Tech 100: ‘We need to know how a malicious hacker will break into our network to understand how to defend it’

Dr Natalie Coull, Abertay University

It has been over 11 years since Abertay introduced the UK’s first BSc Ethical Hacking degree, followed by the MSc for graduates with a computing background.

We received a lot of attention from both the media and others in the academic community surrounding the ethics of teaching people how to hack and the value of specialist undergraduate computing degrees.

That initial criticism is a distant memory: there is great demand from industry for graduates from the programmes and we continue to recruit healthy numbers of students.

RELATED CONTENT

Updated UK cyber security strategy to narrow the gap between convenience and security

US election hack could inspire political interference in Britain, according to cyber security head

Cyber security centre to research 'developer-friendly' approaches

Many companies who employ our students comment that they simply can’t find graduates with the same skills elsewhere.

Part of the reason that companies struggle to recruit in this space is a gap in specialist undergraduate degrees where students are taught cyber security skills that are required by industry, underpinned by core computing.

There are two fundamental approaches to teaching cyber security: defensive and offensive.

Defensive cyber security teaching is relatively mature and there exist a number of highly valued university programmes that develop the skills relevant to defensive security such as cryptography and intrusion prevention.

Skills in this defensive domain are vitally important but it is equally important that an organisation also considers offensive security in order to better understand its weaknesses and strengthen resources.

Offensive cyber security focuses on attack techniques – in order to defend a system, we need to know how a malicious hacker can exploit vulnerabilities and weaknesses to gain access and control.

Simulating an attack by a malicious hacker, utilising the same tools and techniques that a hacker would use, can be a very effective way of identifying security weaknesses that need addressed.

We need to know how a malicious hacker will break into our network in order to understand how to defend it properly.

The UK Government has recently acknowledged the need for offensive cyber security skills in the National Cyber Security Strategy, to actively target and disrupt criminal activity.

Defensive security has received considerable investment in this area to date. Offensive cyber security is comparatively less well developed, perhaps due to the stigma associated with teaching people how to hack.

We firmly believe that academia and industry need to overcome that stigma and develop this field to ensure that graduates have the skills necessary to address the cyber security shortage and ensure that the workforce has sufficient personnel equipped with offensive cyber security skills.

Dr Natalie Coull is a lecturer in computer security at the Abertay University and won the Outstanding Woman in Cyber award at the inaugural Scottish Cyber Awards in November 2016.