A place to exchange ideas and perspectives, promoting a thriving innovation economy through public policy
645 Discussions

In search of the best way to train future security experts: notes from the 2014 Intel Developers Forum (IDF ’14)

0 0 106
By Claire Vishik, Intel's Trust & Security Technology & Policy Director, and Scott Buck, Intel's University Program Manager

IDF’14 was about future technologies – powerful computing devices, Internet of Things and mobiles, and how computing is going to affect everyday lives of people around the globe. How we can build sophisticated technologies to allow people to do things differently, more efficiently, more seamlessly, and in a collaborative manner.

In order to ensure adoption of these new technologies, a lot of ground needs to be covered, Standards need to be defined to ensure interoperability; and the new generation of devices and systems have to be designed with security and privacy thought through. But the concepts behind security and privacy become increasingly complex as the computing environment evolves and new interconnected use cases emerge. A security and privacy professional of the future has to understand a lot of subjects and problems, many of them dynamic. A security and privacy technologist needs to be able to make sense of the evolving threat landscape, elements of cryptography, hardware and software architectures, network protocols, fundamentals of economics, international regulatory requirements and legal frameworks, and other elements of the big picture, including usability and threat landscape.

One of the sessions at IDF ’14 was dedicated to the discussion of these issues in light of developing innovative security curricula to help fill the gaps in today’s higher education. Intel’s observation is that many technologists -- even world class engineers -- are unprepared to think about and deal with complex security issues raised as they develop solutions. They do not know how to systematically address these problems or assess their importance in context. Because of this, we hypothesize that security and privacy curricula need to be developed in a multi-disciplinary framework that puts security features in the context in which they will be used. 

Security curriculum session

The IDF session 'Academia and Security Curriculum - A Need for Future Developers’ brought representatives from industry, government and academia together to discuss different approaches of integrating elements of a security for all levels of higher education to support the computing curriculum continuum. The panel highlighted approaches for stimulating the academic community to develop and share security and privacy content addressing the learning needs of students by providing the foundation for skills they will need in their work.

We believe that security needs to become a concept that every engineer considers when working on system design. With a solid multidisciplinary background in security and privacy, best practices such as Designed-in-Security (DIS) and Privacy by Design (PbD) can become a true foundation of technology development processes in all areas.

Intel’s Approach

The goal of Intel’s University Security Curriculum Initiative is to develop a pipeline of students who understand security and privacy challenges. Working with key faculty, Intel seeks to identify opportunities to develop modules or complete university level courses that will provide benefits to the academic community and be included in diverse course syllabi. Through these efforts, Intel provides motivation to encourage a culture of faculty collaboration to embrace the incorporation and dissemination of security content.

The initial focus of this program is to stimulate the undergraduate education which Intel believes requires a multi-faceted approach. First, the program seeds the development of security content to build a repository of the elements of security curriculum which it hosts on its Security website. Second, the program looks at different delivery vehicles to disseminate the awareness of security concepts through books, games, contests and videos. The program hosts workshops to bring together faculty, industry and government agencies that foster a security curriculum community in order to share course materials and labs which provide those hands-on experiences and inspire students to adapt their learning to an ever changing world. Finally, we collaborate with industry partners to understand the demand in the cybersecurity market through our partnership with fellow industry partners. A block diagram of this process flow can be found in the figure below.

Claire image

Repository of Course Modules

The security curriculum elements for this program are bucketed into three dimensions: vulnerability analysis – identify what system threats exist; mitigations – identify how to defend against the identified threats; and validation – verify that the mitigations address the threats identified. In security, most students have some knowledge about mitigations, but typically know little about threat modeling or validating mitigations against a threat model. The program seeks to address these findings by supporting curriculum that will improve students understanding of these elements.   Using this approach the program has sought out and continues to identify faculty in the US, Europe, and Asia that provide content in these areas.

The privacy curriculum program is using a similar approach with the emphasis of the multidisciplinary nature of the subject. Launched this year, the program aims to extend and complement the security curriculum initiative. The privacy initiative will seek to engage universities in the area of multidisciplinary privacy education. The mission is to prepare students to understand multidisciplinary privacy challenges, enable them to help create privacy aware technologies and a privacy-friendly ecosystem. To meet the scope of this mission, the program is sponsoring faculty teams (e.g. a technologists, economists, and policy professionals) that can leverage each of their respective strengths to develop comprehensive content.

Today, the repository of curriculum modules on the Security website includes 24 links to curriculum content that has been sponsored by Intel along with three content videos on: Trusted Computing, Privacy Policy & Regulations, and Economics of Privacy. The security repository continues to grow with new content being added monthly.

There is a growing movement worldwide to invest in cybersecurity and privacy education, to collect and share information about available undergraduate and graduate programs in this field and to develop mechanisms to share the elements of the curriculum. Intel is one of the early supporters of this movement.

About the Author
Global Government and Manufacturing Communications for Intel