My work at ISU (in collaboration with INL and LaTrobe University) has not just been about developing a single Industrial Cybersecurity program — it has really been about addressing a critical need that has been overlooked — that is the need to intentionally and systematically develop an industrial cybersecurity workforce.
I know the statement “critical need that has been overlooked” will meet with opposition — and that some who have reviewed my work not only disbelieve the claim, but find it offensive. There are several reasons for this disagreement, and maybe I’ll discuss them in a later post, but here’s a slide that I think summarizes the current state of affairs:
Yes, there are bright spots at a variety of schools, including University of Houston, Purdue, Everett CC, and others (along with ISU). But the vast majority of the efforts I see focus on adding some ICS content into programs that create traditional cybersecurity professionals and researchers. My observation is that from a strategic point of view, such an approach will be insufficient to securely design, build, operate and maintain critical infrastructures in the age of digitization.
Maybe we don’t just need centers of academic excellence for this space. Maybe we need centers of engineering excellence!