1. Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity for Critical Infrastructure Day 2 Summary November 9, 2012 Support for this work was provided by the National Science Foundation’s Federal Cyber Service: Scholarship for Service (SFS) program under Award No. 1241735. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

2. Announcement In the process of setting up a web site. All presenters send slides to samujjwal.bhandari@ttu.edu samujjwal.bhandari@ttu.edu

3. Day 1 Summary What is critical infrastructure? What are some of the challenges? What are potential solutions?

4. Day 2 Summary Ronnie Killough, Southwest Research Institute  Oil & gas, Transportation, SmartGrid, Nuclear power, Railroads, Water resources  What’s unique about security for cyber-physical systems? Multi-disciplinary, Domain-specific, non-standard, operational constraints  Cyber-physical project examples (multi-disciplinary) Design for security, worldwide client base Penetration testing (meters), risk vs. cost to secure, deployment, communications Security research (automotive)  Soft skills, multi-disciplinary, SW/HW/Networking: need new skills  Course on critical infrastructure domains, balance breadth/depth, provide divergent paths for security development vs penetration testing

5. Day 2 Summary Ravi Sandhu, UT San Antonio  Cybersecurity for graduate education  Is cybersecurity becoming a discipline separate from CSE?  Vance: science of cyberspace, cyberspace is everywhere in every domain  The packaging challenge? What is the core of this discipline?  There is an infinite supply of attacks.  “The system is secure enough” – the bar for “enough” is fairly low  ATMs, online banking/ecommerce (simple success stories) – not attainable via current cyber security science, engineering, doctrine  Develop a scientific discipline – find sweet spots for different applications, need microsec that leads to desirable macrosec (as in critical infrastructure)  Changes are need to achieve a scientific discipline

6. Day 2 Summary Chris Kulander, School of Law Panel  Oil and gas (strategic national interest): networked real-time data transfer  Theft of customer data, seismic data, proprietary info.  Sabotage: infiltration (foreign governments), attack of power grids, vandalism, monkey-wrenching  Control Point – Survey Act Victoria Sutton, School of Law Panel  Cybersecurity law education for lawyers  Developing a cybersecurity law certificate  Cybersecurity law landmark cases

7. Day 2 Summary Suku Nair, Southern Methodist University  HACNet – security and reliability  MS in Security Engineering  Admission requirements: many don’t have CS backgrounds, need one year of experience in Information Assurance  Different delivery modes (on campus, distance, on-site executive, hybrid)  NSF Center (I/UCRC) and NSA Center of Academic Excellence

8. COE Panel Comments: Need to go back to the basics of deep computing knowledge for computing- oriented cybersecurity backgrounds.

9. Where do we go from here? Suggestions: