Cybersecurity + Liberal Arts Workshop Xenia Mountrouidou (Dr. X)

Outline Motivation Cybersecurity & Liberal Arts Cyber Paths GENI

Motivation: Cybersecurity Education Challenges Cybersecurity: fast paced, changing field Predominantly undergraduate institutions have limited resources Experiential learning in cybersecurity requires large investments

Cybersecurity Education: Solutions General education can feed diverse cohorts to the cybersecurity profession Cloud computing infrastructures can be instrumental

Broadening the Path to the STEM Profession through Cybersecurity Learning

Cybersecurity Paths General education – Discover Intro to cybersecurity – Understand Cybersecurity courses & capstone – Apply

Liberal Arts Education: Gen Ed Definition: a program of education (as in some liberal-arts colleges and secondary schools) intended to develop students as personalities rather than trained specialists and to transmit a common cultural heritage — compare liberal education.

General Education & Cybersecurity Aesthetic and interpretive understanding; Hacker = Aesthete (Brian Harvey, UC Berkley), CITA @ CofC Culture and belief Empirical reasoning; Security Assessment, Pen Test Ethical reasoning; Ethics vs Aesthetics Science of living systems; Science of the physical universe; Societies of the world; and The United States in the world.  ``computer hacker,'' is someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. http://harvardmagazine.com/2007/03/general-education-finall.html

Cybersecurity & Liberal Arts

Standalone Module Type Topics PUI/LIA Curriculum Legal issues in CySec Case study, essay, discussion HIPPA/FERPA, Computer Security Act, Laws and Authorities, US Patriot Act Political Science International Studies Social Science Management Strategic Plan and Management, Business Continuity / Disaster Recovery Economics Leadership Social Science Human Factors Case study, essay, discussion, hands on exercise Privacy, Passwords, Usable Security Humanities Social Science Attacks and Defense GENI experiment IDS, Traffic, Log Analysis, performance Technology Cryptography Hands on exercise Cryptograms, ciphers, encryption, decryption Network components and traffic Traffic and performance analysis, protocol introduction

CofC Gen Ed FYE: First Year Experience Writing Foreign Language History Humanities Mathematics & Logic Natural Science Social Sciences

FYE: First Year Experience – Chasing Ghosts in the Wires Basic Command Line Cyber Defense Cyber Threats Fundamental Security Design Principles Intro to Cryptography IA Fundamentals IT System Components

Denial of Service Lab for non-CS Majors Pre-installed topology ping - verification Iperf - performance Hping3 - DoS Hypothesis testing Experiments on GENI GENI: Virtual laboratory for networking and distributed systems research and education

What is GENI? (a sneak preview) Obtain compute resources from locations around the United States; Connect compute resources using Layer 2 networks in topologies best suited to their experiments; Install custom software or even custom operating systems on these compute resources; Control how network switches in their experiment handle traffic flows; Run their own Layer 3 and above protocols by installing protocol software in their compute resources and by providing flow controllers for their switches.

GENI and Gen Ed Wofford College of Charleston Computational Science Gen Ed 15 students Mandatory for Lab requirement College of Charleston FYE 20 students Mandatory for first year students gen ed

Pilot Survey Conducted at Wofford College. Cohort: 15 students – 2 computer science declared majors Self-assessment of CS knowledge: 40% novice; 40% intermediate; 20% advanced Pilot Questionnaire: I have a better understanding of CS. I understand how information is transmitted through the internet. I understand the basics of computer attacks and computer network attacks. I understand how computer and network attacks can harm me and my organization. I am considering to take another CS course.

Results

Comments Q: What did you like best about the GENI lab and why? I liked the opportunity to take part in a live experiment with real computers. Doing to the denial of service attack was really cool. I liked that we did a real world issue in a safe and controlled environment. Working with terminal and the command line It was cool to see how flooding a computer actually works rather than it just happens. I liked how we were able to simulate a real attack. This really puts it into prospective on how hackers can do this to anyone.

Comments Q: What did you like least about the GENI lab. I did not like how repetitive it was, and how some things took a very long time to do. I think that my least favorite thing about GENI was trying to get GENI to work. The GENI infrastructure seemed to be unstable and difficult to work with at times. It's also hard to have a complete understanding of how to perform the lab without already having an understanding in computer science.

Preliminary results - FYE Lab 20 students – 6 computer science declared majors Pre & Post Survey Demographic questions Perception Class Focus Group – 4 students

Preliminary Results

Cybersecurity courses & GENI Intrusion Detection Systems Digital Certificate Advanced topics

Intrusion Detection Systems and Mitigation Goals: Install Snort IDS on monitor machine Duplicate all traffic to monitor Create a custom alert for Snort IDS Use mitigation script Drop malicious traffic Send Spoofed SYN Send SYN-ACK Resend SYN-ACK Attacker Server Spoofed Client

Digital Certificate Create a certificate authority Validate & revoke certificate Understand OpenSSL

Advanced Topics Covert Channel Communication Manipulate TCP flags to send exfiltrated passwords Analyze traffic using information theory Software Defined Networking (SDN) solutions for security Use SDN flow tables to identify attacker Use network programmability to drop malicious traffic

Conclusions With cybersecurity in liberal arts we produce better citizens in our graduates Cybersecurity labs + cloud infrastructure = experiential learning with low overhead Cybersecurity belongs to the liberal arts

Questions? Thank you!

Please take the survey to help us improve this workshop goo.gl/i6787a

appendix

Paths to Cybersecurity Education Cohort A CySec Module Cohort B CySec Course Cohort C.1 CySec Capstone Cohort C.2 CS Major or CS Minor

Political Science General Education Module International Conflict Stuxnet Denial of Service International Conflict Stuxnet Denial of Service as a weapon Goals: Gain an appreciation about attacks and cyberwar Research about international laws and policies

Finance General Education Module Gordon Loeb Model