Setting Standards for Safety: The IEEE Cybersecurity Initiative
by Robin Hegg
The IEEE has been helping engineers identify and fight against cyberattacks for more than three decades. The IEEE Symposium on Security and Privacy just marked its 35th anniversary in 2015. Moving forward with their work, in 2014, the IEEE Computer Society and the IEEE Future Directions Committee joined together to form the IEEE Cybersecurity Initiative (CYBSI). CYBSI works to improve the understanding of cybersecurity and to bring focus to the areas where more security and knowledge is needed.
CYBSI launched the IEEE Center for Secure Design (CSD) to shift the focus in cybersecurity from identifying viruses and bugs to identifying common design flaws that leave software vulnerable to attacks. Flaws in software’s architecture and design are responsible for about half of all security breaches. Studying the most common of these flaws can help software architects to learn from these mistakes and build software that is more secure by design. CYBSI’s chair, IEEE Senior Member Greg Shannon, says, “Now is the time not only for better defensive measures but also for cybersecurity standards and best practices that consider the entire technology life cycle.”
The CYBSI is also working to set standards for professional credentials for cybersecurity specialists. This will help to ensure that trained and experienced cybersecurity experts are available and that those hiring them can feel confident that their employees have the skills needed. The largest cybersecurity certification program currently available is the Certified Information Systems Security Professional (CISSP). CYBSI is calling for additional certifications within specialized fields and for a corresponding code of ethics. Since one way of ensuring a program’s safety is learning how to break into it, a code of ethics would help to keep experts with these skills working on the side of security.
IEEE also hosts a number of cybersecurity conferences, including the IEEE Symposium on Security and Privacy, the IEEE International Symposium on Hardware-Oriented Security and Trust, and the IEEE International Symposium on Technologies for Homeland Security. IEEE publications like IEEE Security and Privacy help to keep cybersecurity professionals informed and sharing their knowledge with one another.