Tackling the Challenges of Securing the Cyber Space

- An academia perspective

1

• Cyber security challenges

• What can the academia do to help?

• The UHCL Cyber Security Institute

• Challenges faced by the academia

• Discussions (Q&A)

5/8/2013 2UHCL-CSI

Challenges of Cyber Security

1. convenience/functionalities/usability vs security - Users want useful and/or fun technology

“The user's going to pick dancing pigs over security every time.” — Bruce Schneier

5/8/2013 3UHCL-CSI

http://threelittlepigsbar-b-q.com

Challenges of Cyber Security

5/8/2013 4UHCL-CSI

2. The Internet has become the primary computing platform.     Standalone apps  Web-based   Cloud computing

Q: What are your most frequently used computer applications these days?

- Gaming ?- Search engines ?- Emailing, Texting- Facebook, LinkedIn, Twitter, …- Amazon, eBay, …- Word processors- Wikipedia, Google maps, …- Google Docs, SkyDrive, Google Drive, Evernote, …- Web browsers (HTTP)

Challenges of Cyber Security

5/8/2013 5UHCL-CSI

3. Astronomical data growth- Facebook processes more 

than 500 TB of data daily (8/22/2012: http://news.cnet.com/)

- Q: How much data are on the Internet?  

The big four online storage & service companies (Google, Microsoft, Amazon, and Facebook) have got 1,200 petabytes (or 1.2 million terabytes)  http://sciencefocus.com/qa/how-many-terabytes-data-are-internet

http://www.space.com/19580-astronomy-mystery-nova-star-explosion.html

Challenges of Cyber Security

5/8/2013 6UHCL-CSI

4. Rich data types

HTML, XHTML, XML,

MP3, MP4, …

MPEG4, AVI, WMV, …

JPEG, GIF, BMP, …

JavaScripts, Java Applets, …

Encrypted data (SSL, IPSec, …)

Challenges of BIG Data

5/8/2013 7UHCL-CSI

• Data science: extracting meaning from data and creating data products

• Business intelligence (BI)

Data scientists

Threat detection ?

Q: How do you discover unknown threats?

Q: Forecasting of threats?

http://en.wikipedia.org/wiki/Data_science

Challenges of Cyber Security

5/8/2013 8UHCL-CSI

4. Evolving technologies

5. New technology may bring new vulnerabilities!

6. Evolving tactics by attackers

BYOD or not BYOD ?

5/8/2013 9UHCL-CSI

• a 5/2012 study: http://www.zdnet.com/

Challenges of Cyber Security

5/8/2013 10UHCL-CSI

7. Ineffective sharing of threats and mitigation info

National Information Exchange Model (NIEM)

- an XML schema for data exchange among federal, state and local governments

- more widespread adoption across federal agencies

- The DoD has adopted the NIEM. (Oct., 2012)

Source: http://www.fiercegovernmentit.com

Presidential Directive & EO• Feb. 12, 2013

- The Presidential Policy Directive on Critical Infrastructure Security and Resilience

- President’s executive order - making the protection of America’s information and data assets a 

priority- information sharing among public and private partners

5/8/2013 UHCL-CSI 11

By mid June, DHS, working with the U.S. attorney general and the director of National Intelligence, will create a roadmap that will help with the timely production and release of unclassified cyber threat reports, including those aimed at specific industrial sectors. (http://www.securityinfowatch.com/)

Challenges of Cyber Security

5/8/2013 12UHCL-CSI

8. Insufficient cyber security workers- A zero-unemployment job market?

Alan PallerSANS(2011)

https://files.sans.org/

Challenges of Cyber Security

5/8/2013 13UHCL-CSI

• SANS Four Quadrants of Security Skills (2011)

Challenges of Cyber Security

5/8/2013 14UHCL-CSI

• SANS Four Quadrants of Security Skills

• Cyber security challengesWhat can the academia do to help?

• The UHCL Cyber Security Institute

• Challenges faced by the academia

• Discussions (Q&A)

5/8/2013 15UHCL-CSI

The academia can help …

5/8/2013 16UHCL-CSI

• Fill the gap between the demand and the supply of talents- Cyber security certificate programs- Degree programs

• Research and development on ‘cyber science’

• Knowledge dissemination- Forums, seminars, web portals

• Cultivate the next generation of cyber workers/warriors- Summer camps, competitions, …

The Texas Cybersecurity Education and Economic Development Council (TCEEDC)

• Cyber security challenges

• What can the academia do to help?The UHCL Cyber Security Institute

• Challenges faced by the academia

• Discussions (Q&A)

5/8/2013 18UHCL-CSI

Cyber Security Collaboration Model Strategy: 

Accelerate Bay Area Houston’s cyber security industry by leveraging the synergy created through the collaborative efforts of the community, academia, local and state government, DoD, Federal protection agencies, and regional business sectors. 

19May 8, 2013 UHCL CSI

 operations Collaborative R&D Education Corporate & Community Services

Research projects 

Original research by-  CSI faculty-  postdoc researchers-  graduate research assistants

Collaborative research with-  JSC researchers-  high tech companies’

researchers-  faculty in other colleges

Research results are integrated into the UHCL curricula.

Research findings & experiences are published and shared with the community

Research and development contracts with government agencies and business organizations

20

Knowledge acquisition & transfer 

Repository of cybersecurity research results

Continually updated cybersecurity knowledge base

-     New vulnerabilities-     New protection technologies-     Reviews of vendors and tools

Advancement of cybersecurity research and development are integrated into class teaching.

Up-to-date knowledge is transferred to start-up companies and cybersecurity professionals via collaborations and/or consulting.

Knowledge sharing 

Research publications and presentations

Online sharing of papers and project experiences

On-site research seminars On-site research workshops

and/or conferences

Supporting UHCL’s computer science, engineering and other programs with respect to cybersecurity knowledge and technologies

Certified cybersecurity curriculum by NSA, NIST, etc.

Raising user and community awareness of cybersecurity by offering free seminars

Summer camps for high schoolers

Summer research experience for college students

May 8, 2013 UHCL CSI

21May 8, 2013 UHCL CSI

The Cyber Security Collaboration Forum (4/4/2013, Gilruth Center)

5/8/2013 UHCL-CSI 22

5/8/2013 23UHCL-CSI

• Cyber security challenges

• What can the academia do to help?

• The UHCL Cyber Security InstituteChallenges faced by the academia

• Discussions (Q&A)

5/8/2013 24UHCL-CSI

Challenges faced by Academia

5/8/2013 25UHCL-CSI

Q: Why aren’t there more cyber security courses and programs in colleges and universities?

• Saturated CS and IT curricula

• Insufficient cyber security specialists

• Administration’s support

• Lack of funding … - Labs- Faculty development, hiring- Program development

Conclusion

5/8/2013 26UHCL-CSI

• Securing the cyber space presents major challenges.

• Effectively facing the challenges require not only innovations, but also collaborations among all communities (government, military, intelligence, legal, law enforcement, industries, academia, and the general public).

• Colleges and universities play a central part in the solution (workforce development, R&D, services).

• A non-profit research and education institute situated in a university can become an integrating and sharing platform for cyber security solutions.

27

• Discussions (Q&A)

5/8/2013 28UHCL-CSI