Nigel, you’re currently a Lecturer in Computing at Letterkenny Institute of Technology. Could you tell us more about the role and what prompted you to enter academia?
I was always interested in academia from a very early age – I remember distinctly my primary school teacher telling my mother at a parents/teacher meeting that I would become a Professor! I had no idea what it was – but thought – fair enough, I’ll aim for that! As I got older, I became increasingly interested in technology so decided to pursue a graduate and post graduate in the area of Computing. With academia/lecturing always in my mind, I felt it important to gain industry experience in the field in order to bring some sense of credibility to my lectures. I had an incredible experience as a software developer and project lead – I travelled the world and got to work on some fantastic projects.The skills I learnt have served me well in academia – allowing me to bring context to practicals. The students relate to a ‘real world’ example and can help cement theory.
What digital forensic courses are currently offered by Letterkenny?
Bachelor of Science (Hons) in Computing with Computer Security and Digital Forensics, and Master of Science in Computing in Systems & Software Security
Tell us more about course structure and content. What core knowledge and key skills should students gain by the end of their studies?
Bachelor of Science (Hons) in Computing with Computer Security and Digital Forensics
The B.Sc. is a three year taught programme in computing, which focuses on core computing skills plus topics applicable to computer security and digital forensics. Its aim is to provide students who participate in it with the range of both theoretical and practical skills required for them to participate fully in a strong and vibrant computing industry with a particular emphasis on computer security and digital forensics. In addition graduates from this course will be able to do a planned one-year add-on Honours BSc in Computer Security and Digital Forensics.
Modules include: Object Oriented Programming, Problem Solving with Robotics, Mathematics for Cryptography, Computer Architecture, Computer Crime, Network Technologies, Law of Evidence, Operating Systems II, OO GUI Programming, Database Technology, Risk Assessment and Countermeasures, Digital Forensics 1, Software Implementation, Object Oriented Analysis & Design, Technical Writing, Security Systems Administration, Secure Coding Techniques, Client-Server, Database Architecture, Team Project, Digital Forensics II, Image Processing for Digital Forensics, Software Engineering, Project Preparation, Secure Infrastructure, Legal, Ethical & Social Issues in Computing, Cryptography and Cryptographic Protocols, Development Project, Stenography and Biometric Security.
There is also the option to do an elective work experience module where the student can gain an additional Certificate in Industry Studies.
LYIT also offers a Master of Science in Computing in Systems & Software Security. The MSc is a three semester taught programme in computing which focuses on topics applicable to Systems and Software Security. These are followed by a dissertation which will offer the student the opportunity to apply a range of topics covered in the taught part of the programme to demonstrate an extended knowledge and ability in that area. Students may chose to leave the course after the first 60 credits (taught modules) and will obtain an exit-award of a Post-graduate Diploma in Computing in Systems and Software Security. Students who continue on to complete the dissertation will obtain an MSc in Computing in Systems and Software Security.
Students who successfully complete the course(s) will have invaluable skills in all areas of Computing but will have additional specialised knowledge in digital forensics as well as systems and software security.
How did you become interested in computer security as a subject area?
Attacks on systems and software in the media always intrigued me and I began researching more in the area. One of my initial publications in the area, “Developing a Secure Programming Module to cope with Modern Vulnerabilities”, allowed me to focus on areas of code that could be refactored to help reduce the number of potential vulnerabilities. The processes allowed me to refine the software development lifecycle in my classroom and help students devise checklists of vulnerabilities to counteract (or at least consider).
Your paper ‘Internet Copyright Law and Digital Industries’ discusses the difficulty of applying Intellectual Property regulations in an ever-changing space such as the internet. Could you tell us more about it and the conclusions you reached?
The issues surrounding illegal file-sharing and copyright infringement are wide spread and touch upon various legal frameworks, which need to be addressed to bring current laws into line with technology, and people need to be educated to understand the ethical implications of their actions. A long overdue and welcome amendment might take place within IP. Protection of International IP interests is also being addressed, both within the EU, and further afield with emerging economies such as India and China. Ireland is also studying various resource findings and I expect there will be a similar set of amendments here too.
Another option would be to follow the “fair use” route the US is taking, although this raises legal implications of adopting such a policy in Europe. In April 2010, the UK government passed the Digital Economy Bill that allows closure of websites that are believed to be aiding the passing of copyright infringed materials, in addition to bringing in the controversial ‘three-strikes’ policy. This new policy essentially implies that if an Internet user is suspected of illegal file-sharing, he or she will receive numerous warnings before having their connections terminated. Pro-Internet groups are calling this a violation of privacy and are against any kind of user monitoring. France recently passed a similar bill. The technological advancements in recent years are making it difficult to protect copyright and IP but I think it is important that we analyse the salient features of our current laws with modern technology in mind.
You’ve written about privacy on social networking sites, and how it can be difficult for naïve users to understand how to manage their privacy settings. Tell us more about the issues surrounding this area, and what can be done to solve them.
Some may say that Facebook’s popularity and actions have changed the dichotomy of the public and private sphere. To the millions of Facebook users, their online privacy is a commodity that is often only recognised and valued when it has been breached in some way. Information such as their uploaded photos, mobile numbers and current location can easily be retrieved and used unscrupulously by criminal elements. Changes Facebook should make would include removing the opt in by default mechanism thereby ensuring that users are aware of such changes and given the support to customise the level of privacy they require before the changes are implemented (which they are slowly moving towards).
By doing so, all users can be sure that their uploaded information can only be viewed or accessed by people of their choosing (which again is possible but a rather technical process if you aren’t in ‘the know’). This modification could result in new features not having the uptake Facebook would prefer but if beneficial to the user will not inhibit its growth.
From Facebook’s perspective, a good stance on privacy makes good business sense. Privacy can be seen as a way of building public trust in the Facebook brand. It can be a way of showing how Facebook respects its customers and their personal information. It has been stated that “the most widely used are the most trusted.” This trust will lead to current users continuing to use the site as well as new users registering which will in turn have a positive effect on advertising revenue. Investment in privacy in turn is an investment in the Facebook brand. It is only when Facebook shows their interest in behaving ethically towards their users that they will be trusted.
What do you think the next major developments will be in computer & internet security?
The Cyber-terrorism “Umbrella” has many sub sections – all of which, I believe, are important to consider; Cyberbullying, Cyberstalking, CyberSquatting, Cybercrime and Cyberattacks.
The various responses to an overall idea of cyber-terrorism should include more than just politically motivated acts disrupting cyberspace. Generally speaking, intelligence gathered by attacker(s) is made available by the victims themselves by not having appropriate security measures in place, security was based on a technical solution only, internal users are often unwillingly and sometimes willingly responsible for the success of an attack and failure of security systems and victims often fall for quite basic social engineering attacks.
Educating internet and computer users on security is paramount moving forward. Users (and eventually victims) need to take responsibility for their own security with awareness being key. The Internet is the best platform to find new targets and collect information about them. Rather than going in to a free fall after an attack, an organisation (or user) should have a crisis management plan in place that is routinely revised and updated. It is often the case that organisations are left very vulnerable after attacks. A critical infrastructure (electricity, water supply, transportation etc) attack is possible and could be catastrophic if not planned for and procedures not in place to deal with it.
When you're not teaching, how do you relax and unwind?
I have three small sons (all under 6 years old) – so my evenings and spare time revolve around them and my wife. They are currently showing me new tricks on our iPad!