Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Tackling the Challenges of Securing the Cyber Space

advertisement 
Tackling the Challenges of
Securing the Cyber Space
- An academia perspective
Andrew Yang, Ph.D.
Associate Professor of CS, CIS, IT
Cyber Security Institute
1
•
•
•
•
•
Cyber security challenges
What can the academia do to help?
The UHCL Cyber Security Institute
Challenges faced by the academia
Discussions (Q&A)
5/8/2013
UHCL-CSI
2
Challenges of Cyber Security
1. convenience/functionalities/usability vs
security - Users want useful and/or fun technology
http://threelittlepigsbar-b-q.com
“The user's going to pick dancing pigs over security
every time.” — Bruce Schneier
5/8/2013
UHCL-CSI
3
Challenges of Cyber Security
2. The Internet has become the primary computing
platform. Standalone apps  Web-based  Cloud computing
Q: What are your most frequently used computer
applications these days?
- Gaming ?
- Search engines ?
- Emailing, Texting
- Facebook, LinkedIn, Twitter, …
- Amazon, eBay, …
- Word processors
- Wikipedia, Google maps, …
- Google Docs, SkyDrive, Google Drive, Evernote, …
- Web browsers (HTTP)
5/8/2013
UHCL-CSI
4
Challenges of Cyber Security
3. Astronomical data growth
-
Facebook processes more
than 500 TB of data daily
(8/22/2012: http://news.cnet.com/)
-
Q: How much data are on
the Internet?
The big four online storage & service
companies (Google, Microsoft,
Amazon, and Facebook) have got
1,200 petabytes (or 1.2 million
terabytes) http://sciencefocus.com/qa/howmany-terabytes-data-are-internet
5/8/2013
UHCL-CSI
http://www.space.com/19580-astronomy-mysterynova-star-explosion.html
5
Challenges of Cyber Security
4. Rich data types
HTML, XHTML, XML,
MP3, MP4, …
MPEG4, AVI, WMV, …
JPEG, GIF, BMP, …
JavaScripts, Java Applets, …
Encrypted data (SSL, IPSec, …)
5/8/2013
UHCL-CSI
6
Challenges of BIG Data
•
Data science:
extracting meaning
from data and creating
data products
•
Business intelligence
(BI)
 Data scientists
 Threat detection ?
http://en.wikipedia.org/wiki/Data_science
Q: How do you discover
unknown threats?
Q: Forecasting of threats?
5/8/2013
UHCL-CSI
7
Challenges of Cyber Security
4. Evolving technologies
5. New technology may bring
new vulnerabilities!
6. Evolving tactics by attackers
5/8/2013
UHCL-CSI
8
BYOD or not BYOD ?
•
5/8/2013
a 5/2012 study: http://www.zdnet.com/
UHCL-CSI
9
Challenges of Cyber Security
7. Ineffective sharing of threats and mitigation info
National Information Exchange Model
(NIEM)
an XML schema for data exchange
among federal, state and local
governments
more widespread adoption across
federal agencies
-
The DoD has adopted the NIEM. (Oct.,
2012)
Source: http://www.fiercegovernmentit.com
5/8/2013
UHCL-CSI
10
Presidential Directive & EO
• Feb. 12, 2013
- The Presidential Policy Directive on Critical Infrastructure
Security and Resilience
- President’s executive order
- making the protection of America’s information and data assets a
priority
- information sharing among public and private partners
By mid June, DHS, working with the U.S. attorney general and the
director of National Intelligence, will create a roadmap that will help
with the timely production and release of unclassified cyber threat
reports, including those aimed at specific industrial sectors.
(http://www.securityinfowatch.com/)
5/8/2013
UHCL-CSI
11
Challenges of Cyber Security
8. Insufficient cyber security workers
-
A zero-unemployment job market?
Alan Paller
SANS
(2011)
https://files.sans.org/
5/8/2013
UHCL-CSI
12
Challenges of Cyber Security
•
SANS Four Quadrants of Security Skills (2011)
5/8/2013
UHCL-CSI
13
Challenges of Cyber Security
•
SANS Four Quadrants of Security Skills
5/8/2013
UHCL-CSI
14
• Cyber security challenges
What can the academia do to help?
• The UHCL Cyber Security Institute
• Challenges faced by the academia
• Discussions (Q&A)
5/8/2013
UHCL-CSI
15
The academia can help …
•
Fill the gap between the demand
and the supply of talents
-
•
Cyber security certificate programs
Degree programs
Research and development on
‘cyber science’
•
Knowledge dissemination
-
•
Cultivate the next generation of
cyber workers/warriors
-
5/8/2013
Forums, seminars, web portals
Summer camps, competitions, …
UHCL-CSI
16
The Texas Cybersecurity Education and Economic Development Council (TCEEDC)
• Cyber security challenges
• What can the academia do to help?
The UHCL Cyber Security Institute
• Challenges faced by the academia
• Discussions (Q&A)
5/8/2013
UHCL-CSI
18
Cyber Security Collaboration Model
Strategy:
Accelerate Bay Area Houston’s cyber security industry by leveraging the synergy
created through the collaborative efforts of the community, academia, local and
state government, DoD, Federal protection agencies, and regional business sectors.
May 8, 2013
UHCL CSI
19
operations
Research
projects
Collaborative R&D
Original research by
- CSI faculty
- postdoc researchers
- graduate research assistants
Education
Corporate &
Community Services
 Research results are
 Research findings &
integrated into the UHCL
experiences are published and
curricula.
shared with the community
 Research and development
contracts with government
agencies and business
organizations
Collaborative research with
- JSC researchers
- high tech companies’
researchers
- faculty in other colleges
Knowledge  Repository of cybersecurity
 Advancement of
acquisition
research results
cybersecurity research
& transfer  Continually updated
and development are
cybersecurity knowledge base
integrated into class
- New vulnerabilities
teaching.
- New protection technologies
- Reviews of vendors and tools
 Up-to-date knowledge is
transferred to start-up
companies and cybersecurity
professionals via
collaborations and/or
consulting.
Knowledge  Research publications and
sharing
presentations
 Online sharing of papers and
project experiences
 On-site research seminars
 On-site research workshops
and/or conferences
 Raising user and community
awareness of cybersecurity
by offering free seminars
 Summer camps for high
schoolers
 Summer research experience
for college students
May 8, 2013
 Supporting UHCL’s
computer science,
engineering and other
programs with respect to
cybersecurity knowledge
and technologies
 Certified cybersecurity
curriculum by NSA,
NIST,
UHCL CSI
etc.
20
May 8, 2013
UHCL CSI
21
The Cyber Security Collaboration Forum
(4/4/2013, Gilruth Center)
5/8/2013
UHCL-CSI
22
Space Systems Protection in Cyber Risk Environment
The U.S. aerospace industry and civil/commercial space operations
community exists in an increasingly contested environment. New challenges
from the cyber front to U.S. economic and technical superiority as well as
critical mission and infrastructure capability are emerging daily. NASA is
moving to address these new challenges by adapting and applying timetested system engineering methods and philosophies to the new domains of
cyber risk assessment, cyber-defense and their element in space systems
mission assurance. This presentation will discuss the new environment in
which the U.S. aerospace sector must operate, some of the methods NASA
has used to adapt, and some lessons learned and future opportunities.
Jason A. Soloff
Lead, Systems Security Engineering
Human Exploration & Operations Mission
NASA/JSC
5/8/2013
UHCL-CSI
23
• Cyber security challenges
• What can the academia do to help?
• The UHCL Cyber Security Institute
Challenges faced by the academia
• Discussions (Q&A)
5/8/2013
UHCL-CSI
24
Challenges faced by Academia
Q: Why aren’t there more cyber security courses and
programs in colleges and universities?
•
Saturated CS and IT curricula
•
Insufficient cyber security specialists
•
Administration’s support
•
Lack of funding …
- Labs
- Faculty development, hiring
- Program development
5/8/2013
UHCL-CSI
25
Conclusion
•
Securing the cyber space presents major challenges.
•
Effectively facing the challenges require not only
innovations, but also collaborations among all
communities (government, military, intelligence,
legal, law enforcement, industries, academia, and
the general public).
•
Colleges and universities play a central part in the
solution (workforce development, R&D, services).
•
A non-profit research and education institute
situated in a university can become an integrating
and sharing platform for cyber security solutions.
5/8/2013
UHCL-CSI
26
27
• Discussions (Q&A)
5/8/2013
UHCL-CSI
28
Related documents
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
solving national security challenges with information technology by
solving national security challenges with information technology by
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Internet SafetyK5
Internet SafetyK5
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
Joining the Cybersecurity Revolution: What it means, where the jobs
Joining the Cybersecurity Revolution: What it means, where the jobs
RADM Day (USCG Cyber) - Feb 2013
RADM Day (USCG Cyber) - Feb 2013
Download
advertisement