Cybersecurity Across Disciplines

Interdisciplinary Cybersecurity Education

The Office of National Cyber Director (ONCD) recommends educators take an interdisciplinary approach to cybersecurity education. This is just one of the many strategies the White House recommends to quickly and drastically increase cybersecurity skills in America’s workforce. 

Refer to the National Cyber Workforce Education Strategy (NCWES), published by the (ONCD) on July 31, 2023 for their multi-faceted plan. In accord with this strategy, many initiatives have been launched since then. A summary of their progress thus far is available at this link. 

The “interdisciplinary approach” is a strategy where colleges blend cybersecurity education and skill development across disciplines. Administrators and instructors are beginning to recognize the overlapping needs of cybersecurity in all disciplines. There are already workshops and professional development opportunities available for instructors to gain new knowledge and skills to add cybersecurity into their courses.  (See sections 2.2.2 and 2.3.5 of the NCWES) 

 To highlight just a few examples, here are four non-IT disciplines that need cybersecurity skills. 

Medical Field 

Zip Recruiter reports that the average salary, nationwide, for a cyber security specialist in the medical field is now $132,962. 

If your campus includes students in the medical field, could your cybersecurity classes be opened to them? If you teach cybersecurity, have you thought about offering a guest lecture to the Allied Health program on your campus? 

The cybersecurity skills needed by medical students: 

• Healthcare Data Privacy and Security. Understand the importance of protecting patient data, including compliance with HIPAA and other regulations such Washington’s new “My Health, My Data Act”, which became legally enforceable on March 31, 2024.
• Medical Device Security: Know how to ensure the security of medical devices, which are increasingly connected to networks.
• Incident Response Management. Develop skills to detect, respond to, and recover from cybersecurity incidents. This includes creating and practicing incident response plans.
• Risk Management and Security Awareness. Be able to identify risks and respond appropriately to them. Understand the nature of phishing campaigns and social engineering. Know how to protect the confidential data of patients. In WA, this includes facial recognition, fingerprints, and other bio-identifiers.

Agriculture and Food Supply Chain 

Automation and AI are increasingly being adopted in agriculture. As any technology is deployed, farms and agribusinesses must learn to secure them. The U.S. Food and Agriculture sector is part of our nation’s critical infrastructure and, as such, is targeted by cyber criminals. At a high level, cyber-attacks can threaten global food security. At a micro level, cyber-attacks can financially destroy agricultural businesses that barely survive on razor-thin profit margins. 

If a large-scale cyber-attack were to be carried out on U.S. agricultural and food-supply chains, it could result in widespread hunger and economic damage. To prevent such attacks, professionals in agribusiness should have basic cybersecurity awareness training. 

Cybersecurity skills useful to students in agriculture: 

• Supply Chain Security. Understand how cyber attackers can threaten cold storage, shipping, suppliers, and distributors. Disruptions in these spaces lead to delays and shortages, resulting in a ripple effect throughout the food supply system.
• The top 5 attack vectors that plague agricultural industries: ransomware, phishing, data manipulation, supply chain disruptions, and confidential information theft.
• Protection of smart farming, automation and precision agricultural devices, which may be AI powered.
• The potential financial impact of cyber-attacks in agriculture. It could cause entire farms and businesses to collapse.
• Privacy. Understand the legal implications of failing to protect private data of employees, consumers, and partners.

Area of opportunity: Cyberbiosecurity 

Cyberbiosecurity is an emerging field at the intersection of cybersecurity and biosecurity. It finds ways to protect crops, livestock, and food supply chains from a wide array of attacks ranging from naturally occurring threats like invasive species to man-made threats such as bioterrorism. 

In 2021, a report called “Assessing the Role of Cyberbiosecurity in Agriculture: A Case Study,” declared: 

“There is no education and training for individuals interested in cyberbiosecurity to become specialists compared to cybersecurity and biosecurity. The ideal candidate for a job would possibly have a degree in life sciences, including agriculture and food domains, with additional knowledge and training in cybersecurity.” 

Manufacturing, Utilities, and Infrastructure 

The industries of manufacturing, utilities and public infrastructure share similar technologies and cybersecurity vulnerabilities.  

To see an innovative college program that teaches how to secure (and how to hack) these industrial control systems, check out Everett Community College’s website. 

Whatcom Community College includes Industrial Control Systems (ICS) in the AAS/AAS-T and BAS programs, as well as a certificate of proficiency in ICS.

Cybersecurity skills useful to students of manufacturing, utilities, and infrastructure: 

• Network segmentation to isolate controllers and sensors from other compute devices
• Best practices of IAM (Identity and Access Management) and good password hygiene
• Remote Access. Understand how to securely access control systems from a remote location
• How to protect the security of:
  • Programmable Logic Controllers (PLCs)
  • Supervisory Control and Data Acquisition software (SCADA)
• Knowledge of Governance, Risk and Compliance (GRC) laws regarding manufacturing and public infrastructure, and how to comply with them.
• Supply Chain. In manufacturing, understand the cybersecurity vulnerabilities of the supply chain and how a breach can impact the broader ecosystem. Understand how to identify risks and attack vectors in the supply chain, and how to thwart these attacks.

Area of Opportunity: Mechatronics 

Mechatronics integrates electronics, mechanical systems, and software into one discipline. As these systems evolve to include artificial intelligence, IoT sensors, remote access, and automation, they become exposed to more attack types and require more protection. Therefore, cybersecurity awareness training is needed in mechatronics courses now.

Colleges in Washington that have mechatronics programs include North Seattle College, Shoreline Community College, and Edmonds College.

Law 

As cybercrime grows more advanced, so do the technologies used in attack prevention. In lockstep, laws are constantly being written and updated to help protect data and prosecute those who steal and exploit such data.  

The legal system continues to see cases involving data crime and data failures, so law professionals are needed who understand the technical details.  

For example, Delta Airlines recently hired a law firm to seek compensation from CrowdStrike. Earlier this summer, Delta experienced a days-long business shutdown due to a bug in CrowdStrike code. The court must consider several technical aspects such as: Why couldn't Delta get their business back up and running as quickly as other airlines who suffered the same outage? And could CrowdStrike’s bug be blamed on negligent coding and testing? Or was it something that no one could have reasonably predicted? 

The complex technical details will need to be evaluated in court. 

Cybersecurity skills useful to law students: 

• Digital forensics. How to collect, preserve, and analyze digital evidence when handling cybercrime cases.
• Compliance and risk management. How to help organizations comply with regulations and manage risk. May include conducting risk assessments and developing compliance programs.
• Ethical hacking and penetration testing. A basic knowledge can help law students understand how cybercriminals operate and how organizations should defend against their tactics.
• Understand cybersecurity laws and regulations.
• Basic technical knowledge of encryption, network security and common cyber threats like phishing and ransomware.

See the Whatcom Community College AAS degree in Criminal Justice - Computer Forensics. It includes coursework for computer literacy, operating systems, and computer forensics.

Conclusion

The NCWES encourages more training opportunities for teachers, connecting cyber educators with peers, and elevating cyber teaching as a profession. The strategy lists many more ways to develop a cooperative and co-supportive “ecosystem” of stakeholders that includes industry, government, and academia. 

Some ideas where stakeholders can join forces in this interdisciplinary ecosystem: 

• Offer interdisciplinary courses that combine cybersecurity with other fields.
• Launch collaborative research projects. For example, loop in the psychology department to examine the human factors of cybersecurity, such as how people respond to phishing attacks.
• Job fairs should include cybersecurity students and should feature the ways their skills can benefit industries of various kinds.
• Organize cybersecurity competitions and hackathons that involve students from various disciplines.
• Offer cross-departmental internships that require students to work on cybersecurity issues within different domains.
• Invite professionals to give guest lectures showing real-world cybersecurity issues in a variety of fields.
• Create a cross-departmental guest-lecture plan. Instructors of cybersecurity get an opportunity to teach students from other disciplines, while other teachers can address the cybersecurity students about data and privacy protection within their disciplines.

A free e-book about Critical Infrastructure Systems is offered by the NCyTE center and can be added to any training program. Concepts covered are: ICS, SCADA, Process Control Systems (PCS), and Distributed Control Systems (DCS).

References

U.S. Department of Justice, Office of Justice Programs, Nov. 2003, “Bioterrorism: A Threat to agriculture and Food Supply.” 

Congressman Brad Finstad, Jan. 2024, Press Release, “Finstad and Slotkin Introduce Farm and Food Cybersecurity Act, Strengthening Protections for America’s Food Supply Chain.” 

USAID, Oct. 2023, “Cybersecurity Briefer: Agriculture and Food Security”