skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: RADICL CTF: Low-Cost CTF Platform for Industrial Control Systems Education
To address the nationwide workforce shortage of skilled and educated cyber-informed engineers, we must develop low-cost and highly effective resources for industrial control systems education and training. College curricula in technology management, cybersecurity, and computer science aim to build students’ computational and adversarial thinking abilities but are often done only through theory and abstracted concepts [1]. To better a student’s understanding of industrial control system applications, post-secondary institutions can use gamification to increase student interest through an interactive, user-friendly, hands-on experience. RADICL CTF can provide post-secondary institutions with new opportunities for low-cost, guided exercises for industrial control system (ICS) education to help students master adversarial thinking. Based on an extension to picoCTF, RADICL CTF is a platform for students to design, implement and evaluate exercises that test their understanding of core concepts in industrial control systems cybersecurity, answering the need for more interactive education methods. The main contributions of this paper are the improvement of the cyber-security curriculum through extending the picoCTF platform to promote the gamification of industrial control system concepts with consideration to the Purdue Reference Architecture.  more » « less
Award ID(s):
2146269
PAR ID:
10409804
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Journal of The Colloquium for Information Systems Security Education
Volume:
10
Issue:
1
ISSN:
2641-4546
Page Range / eLocation ID:
10
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, ACM)
    We explore building a Kubernetes-powered, cloud-based cybersecurity education platform and framework named “EDURange Cloud”. It allows instructors to efficiently design and host their own cybersecurity competitions and exercises. The benefits of this system include enhanced security through isolated instances, cost-effective scaling that adjusts resources based on demand, and the agility to deploy or update challenges rapidly. Originally focused primarily on hosting Capture The Flag (CTF) competitions, the scope of EDURange Cloud will include support for cybersecurity demos and other educational exercises. This evolution will allow for a broader range of educational opportunities within the platform. EDURange Cloud was created as a distributed cloud alternative to the existing EDURange software \cite{Weiss2017Cybersecurity}, leveraging the power of Kubernetes to create an efficient and highly modular cybersecurity education framework. In addition to providing better load balancing and achievement tracking, EDURange Cloud extends the existing project by enabling full GUI desktop environments that are also much more easily customizable compared to command-line restricted exercises. The continued development of this platform could provide a new format for a wide range of hands-on exercises, going beyond just cybersecurity. 
    more » « less
  2. (, Journal on Cybersecurity Education, Research and Practice)
    Gamification in education presents a number of benefits that can theoretically facilitate higher engagement and motivation among students when learning complex, technical concepts. As an innovative, high-potential educational tool, many educators and researchers are attempting to implement more effective gamification into undergraduate coursework. Cyber Security Operations (CSO) education is no exception. CSO education traditionally requires comprehension of complex concepts requiring a high level of technical and abstract thinking. By properly applying gamification to complex CSO concepts, engagement in students should see an increase. While an increase is expected, no comprehensive study of CSO gamification applications (GA) has yet been undertaken to fully synthesize the use and outcomes of existing implementations. To better understand and explore gamification in CSO education, a deeper analysis of current gamification applications is needed. This research outlines and conducts a methodical, comprehensive literature review using the Systematic Mapping Study process to identify implemented and evaluated GAs in undergraduate CSO education. This research serves as both a comprehensive repository and synthesis of existing GAs in cybersecurity, and as a starting point for further CSO GA research. With such a review, future studies can be undertaken to better understand CSO GAs. A total of 74 papers were discovered which evaluated GAs undergraduate CSO education, through literature published between 2007 and June 2022. Some publications discussed multiple GAs, resulting in a total of 80 undergraduate CSO GAs listing at https://bit.ly/3S260GS. The study outlines each GA identified and provides a short overview of each GA. It also provides a summary of engagement-level characteristics currently exhibited in existing CSO education GAs and discusses common themes and findings discovered in the course of the study. 
    more » « less
  3. (, Colloquium for Information Systems Security Education (CISSE))
    Gamification presents potential benefits in courses that traditionally require the comprehension of complex concepts and a high level of technical and abstract thinking. Courses in Cyber Security Operations (CSO) undergraduate education meet these criterion. This research evaluates organizational constructs that have been applied to gamification applications (GAs) in CSO education. It utilizes framing theory and frame-reflective discourse analysis to outline frames based on engagement levels and analyzes the current distribution of GAs. The following organizational constructs for GAs in data structures and algorithms education apply to CSO education: Enhanced Examination (EE), Visualization of Abstract Ideas (VAI), Dynamic Gamification (DG), Social and Collaborative Engagement (SGE), and Collaborative Gamification Development (CGD). Three additional frames are identified: Missions and Quests (MQ), Simulations (Sim) and Aspirational Learning (AL). MQ GAs have process-driven quests, stories, and/or descriptive scenarios to augment engagement. Sim GAs use environmental immersion to demonstrate real world problem solving while allowing freedom of movement. AL GAs use goal-based designs like Capture The Flag (CTF) missions to enhance engagement. Twenty-seven existing CSO GAs fit within the MQ frame as CSO education lends itself well to these types of experiences. Seventeen CSO GAs fall within the AL GA frame, many of these manifesting as CTF missions. Seventeen CSO GAs fit in the EE Frame due to their optimization in the analysis of learning progress. Nine Sim GAs were successfully deployed in CSO education, followed by 4 VAI, 3 SGE, and 3 DG GAs. 
    more » « less
  4. ; ; ; ; ; ; (, frontiers in education)
    Despite the documented need to train and educate more cybersecurity professionals, we have little rigorous evidence to inform educators on effective ways to engage, educate, or retain cybersecurity students. To begin addressing this gap in our knowledge, we are conducting a series of think-aloud interviews with cybersecurity students to study how students reason about core cybersecurity concepts. We have recruited these students from three diverse institutions: University of Maryland, Baltimore County, Prince George’s Community College, and Bowie State University. During these interviews, students grapple with security scenarios designed to probe student understanding of cybersecurity, especially adversarial thinking. We are analyzing student statements using a structured qualitative method, novice-led paired thematic analysis, to document student misconceptions and problematic reasonings. We intend to use these findings to develop Cybersecurity Assessment Tools that can help us assess the effectiveness of pedagogies. These findings can also inform the development of curricula, learning exercises, and other educational materials and policies. 
    more » « less
  5. ; ; ; ; ; ; ; (, Proc. of The 48th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024))
    This paper presents an innovative approach to DevOps security education, addressing the dynamic landscape of cybersecurity threats. We propose a student-centered learning methodology by developing comprehensive hands-on learning modules. Specifically, we introduce labware modules designed to automate static security analysis, empowering learners to identify known vulnerabilities efficiently. These modules offer a structured learning experience with pre-lab, hands-on, and post-lab sections, guiding students through DevOps concepts and security challenges. In this paper, we introduce hands-on learning modules that familiarize students with recognizing known security flaws through the application of Git Hooks. Through practical exercises with real-world code examples containing security flaws, students gain proficiency in detecting vulnerabilities using relevant tools. Initial evaluations conducted across educational institutions indicate that these hands-on modules foster student interest in software security and cybersecurity and equip them with practical skills to address DevOps security vulnerabilities. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email