Team for Research in
Ubiquitous Secure Technology

Security, Safety and Privacy – Pervasive Themes for Engineering Education
Sigurd Meldal, Kristen Gates, Russell Smith, Xiao Su

Citation
Sigurd Meldal, Kristen Gates, Russell Smith, Xiao Su. "Security, Safety and Privacy – Pervasive Themes for Engineering Education". ICEE 2008, Geza Varady (ed.), iNEER, July, 2008.

Abstract
Computer trustworthiness continues to increase in importance as a pressing scientific, economic, and so- cial problem. The last decade has seen a rapid increase in computer security attacks at all levels, as more in- dividuals connect to common networks and as motivations and means to conduct sophisticated attacks in- crease. A parallel and accelerating trend has been the rapidly growing integration role of computing and communication in critical infrastructure systems, with complex interdependencies rooted in information technologies [1][12]. The ubiquitous nature of IT technology deployment also has deep consequences for personal privacy and ultimately on individual freedom [6]. These overlapping and interacting trends force us to recognize that trustworthiness of our computer systems is not an IT issue alone; it has a direct and imme- diate impact on the nation's critical infrastructure and on the core values of our society. The interplay (and possible conflicts) of these factors compel us to conclude that an understanding of the policy and security issues of IT deployment is part and parcel of being an educated member of society. Fur- thermore, an understanding of these issues is a necessary requirement for every professional engineer, and in particular for engineers in the IT domains: Trustworthiness is a key concept to be taught in general educa- tion, and in particular in engineering education. Engineering education currently lacks a holistic view of the interplay of security in systems design. Secu- rity appears in engineering curricula (if at all) as add-ons, and discussions of public policy issues are insig- nificant. Creating a new generation of professionals who understand the technology and policy aspects of trustwor- thiness in our critical infrastructure systems is part of the US national agenda and a central objective for TRUST, the NSF Science and Technology Center for Research in Ubiquitous Secure Technology [1]. Based on work done at and with NSF STC TRUST we are adopting a multi-pronged approach to integrat- ing trustworthiness into the general and the engineering education experiences. • In the general education curriculum (which all students have to complete) we have created a course where security and privacy issues serve as a vehicle for the social issues education requirement. • In the engineering core classes we are introducing security as a key design component. • Internships in security organizations are offered to students across the US as part of engineering degrees. • The role of national certification and accreditation standards (such as the NSA CAEIAE certification, ABET EAC and CAC accreditation) are evaluated for curricular adoption and adaption. • National and regional workshops that establish security development communities are organized, and they assist universities in understanding and achieving such standards. Our ultimate goal is to change the current situation and to engage the educational community to work to- wards a broader understanding of systems, security and policy options among future technologists and policy shapers. In this paper we will present three aspects of this strategy: The introduction of security and privacy to the general student population through a general education course, secondly the more technical introduction to security in the context of a network security course, and thirdly, the confirmation of these academic modes through the placement of students into internships in security organizations in Silicon Valley.

Electronic downloads

Citation formats  
  • HTML
    Sigurd Meldal, Kristen Gates, Russell Smith, Xiao Su. <a
    href="http://www.truststc.org/pubs/431.html"
    >Security, Safety and Privacy –  Pervasive Themes
    for Engineering Education</a>, ICEE 2008, Geza Varady
    (ed.), iNEER, July, 2008.
  • Plain text
    Sigurd Meldal, Kristen Gates, Russell Smith, Xiao Su.
    "Security, Safety and Privacy –  Pervasive
    Themes for Engineering Education". ICEE 2008, Geza
    Varady (ed.), iNEER, July, 2008.
  • BibTeX
    @inproceedings{MeldalGatesSmithSu08_SecuritySafetyPrivacyPervasiveThemesForEngineering,
        author = {Sigurd Meldal and Kristen Gates and Russell Smith
                  and Xiao Su},
        title = {Security, Safety and Privacy –  Pervasive Themes
                  for Engineering Education},
        booktitle = {ICEE 2008},
        editor = {Geza Varady},
        organization = {iNEER},
        month = {July},
        year = {2008},
        abstract = {Computer trustworthiness continues to increase in
                  importance as a pressing scientific, economic, and
                  so- cial problem. The last decade has seen a rapid
                  increase in computer security attacks at all
                  levels, as more in- dividuals connect to common
                  networks and as motivations and means to conduct
                  sophisticated attacks in- crease. A parallel and
                  accelerating trend has been the rapidly growing
                  integration role of computing and communication in
                  critical infrastructure systems, with complex
                  interdependencies rooted in information
                  technologies [1][12]. The ubiquitous nature of IT
                  technology deployment also has deep consequences
                  for personal privacy and ultimately on individual
                  freedom [6]. These overlapping and interacting
                  trends force us to recognize that trustworthiness
                  of our computer systems is not an IT issue alone;
                  it has a direct and imme- diate impact on the
                  nation's critical infrastructure and on the core
                  values of our society. The interplay (and possible
                  conflicts) of these factors compel us to conclude
                  that an understanding of the policy and security
                  issues of IT deployment is part and parcel of
                  being an educated member of society. Fur-
                  thermore, an understanding of these issues is a
                  necessary requirement for every professional
                  engineer, and in particular for engineers in the
                  IT domains: Trustworthiness is a key concept to be
                  taught in general educa- tion, and in particular
                  in engineering education. Engineering education
                  currently lacks a holistic view of the interplay
                  of security in systems design. Secu- rity appears
                  in engineering curricula (if at all) as add-ons,
                  and discussions of public policy issues are insig-
                  nificant. Creating a new generation of
                  professionals who understand the technology and
                  policy aspects of trustwor- thiness in our
                  critical infrastructure systems is part of the US
                  national agenda and a central objective for TRUST,
                  the NSF Science and Technology Center for Research
                  in Ubiquitous Secure Technology [1]. Based on work
                  done at and with NSF STC TRUST we are adopting a
                  multi-pronged approach to integrat- ing
                  trustworthiness into the general and the
                  engineering education experiences. • In the
                  general education curriculum (which all students
                  have to complete) we have created a course where
                  security and privacy issues serve as a vehicle for
                  the social issues education requirement. • In
                  the engineering core classes we are introducing
                  security as a key design component. •
                  Internships in security organizations are offered
                  to students across the US as part of engineering
                  degrees. • The role of national certification
                  and accreditation standards (such as the NSA
                  CAEIAE certification, ABET EAC and CAC
                  accreditation) are evaluated for curricular
                  adoption and adaption. • National and regional
                  workshops that establish security development
                  communities are organized, and they assist
                  universities in understanding and achieving such
                  standards. Our ultimate goal is to change the
                  current situation and to engage the educational
                  community to work to- wards a broader
                  understanding of systems, security and policy
                  options among future technologists and policy
                  shapers. In this paper we will present three
                  aspects of this strategy: The introduction of
                  security and privacy to the general student
                  population through a general education course,
                  secondly the more technical introduction to
                  security in the context of a network security
                  course, and thirdly, the confirmation of these
                  academic modes through the placement of students
                  into internships in security organizations in
                  Silicon Valley. },
        URL = {http://www.truststc.org/pubs/431.html}
    }
    

Posted by Sigurd Meldal on 18 Aug 2008.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.