Security Engineering as a Multidisciplinary Approach to Cybersecurity

University of Oulu

Abstract

In today's digital society, vast amounts of data are shared across diverse communication systems, making cybersecurity a critical field of study. The increasing complexity of modern communication devices and infrastructures demands a multidisciplinary approach to security engineering. This course aims to equip students with the necessary skills to become security experts, recognizing that security engineering is not a one-size-fits-all discipline but a practice that requires expertise tailored to different operational levels. Security must be designed, implemented, and managed at multiple layers, integrating technical, organizational, and strategic perspectives to protect information systems effectively.

The course begins by introducing fundamental cybersecurity concepts, emphasizing the importance of risk assessment and management. It then explores a comprehensive view of cybersecurity operations and management, covering aspects such as people management, Computer Security Incident Response Teams (CSIRT), system and physical asset management, technical security considerations, and incident response strategies. Finally, it addresses business continuity and recovery planning to highlight how organizations can maintain operations despite cybersecurity incidents.

Building upon these foundations, the course delves into the role of Large Language Models (LLMs) in cybersecurity assessment, examining how AI-driven tools can enhance security reports, streamline threat analysis, and support decision-making in security operations. A multilevel security approach will be explored, focusing on Physical-Layer Security (PLS). This includes the study of security primitives such as watermarking and jamming, which provide robust protection against eavesdroppers exploiting physical channel imperfections. The application of these techniques across different communication modalities—including radio frequency (RF), acoustic communications, and Optical Wireless communications (OWCs)—will be analyzed. Additionally, the course will examine electromagnetic emissions security and protocol security through a case study of the Host Identity Protocol (HIP), highlighting its role in securing modern communication networks.

The course will then turn to the security challenges of the Internet of Things (IoT), focusing on hybrid radio-optical wireless communication systems. A case study on medical ICT and Wireless Body Area Networks (WBANs) will illustrate the vulnerabilities and countermeasures in biomedical communication systems, including security concerns related to Bluetooth Low Energy (BLE) and defense strategies against Man-in-the-Middle (MitM) attacks.

Further, an introduction to hardware security will provide insights into trusted design practices in Field Programmable Gate Arrays (FPGAs), identifying potential threats such as hardware trojans and strategies for mitigating them. This segment will offer a crucial perspective on security at the hardware level, ensuring the integrity of embedded and computing systems.

Network security will also address core security concepts, network protection mechanisms, penetration testing, and secure protocol implementation. To understand how security vulnerabilities can be mitigated, a case study on the CAN bus, an essential component of automotive and industrial networks, will explore the security of communication protocols.

Adopting a multilevel perspective, this course aims to provide students with a comprehensive view of cybersecurity, bridging foundational principles with cutting-edge research topics and real-world applications. Through case studies, hands-on analysis, and discussions on emerging threats, students will gain a well-rounded understanding of security challenges and defense mechanisms in modern digital and cyber-physical environments.

Back