LETTER TO THE EDITOR
The clear majority of today’s car accidents are caused by human error. They are preventable. Whether it is running a stop sign or failing to stay in their lane, most
accidents could have been avoided. Very rarely do accidents occur due to hardware failure
in the vehicle. Long ago, we learned to create cars where the wheels typically do not fall off
while driving leading to a catastrophic accident. Cybersecurity is much the same. Nearly all
vulnerabilities are due to human error, by either the user or the developer, and could have
been prevented. We’ve long ago created practices and technologies that should prevent
nearly every vulnerability. So why do they still occur? Why are cyberattacks still a regular
topic on the nightly news?
It starts with including this important topic in the curriculum, by showing students
that security is by and for everyone, and shouldn’t be left to the “experts.” Nearly every
instructor will tell you that security is an important topic, but only one out of the top 36
Computer Science programs in the US require a course in cybersecurity [ 1]. So why are we
so behind the times? Why are we not achieving this quintessential objective of the creation
of software systems? Will it take a cyberattack that cripples our nation’s infrastructure? Will
it take World War III (The Cyber War).
It is no secret that industry highly values not only trained cybersecurity experts, but even
those who are at least somewhat reasonably well-versed in the topic of cybersecurity.
As a Senior Security Consultant at Synopsys, author Richards indicates that since
developers at major software development companies and other firms are required to
follow security guidelines when developing software, students who can demonstrate the
basic concepts of cybersecurity will have an advantage over their peers as security is
increasingly being integrated into industry job roles.
Instructors need to finally take it upon themselves to include more cybersecurity courses
in their curriculum. Secure systems need trained developers and maintainers that not only
understand how to create these secure systems, but truly understand their importance. It all
begins with education and awareness. Secure systems are no accident.
Daniel E. Krutz and Thomas Richards
1. CloudPassage Study Finds U. S. Universities Failing in Cybersecurity Education; https://www.cloudpassage.com/
Accessed 2017 August 9
Daniel E. Krutz Thomas Richards
GOL-70-1575, Department of Software Engineering 21351 Ridgetop Circle
Rochester Institute of Technology, Rochester, NY 14623 Suite 400, Dulles, VA
DOI: 10.1145//3132217 Copyright held by authors
Cyber Security Education:
Why Don’t We Do Anything About It?