An official website of the United States government
To address the nationwide workforce shortage of skilled and educated cyber-informed engineers, we must develop low-cost and highly effective resources for industrial control systems education and training. College curricula in technology management, cybersecurity, and computer science aim to build students’ computational and adversarial thinking abilities but are often done only through theory and abstracted concepts [1]. To better a student’s understanding of industrial control system applications, post-secondary institutions can use gamification to increase student interest through an interactive, user-friendly, hands-on experience. RADICL CTF can provide post-secondary institutions with new opportunities for low-cost, guided exercises for industrial control system (ICS) education to help students master adversarial thinking. Based on an extension to picoCTF, RADICL CTF is a platform for students to design, implement and evaluate exercises that test their understanding of core concepts in industrial control systems cybersecurity, answering the need for more interactive education methods. The main contributions of this paper are the improvement of the cyber-security curriculum through extending the picoCTF platform to promote the gamification of industrial control system concepts with consideration to the Purdue Reference Architecture.
more »
« less
BEACON Labs: Designing Hands-on Lab Modules with Adversarial Thinking for Cybersecurity Education
Cybersecurity is an interdisciplinary field that is concerned with protecting digital assets from cyber-attacks aiming to illegally access sensitive information in order to tamper and disrupt systems and processes. Producing cybersecurity materials that are vertically-aligned is highly desired, given the shortage of cybersecurity educators and the dynamic and evolving nature of cybersecurity. More specifically, universities must do more to help fill the huge cybersecurity workforce shortage and address the lack of materials centered around adversarial thinking. In this paper, we propose a four-step process to turn a recent cybersecurity paper into a hands-on lab that utilizes game theory to promote adversarial thinking and show a case study where this process was used. The four-step process explains how papers are chosen, their research replicated, the production of lab materials, and complementary materials for students to work from. The case study demonstrates this process in practice and explains how game theory is incorporated into the lab.
more »
« less
- Award ID(s):
- 2037658
- PAR ID:
- 10410731
- Date Published:
- Journal Name:
- Journal of the Colloquium for Information System Security Education
- Volume:
- 10
- ISSN:
- 2641-4554
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Attarwala, Abbas (Ed.)Adversarial Thinking (AT) is essential in cybersecurity and computing, promoting strategic thinking and problem-solving by anticipating worst-case scenarios. However, embedding AT in early computing education, especially during the first two years of college, remains underexplored. Introductory programming courses, such as CS 0, lay the groundwork for computational thinking and advanced studies while preparing students for courses like CS 1 and CS 2. Implementing such curricula in resource-limited community colleges, which serve diverse students aiming for workforce entry or transfer to four-year programs, poses unique challenges. Enhancing AT skills among these students provides a competitive edge in the job market and a strong foundation for further studies. This paper explores the integration of AT into CS 0 courses at community colleges, identifying key characteristics and fostering a sense of belonging critical for AT development. The findings offer actionable insights for educators to better prepare students for computing careers and address broader cybersecurity demands.more » « less
-
Hands-on practice is a critical component of cybersecurity education. Most of the existing hands-on exercises or labs materials are usually managed in a problem-centric fashion, while it lacks a coherent way to manage existing labs and provide productive lab exercising plans for cybersecurity learners. With the advantages of big data and natural language processing (NLP) technologies, constructing a large knowledge graph and mining concepts from unstructured text becomes possible, which motivated us to construct a machine learning based lab exercising plan for cybersecurity education. In the research presented by this paper, we have constructed a knowledge graph in the cybersecurity domain using NLP technologies including machine learning based word embedding and hyperlink-based concept mining. We then utilized the knowledge graph during the regular learning process based on the following approaches: 1. We constructed a web-based front-end to visualize the knowledge graph, which allows students to browse and search cybersecurity-related concepts and the corresponding interdependence relations; 2. We created a personalized knowledge graph for each student based on their learning progress and status; 3.We built a personalized lab recommendation system by suggesting more relevant labs based on students’ past learning history to maximize their learning outcomes. To measure the effectiveness of the proposed solution, we have conducted a use case study and collected survey data from a graduate-level cybersecurity class. Our study shows that, by leveraging the knowledge graph for the cybersecurity area study, students tend to benefit more and show more interests in cybersecurity area.more » « less
-
This paper presents a systematic approach to designing digital forensics instructional materials to address the severe shortage of active learning materials in the digital forensics community. The materials include real-world scenario-based case studies, hands-on problem-driven labs for each case study, and an integrated forensic investigation environment. In this paper, we first clarify some fundamental concepts related to digital forensics, such as digital forensic artifacts, artifact generators, and evidence. We then re-categorize knowledge units of digital forensics based on the artifact generators for measuring the coverage of learning outcomes and topics. Finally, we utilize a real-world cybercrime scenario to demonstrate how knowledge units, digital forensics topics, concepts, artifacts, and investigation tools can be infused into each lab through active learning. The repository of the instructional materials is publicly available on GitHub. It has gained nearly 600 stars and 22k views within several months. Index Termsmore » « less
-
Despite the documented need to train and educate more cybersecurity professionals, we have little rigorous evidence to inform educators on effective ways to engage, educate, or retain cybersecurity students. To begin addressing this gap in our knowledge, we are conducting a series of think-aloud interviews with cybersecurity students to study how students reason about core cybersecurity concepts. We have recruited these students from three diverse institutions: University of Maryland, Baltimore County, Prince George’s Community College, and Bowie State University. During these interviews, students grapple with security scenarios designed to probe student understanding of cybersecurity, especially adversarial thinking. We are analyzing student statements using a structured qualitative method, novice-led paired thematic analysis, to document student misconceptions and problematic reasonings. We intend to use these findings to develop Cybersecurity Assessment Tools that can help us assess the effectiveness of pedagogies. These findings can also inform the development of curricula, learning exercises, and other educational materials and policies.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.53735/cisse.v10i1.157
