Security Training Should Start at the University Level

If universities fail to include cyber security in the control system curriculum, how can we ensure full protection of critical infrastructure?

In the tenth episode of our cyber security awareness video series, “Inside Network Security: Cybercrime, Malware and Today’s Emerging Threats,” returning guest Joe Weiss expresses concern about the minimal amount of cyber security experts versed in the intricate issues specific to control systems. Weiss, Applied Control Solutions’ managing partner, pinpoints the root of the problem to the structure of university curriculums in the video entitled “We Need to be Teaching Security to Engineers”.

Universities typically teach cyber security in computer science programs, but these courses don’t address control systems explicitly. Instead, control theory is taught within engineering departments, untied to best practices for defense. Future industrial control system leaders require a balanced blend of both disciplines.

In his past interviews, Weiss has stressed the need for this overlap between the traditional IT world and the security realm. As the need for control system protection becomes more obvious, he sees IT professionals enter the system management field more often than system domain specialists enhance their existing knowledge with security training.

“Hacking a control system is not difficult, but protecting it is rocket science,” Weiss says, referencing an example from his book, Protecting Industrial Control Systems from Electronic Threats. “You have to not only control the system but not hurt the system.”

How can we incentivize the people who know these systems to get more involved in security? I agree with Weiss that university education is the starting line. Engineering professors should stress the importance of critical infrastructure security and introduce it as a viable career option. By encouraging cross-over course work in the computer science department, offering special seminars and inviting control system security specialists to speak in classrooms, university faculty members can instill a sense of responsibility in students to protect their nation from cyber criminals.

Do you have other ideas? Please share them with us. The full video is now available on our YouTube channel, and don’t forget to check back next week for another episode.