Cyber Security Engineering: Understanding the Importance and Examples
Cyber security is crucial due to the uncontrollable nature of digital devices and the potential for unauthorized access and manipulation, leading to severe consequences like data leakage, information distortion, and unauthorized access. Two examples illustrate the real-world implications of cyber threats: a mafia group hijacking a car's central computer to cause a fatal crash and a state intelligence agency using a modified watch to intercept and transmit secret military plans. Implementing robust security measures is vital to safeguard digital systems and prevent such malicious activities.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Introduction to Cyber Security Engineering bachelor s program IVSB Valdo Praust IVSB program manager TalTech IT College August, 25th 2021
Why cyber security is an extremly critical issue? Unlike a mechanical device, the actual functionality of any digital chip is uncontrollable - it is extremely expensive and practically imfeasible to perform a detailed reverse engineering of a hardware and a simultaneous detailed software audit Usually we don't really know up to details what's going on inside the digital device (leakage of confidential data, distortion of important information, undocumented behaviour etc) Because it s possible to hide the actual content of the information (steganography), the traditional traffic monitoring does not often help In order to prevent this it s generally necessary implement a set of special security measures in order to ensure correct and secure operation of IT solutions in all situations
Example 1 - Mafia group X wants to assassinate a politician Y Description. Politician Y's car central computer is hijacked by a mafia group X. When politician Y drives on a mountain road, the group X overtakes the car driving. The brakes will be deactivated, the speed will be fixed at 140 km/h, the car's engine stopping capability will be disabled and the possibility of gears swiching will bealso disabled. Politician Y is no more able to control the car and the result is a fatal crash Note. Most of contemporary cars are almost fully controlled by the central computer not directly by diver only exceptions are the steering wheel and partly the brakes
Example 2 - Country A intelligence wants to obtain Country B secret military plans Description. The intelligence service of State A replaces the Rolex watch of Commander C state B Defense Forces with an analog one, which also includes a hidden digital interception microphone, a GPS device and a radio transmitter The watch will record all secret conversations and wll transmit these via radio signals in an area where there are no shield and radio waves detection devices. On other times (in critical rooms), the clock keeps the rigid radio silense Result. Country A will know all about Country B's secret military plans. It will happen because there is a radio shield and a ban on the introduction of a mobile phone in the critical rooms of Country A, but there is no ban for a watch as it is supposed to be a rigid non-IT device
Example 3 - Purchasing of votes for a traditional paper-based ballot elections Description. From voters there are asked to take a picture from the ballot in cabinusing mobile phone after writing candidates number and before entering the ballot info the box After leaving the polling station voters will show a photo of ballot. For a case it bears a "right" candidate number, they receive the permitted amount of money Note. In ordinary elections from ordinary citizens it s clearly overkill to be required to abandon a mobile phone when entering the cab (and there s no guarantee that they have another phone yet, people cannot be searched)
Essence of cyber security (comupter secutity, data security) Source principle: if we have created some data, then the information, beared by these data, has usually a special value for us (for a main process, business process) Information security or a cyber security is (widely taken) a discipline which concerns the maintaining these values/properties of information. Because most of information is nowadays digital (handled by computers) it is often called also a cyber security or computer security
Classical model of cyber security (information security) Cyber security is classically a simultaneous ensurance of three main goals or three main components (which are usually considered to be independent of each others): Availability information, beared by the data, is available to the parties designated by the business (main) process and at the time, form and other terms specified by the business (main) process Integrity concerned parties (designated by business/main process) know where the information originates and are convinced of its accuracy (i.e. the information has not been falsified or changed in any other way) Confidentiality information, beared by the data, may only be available to persons/entities designated by the business/main process and must be inaccessible for all others
From cyber security to Cyber Security Engineering Ensuring cyber security (simultaneous availability, integrity and confidentiality) it s typical necessary to use and involve different type of techniques: IT (hardware, software, networks) human legal mathematical/cryptogpaphical As security is the property of all (IT) processes, security needs to be addressed in all phases of the information system Therefore, cyber security technologies cover all aspects of IT and much more than IT (human factor, legal factor, physical security, etc.)
IVSB bachelors program main principles, I We do not assume that students have a previous systematic experience and/or knowledge in IT we cover during 3 years all main topic of IT in preliminary level But we assume that students have a deep interest in IT from a security point of view And we heavily assume that students have an ability to think logically and algorithmically this is the basis for understanding IT. We have tested it in admission test We assume that students have a math knowledge on a general international high-school level we have tested it (together) with algorithmical thinking in admission test
IVSB bachelors program main principles, II We balance between theoretical knowledge and practical skills, slightly inclined to the practical side. More theoretical approach of cyber security will be covered in TTU by cyber security master s program IVCM Graduates of IVSB will be able to independently design, operate and manage secure IT systems As cyber security is heavily related to all IT branches, we cover both, IT administration and develompment branches balancing between them
IVSB bachelors program learning outcomes Understanding the concept of the IT systems life cycle Ability to code, test, and distribute of an infosystem with the focus on security Ability to perform information system security testing basing on best international standards and practices Basic skills to administrate, develop end test secure information systems Adhering ethical norms of the cyber (data) security If you finish IVSB, you can continue with cyber security master program IVCM in TTU
IVSB bachelors program duration and amount Duration - three years or six semesters Total amount - 180 ECTS, including: general studies - 30 ECTS core studies - 72 ECTS special studies - 42 ECTS Internship 24 ECTS free choice courses - 6 ECTS graduation thesis - 6 ECTS Link to courses list http://tinyurl.com/21ivsb
Valdo Praust, IVSB program manager valdo.praust@itcollege.ee +372 514 3262 In Skype available by previous demand Experience in the field of IT 38 years Experience in the field of data security (cyber security) 30 years (since restoring Estonian independence 1991) During last 30 years I have involved in a bulk of Estonian national security-related IT projects Estonian ID card, Estonian digital signature project, Estonian national data security standard ISKE etc Contemporarly I spend physically a lot of time 100 km s from Tallinn (developing Estonian Bicycle Museum). In Tallinn and in TTU campus I am physically available usually 1-3 days in week
Some facts about coronavirus (COVID-19), I Because of a lot of misinformation (incl. conspiracy theories) about coronavirus, I tried to gather the most important systematic information: 1. Currently circulating delta variant is about 4 times more contagious as the original (Wuhan) disease 2. Coronavirus (delta variant) is extremly dangerous because of rare co-occurrence of 3 important factors: extremly high infectivity mortality about 1% (with simutaneous very mild suffering for 80% of cases) very active conspiracy theories disseminators (very much misinformation) which has heavily confused and misled a lot of decision-makers at all levels
Some facts about coronavirus (COVID-19), II Coronavirus vaccination important: 1. A vaccine-protected person (full course, two doses, Pfizer, Moderna or AstraZeneca) is four times less likely to be infected than an unvaccinated person. Consequently - unvaccinated person four times less likely to spread 2. The initial vaccine effevtiveness was 90% (instead of 75%) but for original (Wuhan) variant. Therefore against the delta variant vaccines are satisfactory, not excellent. But the vaccines are at the moment the only actual effective countermeasures against the coronavirus (beside of long self-isolation that no one wants to stay) 3. At present, about half of Estonian population have been vaccinated. Consequentlty - 95% of the virus spread in Estonia acts currently through the unvaccinated people (5% of from total spread acts from vaccinated to vaccinated people)
Some facts about coronavirus (COVID-19), III Coronavirus vaccination important: 4. Vaccine protection prevents severe illness in 90% of cases (protects 10 times) 5. Vaccine protection prevents death in at least 97% of cases (protection around 40 times) 6. The vaccine itself is likely to kill a maximum of 0.0001% (not more than 1 / 100,000) 7. Vaccine protection lasts at least six months, but maybe a year. In the short months, the necessity/un-necessity for a third dose will become apparent (not yet) 8. The serious long-term side effects of the vaccine (impotence, nervous system damage, loss of natural immunity etc) haven t been predicted by serious medicine these rumours belong all to a bulk of conspiracy theories
Some facts about coronavirus (COVID-19), IV My recommendations: 1. I definitely recommend that you protect yourself with the vaccine to protect your own and other peoples health and lives. 2. Don t believe in conspiracy theories, but serious (based on science) medicine 3. Additionally, I recommend to avoid unnecessary physical meetings and to wear masks in a case of physical meetings with a large number of strangers. 4. Be sure to test yourself (even having vaccinated) at the first signs of the disease and switch to distance learning immediately if you become ill. Let's stay healthy!
INTERNSHIP Internship is a mandatory part of the study programme 560 hours of work (14 weeks when 40 hours per week) Prerequisites (will be passed by the end of the second year) Two procedures to pass internship: Normal procedure: you must inform the Uni at the beginning of the internship, have a contract Steps: prerequisites > contract > internship (blog) > evaluation of the supervisor > report > defense Simplified procedure: 1 year of professional experience - no internship period required, internship report can be written based on experience Steps: prerequisites and 1 year of experience > proof of employer > report https://www.taltech.ee/en/internship-CSE For all the questions regarding internship contact me (internship curator of your study programme): Riina Tallo (Riina.Tallo@taltech.ee)