The clear majority of today's car accidents are caused by human error. They are preventable. Whether it is running a stop sign or failing to stay in their lane, most accidents could have been avoided. Very rarely do accidents occur due to hardware failure in the vehicle. Long ago, we learned to create cars where the wheels typically do not fall off while driving leading to a catastrophic accident. Cybersecurity is much the same. Nearly all vulnerabilities are due to human error, by either the user or the developer, and could have been prevented. We've long ago created practices and technologies that should prevent nearly every vulnerability. So why do they still occur? Why are cyberattacks still a regular topic on the nightly news?

It starts with including this important topic in the curriculum, by showing students that security is by and for everyone, and shouldn't be left to the "experts." Nearly every instructor will tell you that security is an important topic, but only one out of the top 36 Computer Science programs in the US require a course in cybersecurity [1]. So why are we so behind the times? Why are we not achieving this quintessential objective of the creation of software systems? Will it take a cyberattack that cripples our nation's infrastructure? Will it take World War III (The Cyber War).

It is no secret that industry highly values not only trained cybersecurity experts, but even those who are at least somewhat reasonably well-versed in the topic of cybersecurity.

As a Senior Security Consultant at Synopsys, author Richards indicates that since developers at major software development companies and other firms are required to follow security guidelines when developing software, students who can demonstrate the basic concepts of cybersecurity will have an advantage over their peers as security is increasingly being integrated into industry job roles.

Instructors need to finally take it upon themselves to include more cybersecurity courses in their curriculum. Secure systems need trained developers and maintainers that not only understand how to create these secure systems, but truly understand their importance. It all begins with education and awareness. Secure systems are no accident.

Daniel E. Krutz and Thomas Richards

References

1. CloudPassage Study Finds U.S. Universities Failing in Cybersecurity Education; https://www.cloudpassage.com/company/press-releases/cloudpassage-study-finds-u-s-universities-failing-cybersecurity-education/. Accessed 2017 August 9

Authors

Daniel E. Krutz
GOL-70-1575, Department of Software Engineering
Rochester Institute of Technology, Rochester, NY 14623
[email protected]

Thomas Richards
21351 Ridgetop Circle
Suite 400, Dulles, VA
[email protected]

Copyright held by authors

The Digital Library is published by the Association for Computing Machinery. Copyright © 2017 ACM, Inc.

Contents available in PDF
View Full Citation and Bibliometrics in the ACM DL.

Comments

There are no comments at this time.

 

To comment you must create or log in with your ACM account.