Saturday, October 20th Room KC 400
|8:45 am||Welcome - Mike Whitman, Ph.D., Executive Director, KSU Center for Information Security Education|
|9:00 - 10:20 am||Keynote Presentation - Davina Pruitt-Mentle, Ph.D., Lead for Academic Engagement, National Initiative for Cybersecurity Education (NICE)|
|12:20 - 1:00 pm||Lunch|
|2:30 - 5:00 pm||Faculty Development Workshop|
|Saturday, October 20th|
Ariana Brown, North Carolina A&T State University
10:30 AM - 10:55 AM
According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) tool that asks students to perform an ARP Spoofing Attack by manually creating ARP reply packets. It was demonstrated in previous research that both tools enhanced students’ learning.
In this paper, we are going to scientifically evaluate and compare the effectiveness of these two tools. We divided the class of forty-five students randomly into two groups. Group A was assigned HGUI lab and the Group B was assigned the HandsOn lab. The labs were assigned as a one and half week homework assignments. Both groups were given a pre-survey and a pre-quiz before the lab. After they submitted the lab, we gave them a post-survey and a post quiz. The analysis shows that prior to the labs, students in both groups have almost identical background in the knowledge of ARP Spoofing. After the lab, both groups made statistically significant improvements. Although group A did better on survey and group B did better on quiz, it is not statistically significant enough to draw a definitive conclusion according to the student’s t-test result. Also, in analyzing survey results, we found that actively reading cyber security related articles is a more significant contributing factor in students’ knowledge in the subject matter than other factors including having formal training or taking cyber security classes.
Zhijian Xie, NC A&T State Unversity
10:55 AM - 11:20 AM
In most wireless channels, the signals propagate in all directions. For the communication between Alice and Bob, an Eavesdropper can receive the signals from both Alice and Bob as far as the Eavesdropper is in the range determined by the transmitting power. Through phased array antenna with beam tracking circuits or cooperative iteration, the signals are confined near the straight line connecting the positions of Alice and Bob, so it will largely reduce the valid placement of an Eavesdropper. Sometimes, this reduction can be prohibitive for Eavesdropper to wiretap the channel since the reduced space can be readily protected. Two course modules have been developed for students to understand signal propagation in physical layer and how it is used to enhance channel security along with natural and man-made noise.
Xiuli Qu, North Carolina A&T State University
11:30 AM - 11:55 AM
Organizations create a huge amount of sensitive and confidential data, which must be protected from unauthorized access or disclosure. Nowadays, most organizations store their business data in digital formats. With the increasing use of digital data, data breaches are more often and serious in recent years. Therefore, it is very important for next-generation engineers to be aware of the importance of information security, and be able to recognize vulnerabilities and threats to an information system and design user-friendly and effective security measures. To achieve it, two modules of information systems security, including lectures and in-class labs, were developed and taught in an undergraduate engineering course at North Carolina A&T State University. The learning objectives, teaching materials, and assessment outcomes of the two course modules are presented in this paper. Our survey results show that the course modules achieve the learning objectives and improve students’ interest in pursuing cybersecurity-related careers.
Keywords: Engineering Education, Database Security, Usable and Effective Security
Gretchen Richards, Jacksonville State University
11:55 AM - 12:20 PM
The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this critical need, we designed, developed and implemented ICS and ES security curriculum modules with pertinent hands-on laboratory exercises that can be freely adopted across the national setting. This paper describes in detail the modules and the accompanying exercises and proposes future enhancements and extensions to these pedagogical instruments. It highlights the interaction between control and embedded systems security with Presidential Policy Directive 8- the National Preparedness Plan (NPP), cyber risk management, incident handling. To establish the premise the laboratory exercises were developed. This paper outlines the description and content of the modules in the areas of (1) Industrial Control Systems (ICS) Security, (2) embedded systems (ES), and (3) guidelines, standards, and policy.
The ICS security modules cover the predominant ICS protocols, ladder logic programming, Human Machine Interface (HMI), defensive techniques, ICS reconnaissance, vulnerability assessment, Intrusion detection, and penetration testing. The ES security modules include topics such as secure firmware programming and authentication mechanisms. In the guidelines, standards, and policy section, the topics covered by the modules include the NPP as it relates to CI protection, risk management, system protection and policy design, and managing operations and controls. An overview of the various hands-on exercises that accompany the course modules is also presented. Further, to evaluate the effectiveness of the pedagogical materials, an initial evaluation was conducted and the survey data were collected, analyzed, and presented. The paper concludes with future enhancements and directives on opportunities for module extensions and course adoption.
1:00 PM - 1:25 PM
The purpose of this paper is to discuss a curriculum design that employs Kolb’s Experiential Learning Theory stages and Kolb’s Learning Styles in four consecutive class sessions. The challenge each class is to present students with perplexing and often frustrating network problems that someday might be encountered on the job. By using Kolb’s theory, students address those problems from the perspective of each learning style, while passing through each phase of the learning cycle. As a result, students gain stronger cognitive thinking skills and hands-on troubleshooting skills in preparation for work as network administrators or cybersecurity analysts.
wasim alhamdani, University of the Cumberlands
1:25 PM - 1:50 PM
A suggested curriculum for Secondary and Major Academic discipline in Cybersecurity Postsecondary Education is presented. This curriculum is developed base on the Association for Computing Machinery guidelines and the National Centers of Academic Excellence Cyber Operations program
2:00 PM - 2:25 PM
The purpose of this paper is to examine the outcomes of using a Learning Management System (LMS) course as a framework for mapping the Centers of Academic Excellence in Cyber Defense (CAE-CD) 2019 Knowledge Units (KU) to college courses. The experience shared herein will be useful to faculty who are interested in performing the mapping and applying for CAE-CDE designation.