Development of an Engaged Teaching and

Research Agenda in Cyber Security

Professor Jill Slay

Australian Centre for Cyber Security

Agenda

• This presentation will focus on the development of

teaching and research in Cyber Security.

• It will discuss the way in which short courses and

undergraduate and postgraduate courses and programs

have quickly been organised around existing skills gaps

at UNSW's Australian Centre for Cyber Security. .

• It will also focus on current and expected research

initiatives in this broad field and the national benefits that

can be realised from such a centre.

Questions

1. Where did our current Cyber Security curricula originate?

2. How do we define a Cyber security professional?

3. How do we decide on what is in the curriculum?

4. What might engaged research in Cyber Security look

like?

Following 4 slides and thoughts credited to my mentor :Professor COREY SCHOU

Informatics Research Institute, Idaho State University, Box 4043, Pocatello, Idaho

Schocore@isu.edu

ACM Inroads Volume 6 Issue 2, June 2015

Pages 64-69

Where did Cyber Security originate

• In 1970, the Defense Science Board Report on Security

Controls for Computer Systems predicted that:

– [t]he issue of providing security controls in computer systems will

transcend the Department of Defense. Furthermore, the

computing industry will eventually have to supply computers and

systems with appropriate safeguards.

• This foreshadowed emerging security needs of the

information industry.

Historically – Cyber Security moved to Computer Science

Domain

• In 1980’s, Institute for Defense Analyses developed

curricular materials for computer science.

• The modules included introduction to information

protection, operating systems security, network security,

database security, formal specification and verification,

and risk analysis. Later they added security literacy, law

and legislation, policy, and control systems.

Historically – then DoD customised it!

• In 1986, Assistant Secretary of Defense (C3I) Donald

Latham proposed a model that both simplified and

complicated life.

• He added the historical context going back to

transmissions security, communications security and

computer security and adding non-engineering

dimensions such as physical and personnel security.

Historically – Schou’s reflections

• “So much for a simple model based on engineering principles.

• I learned that models beget models. In our case, Latham begat Todd

and Guitian which begat McCumber, which begat Common Body of

Knowledge (CBK), which begat NIST 800-16 [17], which begat the

Committee on National Security Systems (CNSS), which begat the

Maconachy, Schou and Ragsdale [MSR] model used by ACM as

part of their model curriculum which begat IGS …Essential Body of

Knowledge (EBK) …National Initiative for Cybersecurity Education

(NICE)]… and so the beat goes on;

• It continues unto the present day. Some of the descendants of the

early work are broad while others are deep; the only certainty is that

there is little agreement. So, whose list do we choose to ensure a

viable education model? Frankly, we need not choose—we need

them all; we need breadth and selected depth”.

Does Cyber Security belong to Computer Science?

• “There is an industry-based and social need to teach Information

Assurance in disciplines other than Computer Science or Software

Engineering.

• This curriculum can assume no technical prerequisites but does

assume that the student comes from a background which is

language rich and where knowledge will be applied in a social or

business and commercial context.

• This kind of approach would bring a richness to a field which is

often ostrich-like in burying itself away from the social, legal, ethical

and political outcomes of technology development and dependence

which is currently inherent in our IEEE/ ACS/ ACM technically

compliant approach.”

Does Cyber Security belong to Computer Science?

“Law: national and international, Computer, Criminal, and Civil

Social Science: Socio-political issues (privacy, encryption,

surveillance), Activism, Hacktivism, Cyberterrorism and Cyber-

warfare, Socio-psychological impacts of computing

Physical Security

Fundamentals of Cyber-crime

Ethics, Values and Moral Decision Making

Current Issues in Security

Advanced Security Risk Management”

This curriculum would be appropriate to industry and to the protection

of the Australian National Infrastructure. “Slay, J 2005, ‘Developing the Cross-Disciplinary Nature of Information Assurance in the Undergraduate Curriculum’, in

Proceedings of the 9th Colloquium for Information Systems Security Education, Atlanta June 7th 2005.

Cyber Security Curriculum– breadth and depth• Engineering, CS, IS, maths, OR, AI, legal, psychological, political,

business or sociological or other teaching / learning and research

approaches that can be applied to:

• Access Control – a collection of mechanisms that work together to create

security architecture to protect the assets of the information system.

• Telecommunications and Network Security – discusses network

structures, transmission methods, transport formats and security measures

used to provide availability, integrity and confidentiality.

• Information Security Governance and Risk Management – the

identification of an organization’s information assets and the development,

documentation and implementation of policies, standards, procedures and

guidelines.

• Software Development Security – refers to the controls that are included

within systems and applications software and the steps used in their

development.

• Cryptography – the principles, means and methods of disguising

information to ensure its integrity, confidentiality and authenticity.

Cyber Security CurriculumSecurity Architecture and Design –concepts, principles, structures and

standards used to design, implement, monitor, and secure system.

Operations Security – used to identify the controls over hardware, media and

the operators with access privileges to any of these resources.

Legal, Regulations, Investigations and Compliance – addresses computer

crime laws and regulations; the investigative measures and techniques.

Physical (Environmental) Security – addresses the threats, vulnerabilities

and countermeasures that can be utilized to physically protect an

enterprise’s resources and sensitive information.

Information Warfare; Electronic Warfare;

Political issues in Cyber Security; Strategy and Diplomacy;

Human Factors; Psychology of acceptance of security;

Economics of Security; National Security / Cyber Security nexus

Cyber security / Intelligence nexus

Privacy

UNSW Canberra@ ADFA

• Undergraduate Education

• Postgraduate Education

• Short Courses

• Postgraduate Research

ZINT 2100

• An undergraduate course for all students at UNSW Canberra

(ADFA) – 150 per semester

• Cross-disciplinary providing breadth

Humanities – 12 hours

• Understanding Cyber-security Policy

• Cyber-security, National Security and International Security: The

Threat and the Policy Challenge

• Law, Strategy and Cyber-security

• Ethics of Cyber-security

• International cyber-security case study – China

• Domestic policy considerations

ZINT 2100

IT – 12 hours plus 16 hours practical in Cyber Range

• Threats in Cyberspace

• Defence Concepts

• Computer Network Basics

• Cryptography Basics

• Attack / Pen Test Tools

• Attack / Pen Test Lifecycle

• Preparing a Defence and Monitoring

• Responding to an attack and learning lessons

• Wireless

• Industrial Control Systems

• Case Studies and Review

Postgraduate Coursework

• Designed to bridge skills gap but also to provide academic rigour at

Masters level

• Developed to take part of skills burden from employers

• Assumes student already has some breadth of underpinning

undergraduate education or equivalent experience

• Assumes student knowledge is not balanced – some lack practical

skills but have well-developed theoretical foundations & vice versa

Masters Degree in Cybersecurity

Core Courses

ZEIT8020 - Computer Network Operations

ZEIT8025 – Reverse Engineering of Malware

ZEIT8021 - Information Assurance and Security (CISSP)

ZEIT8026 - Network Security Operations

Elective Courses

ZEIT8024 - Software Security Lifecycle (CSSLP)

ZEIT8027 -Critical Infrastructure and Control System Security

ZEIT8028 - Computer Forensics (CCFP *)

ZEIT8029 - Network Mobile and Device Forensics (CCFP *)

Masters Cyber Security Operations

Core Courses

ZEIT8017 – Cyber Crime and Cyber Security

ZEIT8018 - Cyber Defence: Governance, Management and Acquisition

ZEIT8138 - Making Decisions with Risk

ZEIT8032 - Information Assurance Principles

Elective Courses

LAWS 8030- Cybercrime, Security and Digital Law Enforcement

ZEIT8115 - Information Operations

ZEIT 8226 Systems Engineering Practice

ZEIT8136 Software Project Management

ZEIT8302 Project Administration

ZEIT8303 Project Mgmt Body of Knowledge

ZEIT8230 Requirements Eng

ZEIT8403 Capability Option Analysis

Masters Cyber Security, Strategy and Diplomacy

Core Courses: Students must take 24 UOC of the following courses.

ZEIT8032 - Information Assurance Principles

ZHSS8441 - Cyber Security and World Politics

ZHSS8455 - Australian Cyber Diplomacy

ZHSS8457 - Cyber Security in Asia

Masters Cyber Security, Strategy and Diplomacy

MORE ELECTIVES (HASS) TECHNICAL ELECTIVES (ACCS)

ZHSS8430 - China's Security Policy and Military

Modernisation (6 UOC)

ZHSS8431 - Comparative Defence Planning (6

UOC)

ZHSS8435 - Contemporary Strategy (6 UOC)

ZHSS8438 - The Justice of War: States, Self-

Defence, & Force (6 UOC)

ZHSS8439 - Reforming Repressive Regimes (6

UOC)

ZHSS8440 - Delinquent Organisations in World

Politics (6 UOC)

ZHSS8442 - Conflict Transformation (6 UOC)

ZHSS8456 - Australian Cyber Forces (6 UOC)

(Proposed May 2015)

ZHSS8458 - Cyber Policy in China (6 UOC)

(Proposed May 2015)

ZHSS8400 - Research Project: Politics Single

Session (12 UOC)

ZHSS8401 - Research Project - Politics Full

Year (6 UOC)

ZEIT8015 - Cyber Operations (6 UOC)

ZEIT8017 - Cyber Crime and Cyber Security (6

UOC)

ZEIT8018 - Cyber Defence: Governance,

Management and Acquisition (6 UOC)

ZEIT8019 - Intrusion Analysis and Response (6

UOC)

ZEIT8020 - Computer Network Operations (6

UOC)

ZEIT8024 - Software Security Lifecycle (6 UOC)

ZEIT8025 - Application and Software Security and

Forensics (6 UOC)

ZEIT8026 - Network Security Policy Management

(6 UOC)

ZEIT8027 - Critical Infrastructure and Control

System Security (6 UOC)

ZEIT8028 - Computer Forensics (6 UOC)

ZEIT8029 - Network and Mobile Device Forensics

(6 UOC)

Short coursesShort courses are intense, practical and deep – taught by industry

experts. Technical content is ‘scaffolded’.

• Identifying vulnerabilities through protocol “FUZZING” and Static

Binary Analysis And Crash Test Party 2 days

• Cyber Law Seminars 4 days

• Cyber Adversary Tradecraft 4 days

The increasing awareness in the public domain of cyberspace threats is

causing nearly all government agencies to include cyber as part of their

strategic agenda. This course is aimed at government personnel who are

involved with contributing to government cyber strategy, policy or

operations. Delegates will develop a detailed understanding of the

processes, tactics and tools used by a cyber-adversary in exploiting

computer networks to fulfill an information requirement.

• Intranet Network Security

In this workshop participants will examine the Netflow protocol in detail and

learn how this is used to aggregate Internet traffic into flow records which can

then be examined, visualised and stored to both monitor and manage a

network and to also forensically identify malicious activity and potential threats.

Students develop and manage a botnet as part of the exercise.

• Security Boot camp

This is a 101 IT security course designed to teach you about IT security issues,

looking at the types of attacks that are happening at the moment, how they

work and how to protect yourself and your organisation against them. This

course culminates in some basic Red (hacker) Vs Blue (defender) scenarios

using specifically design cyber labs and the cyber range at UNSW Canberra.

• Wireless Security 2 days

This technical course looks at security issues of a broad range of wireless devices from

wireless computers, mobile phones as well as other devices. This course has an in-

depth look at types of protocols, various discovery and attack techniques.

• Introduction to Pen Testing 5 days

This course looks at the OWASP and OSTINT content. This course will provide an

introduction to Penetration Testing and work through the differences between

Vulnerability Assessments and actual Penetration Tests. The course will take the students

into the world of the attackers and the lengths they will go to gain a foothold in the

networks of their victims.

• Intrusion Analysis and Response 4 days

This workshop gives a law enforcement perspective on methods of attacking and

defending a network. It looks at the underlying issues in secure information

infrastructures including servers, networks, firewalls, workstations, and intrusion

detection systems. The course will explore the attackers’ mindsets and methods, and

work through the different ways of protecting the estate. The course will cover keystone

technologies required in an effective security defence solution including an introduction to

usable and effective policies that staff will follow and not be encouraged to work around.

Research Publications

• The 52 UNSW staff associated with the Australian Centre for Cyber

Security are committed to inter-disciplinary study of the field.

• They represent a wide number of “home” disciplines (science,

engineering, information technology, law, politics, geography, and

international relations).

• All work in some way on cyber-related issues.

• A review of their publications reflects those most closely focused on

cyber-related themes published in 2014, the year ACCS was

launched, or since

• 5 books,

• 265 articles,

• 7 submissions and reports.

Research Topics

• Acoustics

• Aerodynamics and engine performance

• Air traffic control

• Algorithm development

• Anomaly detection

• Australian policy and law

• Authentication and identity

• Autonomous vehicles

• Biometrics

• Brain-machine interaction

• China cyber

• Chip design

• Computer games

• Corporate ethics

• Critical infrastructure protection

• Crowd sourcing

• Cyber attack

• Cyber emergency response

• Cybernetics

• Data sovereignty

• Data summarization and aggregation

• Digital skills

• Diplomacy for cyber security

• Disruptive systems

• Drones and privacy

• eGovernment

• Environmental planning

• eVotingFingerprinting

• Forensics and law enforcement

• Free access data

• Geographic visualisation

• GPS

• Green energy

• Highly secure computing

• Home networks in the cloud

• Industrial control systems

Research Topics

• International law and governance

• Internet freedom and censorship

• Intrusion detection

• Law enforcement

• Logistics

• Malware removal

• Media law

• Medical informatics

• Mineralogy

• Mobile computing

• Mobile video applications

• Mobile video streaming

• Naval design

• Network analysis for social capital

• Network traffic management

• Outer Space

• Piracy

• Privacy technologies and policies

• Pure mathematics

• Red-teaming

• Remote sensing

• Risk management

• SCADA

• Sea states

• Secure data collection

• Security in civil nuclear power

• Security in the cloud

• Smart grids

• Social media and revolution

• Social media in emergency response

• Trust

• User/machine interface

• Wearable computing

• Wi-fi security

Conclusion

• Cyber Security is necessarily cross-disciplinary

• A Cyber Security Professional has both broad and deep knowledge

• Curriculum has to develop breadth and depth and is always evolving

– computer scientists are not necessarily the best people to do this

• Research topics are broad and any research question can be

tackled from a variety of research perspectives and use contrasting

methodologies

• Curriculum and research need to evolve with the changing nature of

the threat