April 17, 2018
'Design for Security' program launched by Purdue, Intel
The badge is based on the new concept of "design for security," which aims to introduce security principles from the ground up, by demonstrating the importance of taking security into account in all phases of the secure development life cycle, not just in the implementation and deployment phases. A YouTube video is available at https://youtu.be/jKOzejmg2dE.
A large, and fast-growing, percentage of today’s product technologies include a connectivity component. These cyber-enabled technologies and services are helping businesses add features to their products and are facilitating efficiencies to better serve their customers. For consumers, these emerging technologies are adding features and conveniences, and are enabling people to be more productive in their daily lives. However, this growing interconnectivity often carries with it an increase in risk. Traditionally, security has been an afterthought in the design for many products. There are significant benefits to incorporating security at every level of system design.
Mung Chiang, Purdue's John A. Edwardson Dean of the College of Engineering, said the security-first approach should become part of all areas of technology and commerce.
“This joint initiative by Purdue and Intel is also interesting in its own right,” Chiang said. “By co-developing educational material and jointly making it available online as a digital badge, we are opening a new chapter in online learning and workforce development through university-industry collaboration.”
The new badge program, announced Monday (April 16), at the RSA Conference 2018 in San Francisco, will demonstrate that the holder of a certificate of completion has a proven understanding of the new concept of "design for security" and can incorporate that knowledge into their business practices.
Rick Echevarria, Intel vice president of the Software and Services Group and general manager of the Platform Security Division, said that Intel and Purdue are collaborating to make security a core principle in the development of future products and technologies.
"Intel and Purdue University are leading the charge to improve tomorrow's products by collaborating to develop this new 'design for security' concentration," he said. "We will be drawing from the expertise in Purdue’s School of Industrial Engineering, Center for Education and Research in Information Security (CERIAS), as well as other units. Intel engineers and designers will also be directly involved in this program."
Echevarria noted the need for "design for security" in all industries and not just in the software domain.
“Nearly every day we hear about a new cyberattack impacting businesses and often thousands of individuals. To exacerbate this situation, we have a well-documented cybersecurity talent shortage,” Echevarria said. “It is time for us to accelerate the availability of security-minded professionals that can meet this challenge.”
The first industry to encounter significant security threats in the digital realm were software producers, and they already have responded by incorporating security measures into their initial designs.
"Security should be included at all levels — design, manufacturing, and distribution. We need to 'design for security,’" Chiang said.
To demonstrate expertise in this new concept, students will need to complete coursework in four courses, which will be offered at Purdue starting in the fall of 2018. Course topics are:
• Foundations of secure development, which introduces the need for secure software development, as well as the basics of security, privacy, authentication (including biometrics) and cryptography, which can help informed application designs.
• Secure design life cycle, which introduces a process to build an application from its inception to its decommission, including the architecture design, development, testing, and the evaluation metric.
• Secure operations, which introduces the principles of effective security operations, and includes the concepts of monitoring, incidence response, forensics, ethics and legal considerations, product end of life and disposal.
• Security applications, which introduces different example applications of secure designs like databases, web security, apps, cloud computing, machine learning, autonomous vehicles, and blockchain.
In addition, students will be required to take elective courses in subjects, such as database security, network security, IoT security, cloud security, autonomous system security, block chain security, or security in quantum computing.
The coursework aligns with the joint cybersecurity recommendations of ACM, the Association for Computing Machinery, and IEEE, the Institute of Electrical and Electronics Engineers.
Anyone interested in more information about the program should visit the website at https://engineering.purdue.edu/securedesign.
The "Design for Security" program will be offered both as on-campus classes at Purdue as well as online beginning in the fall of 2018. Anyone is eligible to enroll in the coursework online.
"You really have to think about the problems you're going to face in your career and the problems society is going to face during your career," said Megan Nyre-Yu, a Ph.D. candidate in industrial engineering. "Aspects of digital security touch almost every career landscape in the future. Health care, manufacturing, education, every field will depend on technology."
Nyre-Yu says that the need for a grounding in digital security extends beyond the STEM fields and includes students in the humanities.
"The National Academies of Science, Engineering, and Medicine recognized in 2017 that the foundations of cybersecurity as they stand right now don’t include aspects of social and behavioral science; they don’t have that expertise, and that is holding the field back," she said.
Writer: Steve Tally, firstname.lastname@example.org, 765-494-9809, @sciencewriter
Purdue media contact: Steve Tally, email@example.com, 765-494-9809, @sciencewriter
Note to Journalists: A YouTube video is available https://youtu.be/jKOzejmg2dE and other multimedia can be found in a Google Drive folder at https://goo.gl/5LzMjG. The materials were prepared by Erin Easterling, digital producer for the Purdue College of Engineering, 765-496-3388, firstname.lastname@example.org.