Cybersecurity is concerned with the security and integrity of all the interconnected electronic devices that form our current modern life, from large companies to individuals.
Critical installations including servers, industrial automation, nuclear power stations, cloud computing facilities, and even the basic infrastructure of the internet itself are under constant attack.
Stories of companies being harassed by viruses and malware are frequent; huge amounts of money can easily be stolen, and valuable infrastructure pirated in a few seconds. Often this requires virtually no investment or risk on the part of attackers, which range from individuals to hostile state-sponsored agencies.
Closer to home, everyone now uses smartphones and computers, but we are also using more and more communicating "smart" objects in our everyday lives. Connected to the internet, these essentially render the concrete walls of our homes and businesses as transparent and fragile as glass; every citizen's privacy and way of life is at stake.
The internet culture of rapid development and innovation encourages us (indeed, virtually forces us) to release products and systems that prioritise functionality over safety. We rush to meet new needs and markets, without the time and resources required to ensure that products are safe against current attacks, let alone future hacking techniques and threat scenarios.
Reaching a universal state of security seems impossible, but the problems of security are universal: using your laptop and protecting your own data; enabling and protecting internet access; ensuring the privacy and integrity of communications between individuals and businesses; indeed, even simply ensuring that we are connecting to the service that we think we are, and not a hostile impostor. The technical solutions to these problems involve the methods of modern cryptography.
While the fundamental notions of security (including concepts like 'protection', access restrictions, establishing and verifying identities, and managing and transmitting authority) are common across all sorts of contexts, the reality is that there is no unique way to set up or use connected systems. The simplicity of our expectations as users and designers is confounded by the ultimate complexity and diversity of computer, network, and data architectures. This dialogue between the absolutes of security and the diversity of everyday experiences is at the heart of cybersecurity research and practice.
The Cybersecurity: Threats and Defenses program is based on the École Polytechnique's trademark interdisciplinary approach, and provides you with necessary expertise in all aspects of cybersecurity -- be it hardware or software. It is a complete program for future experts in computer security, and for all activities in which protecting data or privacy is essential. Adapting to new threats and finding new defenses will be your day-to-day challenge.
There is a large gamut of jobs in cybersecurity. For a small list: security auditor, controller or evaluator; security architect; secure systems developer; penetration test expert; security consultant; information system security manager.
The first part is concerned with building a common technical background for cybersecurity; adding security to this will be the task of the second period.
First period (mid-September to mid-December)
Three mandatory courses (3x4 ECTS)
INF557: From the Internet to the IoT: The Fundamentals of Modern Computer Networking
INF558: Introduction to Cryptology
INF559: A Programmer's Introduction to Computer Architectures and Operating Systems
One elective course to be chosen among (4 ECTS):
INF553: Database Management Systems
INF554: Machine learning I
Second period (January to March)
Three mandatory courses:
INF568: Advanced Cryptology
INF565: Information Systems Security
INF586: Network Security
Alternatively, 1 or 2 courses from among:
INF563: Introduction to Information Theory
Third period (March to June/August)
Research project or company internship (INF591) 19 ECTS