A new electronic “Design for Security” badge, offered in new collaboration between Intel Corporation and Purdue University, emphasizes using secure design principles throughout the product development lifecycle.
“Intel and Purdue University are leading the charge in improving tomorrow’s products by collaborating to develop this new ‘design for security’ concentration.” Rick Echevarria, Intel vice president of the Software and Services Group and general manager of the Platform Security Division, said. Further providing their intellectual expertise is Purdue’s School of Industrial Engineering, School of Electrical and Computer Engineering and the Department of Computer Information Technology.
The aim for the “Design for Security” badge is to introduce security principles from the physical secure design of the infrastructure, to the security of the hardware and software that underlie the infrastructure, and then to the technical constraints and processes in place to support operational security. These principles demonstrate the importance of taking security into account in all phases of the secure development lifecycle, not just in the implementation and deployment phases.
A large, and fast-growing percentage of today’s product technologies and services include connectivity components, which are cyber-enabled (i.e. Cloud, Big Data, Mobile, Internet of Things, and Artificial Intelligence). These emerging technologies and services are helping businesses in adding features to their products, and are facilitating efficiencies to better serve their customers. For consumers, these added features and conveniences are enabling people to be more productive in their daily lives. However, this growing interconnectivity often carries with it an increased risk because traditionally, security has been an afterthought in the design for many products.
The first industry to encounter significant security threats in the digital realm were software producers. Yet, Echevarria noted the need for “design for security” is in all industries and not just in the software domain. There are cyberattacks impacting businesses and thousands of individuals every day. To exacerbate this situation, there is a well-documented cybersecurity talent shortage.
Mung Chiang, Purdue’s John A. Edwardson Dean of the College of Engineering said, “The joint initiative by Purdue and Intel is also interesting in its own right. By co-developing educational material and jointly making it available online as a digital badge, we are opening a new chapter in online learning and workforce development through university-industry collaboration.”
The program, which was announced on April 16th at the RSA Conference 2018 in San Francisco, will demonstrate that the holder of a certificate of completion has a proven understanding of the new concept of “design for security” and can incorporate that knowledge into their business practices.
“You really have to think about the problems you’re going to face in your career and the problems society is going to face during your career,” said Megan Nyre-Yu, a Ph.D. candidate in industrial engineering. “Aspects of digital security touch almost every career landscape in the future. Healthcare, manufacturing, education, thereby every field will depend on technology.”
Nyre-Yu continued saying that the need for a grounding in digital security extends beyond the STEM fields including students in the humanities. “The National Academies of Science, Engineering, and Medicine recognized in 2017 that the foundations of cybersecurity as they stand right now don’t include aspects of social and behavioral science; they don’t have that expertise, and that is holding the field back,” she said.
These courses will allow individuals to benefit by gaining advanced knowledge that could be applied immediately to their current roles, projects, and initiatives where they could incorporate security from the onset while learning occurs in a flexible online environment.
The initial four core courses in the Design for Security program are:
- Foundations of Secure Development, which introduces the need for secure software development, as well as the basics of security, privacy, authentication (including biometrics) and cryptography, which can help informed application designs.
- Secure Design Life Cycle, which introduces a process to build an application from its inception to its decommission, including the architecture design, development, testing, and the evaluation metric.
- Secure Operations, which introduces the principles of effective security operations, and includes the concepts of monitoring, incidence response, forensics, ethics, and legal considerations, product end of life and disposal.
- Security Applications, which introduces different example applications of secure designs like databases, web security, apps, cloud computing, machine learning, autonomous vehicles, and blockchain.
In addition, courses in subjects, such as database security, network security, IoT security, cloud security, autonomous system security, blockchain security, or security in quantum computing and security in quantum computing are expected to be developed.
The coursework and the expanded Purdue online course portfolio aligns with the joint cybersecurity recommendations of the Association for Computing Machinery (ACM), and the Institute of Electrical and Electronics Engineers (IEEE).
With such collaboration, Purdue is set to meet the daunting challenge of future cyber attacks with this new and vital “Design for Security” program.
Writer: Laurie Clark, Purdue Online Learning, College of Engineering