Education & Training for Future Threats

One of the four objectives of The Cyber Security Strategy (November 2011) affirms CESG's belief that professionalisation, education and training are key to success if we are to build 'the UK's cross-cutting knowledge, skills and capability to underpin all cyber security objectives.'

The threats to information in cyberspace are complex and constantly evolving. Having the right people with the right skills to manage the risks is essential if we are to protect and promote the UK in a digital world.

Chris Ensor, Deputy Director for the National Technical Authority for IA, will be joining a panel discussion where he will tell us more about the work that has been going on around professionalisation and, in particular, regarding Certification of IA/Cyber Security professionals, which is now well underway, and is key to enhancing the level of professionalism in Information Assurance and Cyber Defence across both public and private sectors.

The United States Naval Academy is in the midst of a major effort to make Cyber Security an integral part of its educational program.  This talk concerns the cyber security education that all USNA students, starting with the class of 2015, receive.  It focuses on SII10, a freshmen level ("plebe year") course on the technical foundations of cyber security, the initial run of which, in the Fall of 2011, marked the beginning of this new curriculum.

The talk examines the freshman cyber security course and its place within the larger plan for ensuring that Naval Academy graduates are ready for the challenges and opportunities involved with operating in the cyber domain.

Education & Training is fundamental to counteract cyber security threats. Stakeholders will be educated and trained throughout the life cycle of new security solutions for Smart Grids and Industrial Control Systems. We need to think in different, innovative ways and help stakeholders experience new approaches by:

• Enhancing awareness
• Proving insight and perspective into real case scenarios
• Developing, experimenting and experiencing new (cyber security) concepts

In particular, senior management training (C-level) is key since this audience is mostly responsible for the proper functioning of their critical infrastructures.

Courses will be developed in close collaboration with Idaho National Lab (US) and leveraging experience from other projects like the Education & Training Cyber Defence project at the Dutch Ministry of Defence.

Cyber security issues continue to be in the headlines. Incidents such as cyber attacks from Nation States, Criminal Organizations, Terrorists, and Activist Groups make the news on an almost daily basis. The sophistication of the threat has driven the need for organizations to take a layered network defense approach. The technology layers have never been better or more tailored to the threat. It is the human layer that can potentially provide the most benefit for the smallest investment. Changing job descriptions/classifications (for example the DHS draft list of categories) due to the impact of an ubiquitous cyber threat require the development of adaptive training. Job appropriate training for all levels of leadership, to include executives and managers, is required as well as for multi-disciplinary functions such as supply chain management; engineering; and software assurance. This paper will describe the emerging cyber threat on every function and level in an organization and characterize the differing impacts on the organization when that layer is exploited by an adversary. It will also discuss approaches to comprehensively address cyber security training that permeates across all functions, even those that do not have a daily cyber defense role.