Computer Science and Engineering 1

Future of Cyber Security

Top Security Threats Top Security Threats 20132013

• Threat #1: Social Engineering• Threat #2: Advanced Persistent Threats (APTs)• Threat #3: Internal Threats• Threat #4: Bring-your-own-device (BYOD) • Threat #5: Cloud Security

Source: Forbes Magazine, http://www.forbes.com/sites/ciocentral/2012/12/05/the-biggest-cybersecurity-threats-of-2013-2/

Computer Science and Engineering 2

What can we do?What can we do?

Computer Science and Engineering 3

Computer Science and Engineering 4

Information Assurance ResearchEducation

Computer Science and Engineering 5

IA ResearchIA Research

Wenyuan Xu (since 2007)Wenyuan Xu (since 2007)http://www.cse.sc.edu/~wyxuWireless networking and security, sensor networks, network security and privacy, jamming detection and avoidance

Chin-Tser Huang (since 2003)Chin-Tser Huang (since 2003)http://www.cse.sc.edu/~huangctIntrusion detection, wireless security, distributed systemsnetwork security, network protocol design and verification

Csilla Farkas (since 2000)Csilla Farkas (since 2000)http://www.cse.sc.edu/~farkasWeb data and application (WS & SOA) security, Access Control Policies, SCADA software reliability, economic and social impact of cyber attacks

Application layer

Transport layer

Internet layer

Network Interface

Computer Science and Engineering 6

• Information Assurance SpecializationInformation Assurance Specialization• Meeting National IA Training Standards Meeting National IA Training Standards

• CNSS 4011, Information Systems Security Professionals

• CNSS 4013, System Administrators

• CNSS 4014, Information Systems Security Officers

• National Center of Academic Excellence in National Center of Academic Excellence in Information Assurance EducationInformation Assurance Education

IA EducationIA Education

IA SpecializationIA Specialization

• Undergraduate and graduate students of CSE Dept.

• Receive National Training Standard for Information Systems Security (INFOSEC) Professionals, CNSS 4011

• Degree Requirements: 9 Hours of course work with B or better grade

– Required: CSCE 522: Information Security Principles (3 credits)

– 2 elective courses (6 credits)

• http://www.cse.sc.edu/undergraduate/iaspecialization

Computer Science and Engineering 7

Computer Science and Engineering 8

IA CoursesIA Courses

• CSCE 201 – Introduction to Security• CSCE 517 – Computer Crime and Forensics • CSCE 522 – Information Security Principles• CSCE 557 – Introduction to Cryptography• CSCE 548 – Secure Software Construction

• Projects in other courses, e.g., CSCE 520, 416, etc.• Magellan Scholar

Computer Science and Engineering 9

Global Demand for IA Global Demand for IA Workforce Workforce

• Worldwide:– 2010: 2.28 million – 2015: 4.24 million (projected)– Compound Annual Growth Rate: 13.2%

• Americas:– 2010: 920,845– 2015: 1,785,236– Compound Annual Growth Rate: 14.2%

Information Warfare - Farkas

9

Computer Science and Engineering 10

SalarySalary

• 2011 Annual salary(ISC)2® Member/non-member• Worldwide: $98,600/$78,500• Americas: $106,900/$92,900

10

Computer Science and Engineering 11

IA JobsIA Jobs

• Job market– Civil (Join Information Systems Security Association, ISSA,

https://www.issa.org/ )

– Government (Internship available at USC-UTS, and SC Dept. of Probation, Parole, and Pardon Services)

– Military (Internship available at SPAWAR, Charleston)

• Education and training requirements (B.S. degree, certification, hands-on experiments)

• Salary• FUN

Current IA NewsCurrent IA News

• Is the FBI Any Match for Cyber Criminals? , http://www.dfinews.com/news/2013/11/fbi-any-match-cyber-criminals?et_cid=3611017&et_rid=454822392&location=top#.Uo0bQydkHj4 – After 9/11: FBI shifted from organized crime to

fighting terrorism– Current: counter cyber attacks

Computer Science and Engineering 12

• US Ponders Ways Not to Destroy Bitcoin , http://www.dfinews.com/news/2013/11/us-ponders-ways-not-destroy-bitcoin?et_cid=3611017&et_rid=454822392&location=top#.Uo0cjSdkHj4 – Illegal use of bitcoin should it be destroyed?– Over-regulation bitcoin moves out of US control

Computer Science and Engineering 13

Current IA NewsCurrent IA News

• NSA Vowed to Fix Its Collection Errors, http://www.dfinews.com/news/2013/11/nsa-vowed-fix-its-collection-errors#.Uo0dNSdkHj4 – Admitted surveillance rule violations due to poor

management, lack of oversight, typographical errors– Promise of safety measures

Computer Science and Engineering 14

Current IA NewsCurrent IA News

More NewsMore News

• Miners Face Rising Threat of Cyber Attacks due to increased automation

• Cyber Deviance and Cyber Crime Start and Peak in Teen Years start around 15 and peak around 18

• Five More Suspects Arrested in $45 Million Global Bank Heist – loss 45 million from ATM

• Chicago hacker sentenced to 10 years, “hacktivist" Jeremy Hammond explained that his cybercrimes were altruistic acts of civil disobedience

Computer Science and Engineering 15

Computer Science and Engineering 16

Thank you!Thank you!