Dhaka,
Bangladesh,
11.6.2016
Vision on
research, education and valorization for cybersecurity
There is a huge problem based on the introduction of modern deeply
penetrating computer based technologies into society and into personal life of
every individual. The term cybersecurity is just one small but crucial part of controlling
this problem or better to say understanding it. We do not yet understand how
and why these technologies will change our society, we don't even have reliable
definitions of cyber and cyber-related issues. Even among professionals in the
field we don't have complete understanding or a good intuition, I don't like to
mention other involved but deeply ignorant parts of society, from general
population to top decision makers. For some of this issues we can find parallels
in the past, my deep concern is that we are not understanding this processes, maybe
we are even using wrong methods to explore and analyze situation. Some of this
events looks more like biological and medical than technical phenomena, more
like great medieval plaques when we observe behavior and possible impacts on
our society.
For this reasons I believe cybersecurity should be looked on as
something essential for modern society, practically like a role medicine have achieved
today with same organizational approach to the society highly trained and highly
ethical professionals and widespread general knowledge with practice of hygiene,
in this case recently developed cyberhygine. The analogy should be even wider,
we should think about introducing biological and medical ideas and concepts
into our approach to cybersecurity.
In lecturing and research, we should concentrate on the good general IT knowledge
and technical perspective in various technologies, proving students with skills
and ability for fast adopting new knowledge. We should widen the knowledge of students
providing them with social, legal and historical perspective for events and technologies
what is crucial, I believe, for understanding future events and trends. Such
approach is currently painfully missing leaving students without knowledge
about interaction among technology society, history and law.
For example, network security is crucial part of the cybersecurity but
for most of the current networking curriculums, networking is presented as just
set of standards and developments. Networking in a sense of security needs a
holistic description of technology development and its impact on society. In
that context parallels with US DOD approach in solving railway transport
problems during civil war and solving communication problems introducing TCP/IP
in cold war looks very similar with very same effects on society, there are commonalities
even in morphing and developing a new types of crimes. Without such approach
networking especially TCP/IP is just technical issues of set of protocols, not
something opening new social development, a whole new wild west frontier. Providing
such historical, social and legal context to teaching we enable students to grasp
dynamics and get better understanding of current events and future developments.
Applying this approach to cybersecurity we have to provide students not only
with historical context, but with legislative and human context of crime and
law also. As to get better understanding on human element of “cyber” I believe we
can introduce reading fictions authors like Stanislav Lem, Isaac Asimov because
of their intriguing insight.
For IT side we should provide students with IT skills in programming (especially
defensive programming), scripting languages, theory of operating systems, networking,
language theory, digital forensics, system and network administrations and
security, big data handling, artificial intelligence and other relevant IT and
science fields (especially practical mathematical knowledge).
Teaching should include practical work and theory but in a sense that
student should be able to solve problems using scientific methods based on
accepted theoretical knowledge, not just doing repetitive hands-on tasks or being
frozen in theoretical framework. The key quality will be stress on analyzing
problem, understanding it, finding solution and implementing it with evaluation
of results, not just trying tools and raw computing power. Also we should
stress the ethical approach and legal problems in solving complex real
situations. By my observations we should also include more women in
cybersecurity education, not only because of lack of women in cybersecurity but
at least because of qualities of better group work in solving problems.
To achieve this goal there should be adequate technical resources (laboratories,
classrooms, simulators with appropriate tools and equipment), cooperation with
other academia, business, law enforcement locally and internationally. Practical
work can be done in virtual and simulated environments but there should be student
exposure to physical equipment and real working conditions, minimum of 10% of practical
should be with real hardware. Academic research should provide framework and
improve practicals while practical problems and solutions should be based on
theoretically predicted scenarios or conquered real life events. There should
be mandatory involvement of lecturing personnel in practicals and in supporting
of CERT type organization with goal to keep practical skills up to date and
understanding student community. I should suggest rotational approach with 25%
of personnel in lecturing theory, 25% doing practical with students, 25% doing
research, liaison and 25% in other activities. To keep with development practical
should be modified or replaced yearly a good measure will be 30% changed per year,
same for the theoretical part.
No comments:
Post a Comment