Protecting our software and systems

To reduce the vulnerability to cyber-attacks that is inherent in many of our systems and online services, we need to change the way that we design and implement them.

To reduce the vulnerability to cyber-attacks that is inherent in many of our systems and online services, we need to change the way that we design and implement them. Security needs to be addressed throughout the delivery lifecycle, including the solution architecture, the design, its implementation, testing and the ongoing operation. This will require a greater understanding of systems and software engineering best practice amongst those responsible for the design and implementation of the systems and software.

As a means of achieving this improved understanding a project from the Institution of Engineering and Technology (IET) is investigating the feasibility of encouraging more engineers and technologists to undertake accredited postgraduate level training. 

A review of the current course provision in the UK suggests that while there are a number of information and cyber security courses, the content of these courses may not properly fulfil the needs of those responsible for systems and software engineering – especially in a technological field where the threat ‘landscape’ changes significantly almost every week (sometimes every day). We are therefore seeking input from business representatives to understand what they would like to see in one of these courses. To that end we have set out some topics for discussion, please see below.

We would appreciate your comments and thoughts on the following questions:

Looking at younger engineers and technologists, i.e. those in the 25 - 35 age range who have been in employment for 3 or 4 years

  • How good is their appreciation of computer and networking principles, e.g., how a computer works or the operation of networking protocols?
  • How good is their understanding of software engineering best practice?

In respect of undergraduate engineering courses

  • How important do you think it is that the courses include a compulsory module regarding software engineering best practice?
  • What contents do you think are essential in any such compulsory module?

For those involved in the design and implementation of modern software based systems and products:

  • Do you think that taking a postgraduate course with significant cyber security content would help reduce the threat?
  • What content do you feel is essential in a post graduate level course aimed at systems and software engineers?

You can contribute:

Either online in the IET’s Cyber Security LinkedIn Group:

or if you would rather submit your comments privately you can email us:

Email: cybersecurity@theiet.org