response, academic programs are expanding beyond traditional areas like cryptography and countering sniffing and denial of service attacks. Cybersecurity education now covers new areas like cyber-physical attacks, the protection of heterogeneous systems and real-time security data analysis.
4.) Academic programs are evolving from teaching purely the principles and theory of security to focus more on the practices. This is largely driven by the demands of industry and governments, as well as by students who want to focus more on real-world problems and practical challenges.
While these may be the four common themes we identified, in reality it will take all of us to create a more secure future.
Laurie Williams is a Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Her research focuses on software security particularly in relation to healthcare IT; agile software development practices and processes; software reliability, software testing and analysis; open source software development; and broadening participation and increasing retention in computer science. Laurie has more than 170 refereed publications.
Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University. She worked for IBM Corporation for nine years in Raleigh, NC and Research Triangle Park, NC before returning to academia.