Cyber defenders study the art of cyber war
Courses offer new techniques, insight for cyber defenders
- By Henry Kenyon
- Sep 08, 2011
The country’s cyber defenders need to master the art — as
much as the science — of cybersecurity through continuous education, an
information security expert said at the Defense Systems Summit on Cyber Defense
Sept. 7.
Because cyberspace is a fluid environment, trends and
situations can change within minutes or seconds. Cyber experts need a broad
education rather than specific training to quickly analyze and react to sudden
shifts, said Gil Duvall, chairman of information operations and information
assurance at the National Defense University, at the conference in Arlington,
Va.
That type of critical thinking cannot come from an ordinary
training course, Duvall said. Instead, the next generation of cyberspace
specialists must be familiar with a variety of concepts and theories. NDU is
focusing on teaching future cyber warriors about defending critical
infrastructure by offering master’s degrees and college-level course, he said.
NDU’s curriculum strives to educate students rather than
train them. The nuance of that goal is that training encourages a checklist
mentality rather than a flexible problem-solving outlook, Duvall said. NDU
wants to produce cyberspace experts who have an open mentality because they
will have better situational awareness, he added.
The university promotes critical thinking by first teaching
basic security policy, then supervisory control and data acquisition (SCADA)
operations and policies, followed by a final level of classified courses that
focus on the nature of the nation’s critical infrastructure and specific
threats to it.
NDU also extensively uses its cyberspace laboratory to test
and train students in network attack and defense concepts, giving them hands-on
experience in a safe environment, Duvall said. For example, during the SCADA
courses, students use the lab to defend a simulated facility against a variety
of cyberattacks. Other modeling and simulation courses further refine students’
ability to defend critical assets, he said.
Duvall said another goal of the curriculum is to teach the art
of cybersecurity, which includes:
- Attribution — identifying the nature and results of an
attack.
- Rules of engagement — familiarity with command and
control processes; risk management; laws and decision-making; and cyber
operations, such as network attack, exploitation and defense.
- Trust relationships — international diplomacy, public-
and private-sector communications, interagency relationships, academia, and professional
education.
NDU also offers courses in cyberspace law, continuity of
operations, information warfare and strategy, and cyber crime. Other courses
emphasize cyber leadership skills that look beyond mere security to issues such
as operating in an intra-agency environment and emphasizing global and
international perspectives, he said.
About the Author
Henry Kenyon is a contributing writer for Defense Systems.