Engineers play a key role in both the development of the United States and the world. The men and women who pursue degrees in engineering are brilliant innovators and problem solvers, but do they have a blind spot when it comes to securing their work? Could the standard engineering curriculum be improved by the inclusion of cybersecurity principles? We at Mission Multiplier think that a basic knowledge of cybersecurity could help engineers (and everyone else) improve the quality and security of their work. Problems often arise in work environments where cybersecurity is vital but tacked on as an afterthought, and as the National Academy of Engineering points out, the strategy of fixing vulnerabilities after they have already been exploited is not a very good one.
With that in mind, I sat down with two of my co-workers here at Mission Multiplier to get their take on the topic. One is a current engineering student and the other recently graduated with his engineering degree. Here is what they had to say about the future of engineering and the possible inclusion of cybersecurity in the classroom:
Do you think cybersecurity should be taught alongside engineering classes in college?
Recent Graduate: As someone who worked for a cybersecurity company while getting my engineering degree, I realized just how little exposure most engineers have to cybersecurity while in an academic setting. In fact, the only time I got any exposure to cybersecurity was when the IT department sent out a school-wide email warning about phishing attempts. As a result, I rarely even thought about the interaction between the engineering work I was doing and the cybersecurity side of the projects I would be involved in once I entered the working world. It was always something that would just be “someone else’s job.” That being said, I think that teaching cybersecurity alongside engineering classes would be overkill. Like many engineering programs, the engineering program I was in proved very difficult for most people to complete in the standard 4 years. Adding cybersecurity classes on top of that would make for a nightmarish course load. However, I think that finding a way to seamlessly integrate a little focus on cybersecurity concepts into the technology-based classes that already exist would be extremely beneficial. Most engineering students have to complete a two-semester team engineering project during their senior year. These projects would be the perfect opportunity to foster cooperation between the engineering students and students majoring in cybersecurity. A student from an upper-level cybersecurity class could be added to the design team to make sure that the engineering students don’t inadvertently introduce any vulnerabilities into the technology portions of the project. I would say that over a quarter of the useful information I learned in my undergraduate program was from my senior design project. Having a cybersecurity element incorporated with that project would have made a lasting impact.
Engineering Student: Absolutely. However, I think some thought behind the approach to teaching engineering students a topic such as cybersecurity should be made. As an undergraduate engineering student myself, I can honestly say, the typical engineering student will see something that is labeled as “IT” or “Cyber-” and will tend to write it off, learning only what they need to get past it. So if the education board could figure out a way to make it not seem like “IT” work, I think the outcome would be incredibly effective. With the amount of data breaches that happen almost daily, a cyberattack in an engineering firm or even a Federal Agency could be just as devastating or worse. Conclusively, I believe that cybersecurity should be a minor part, but a part nevertheless, of engineering curriculum.
Would a more in depth understanding of cybersecurity help engineers better develop new technology?
Recent Graduate: In a way, yes. I believe that a more in-depth understanding of cybersecurity would help engineers develop more secure technology. It may not work any better than a less secure solution from a mechanical standpoint, but the system would inevitably be less vulnerable to technology-based issues and cybersecurity failures. And these days, that is just as important as mechanical functionality. I certainly don’t want to be on the team that designs an aircraft or space launch vehicle that gets compromised by a hacker. That wouldn’t look too pleasant on a resume, and my conscience wouldn’t do well if someone got hurt because of it.
Engineering Student: I agree. Some engineers will design products with the idea of being “smart”, or internet connected. While the application of the product goes up, the risk of a cyberattack goes up as well. If the engineer has at least some sort of background in cybersecurity and software, then a more secure product would potentially be the outcome.
To what extent would cybersecurity knowledge be helpful?
Recent Graduate: Extra cybersecurity knowledge certainly wouldn’t hurt anything. You’re probably never going to be able to have engineers that can cover both the engineering design and cybersecurity sides of a project, but engineers that have a working understanding of cybersecurity concepts will build solutions that are more inherently secure and will be able to work more efficiently with cybersecurity personnel. And that would be an invaluable improvement to the current state of affairs.
Engineering Student: Not just engineers, but all students should at least get an awareness of the potential devastation of a cyberattack. I feel that the average everyday American laborer does not fully understand those consequences. When an awareness of how dangerous cyberattacks can be is reached, the general need for cybersecurity would likely increase.
Do you see any potential negative impacts of not including mention of cybersecurity in an engineering curriculum?
Recent Graduate: If students go through their entire engineering program without ever having to touch anything related to cybersecurity, they will think that they will never have to touch cybersecurity in their engineering work outside of school. When they start developing tools that need built-in cybersecurity, not only will they not know how to do it, they will think that securing the tools should be someone else’s problem to solve. They will see cybersecurity as just another thing that gets in the way of them doing a good job, even though they truly aren’t doing a good job if they ignore it.
Engineering Student: A general disregard of cybersecurity is only making the overall problem worse. If people continue to disregard cybersecurity as if it were only an “IT” job, it only leaves room for hackers to take advantage of the lack of knowledge that potential future engineers would possess.
What advice would you have for new engineering students when it comes to their future interactions with cybersecurity?
Recent Graduate: Cybersecurity is not your enemy. And the basic concepts are not hard to understand. Trust me, the stuff you will learn in your engineering program will be much more difficult than understanding the principles of security. Gain a working knowledge of cybersecurity now and you will be lightyears beyond your fellow engineers when you get into the workforce. You don’t have to be a hacker extraordinaire, but you should be able to work comfortably with the cybersecurity specialists.It will make your job that much easier.
Engineering Student: It may seem redundant at first, but further investigation will prove the relevance of cybersecurity in almost every single career field. So, if and when you come across anything related to cybersecurity, do not simply write it off. Pay attention to the material and know that with your aid some of cybersecurity’s biggest problems may be solved a little bit faster.
What advice would you have for cybersecurity students when it comes to their future interactions with engineers?
Recent Graduate: A lot of engineers you run into will likely see you and the work you do as an obstacle. Please don’t take it personally. Basically our entire college experience is based on us having to overcome seemingly pointless obstacles to get to the work that we actually find meaningful. You might just have to show us that the cybersecurity actually helps us instead of hinders us.
Engineering Student: Some of us [NOT all engineers] are stubborn and hard headed. Just as you would deal with nurses, or businessmen or businesswomen, patience and an understanding that we may not know exactly everything about a particular cybersecurity topic, even though we may tell you over and over that we are right.
Cybersecurity plays a key role in everyone’s lives today, and it is a particularly important consideration when developing new technology. A basic understanding of cybersecurity could improve an engineer’s development process and ability to communicate with cybersecurity professionals about their concerns