Archives

This paper investigates the use of gamification and game-based learning in the field of cybersecurity education. Due to their technical complexity and lack of coherence, traditional pedagogical methods, such as lectures, may fail to engage and inspire students especially from non-cyber backgrounds. To address this issue, we devised two distinct cybersecurity frameworks/games based on traditional Capture The Flag (CTF) competitions; an open-ended CTF event and a story-based CTF. Such games have demonstrated potential across multiple disciplines, including computer science, physics, mathematics, and engineering, as well as across multiple levels of study including undergraduate and postgraduate students. The positive feedback and significant increase in the interest to pursue a postgraduate course in cybersecurity, especially among non-cybersecurity students, attest to the success of this gamification strategy. As such, this paper provides valuable insights for enhancing the attractiveness and efficacy of cybersecurity education, thereby encouraging a broader spectrum of non-technical and non-cybersecurity students to pursue this crucial field.

Quantum computing is an emerging new area focused on technology consisting of quantum theory aspects such as electrons, sub-atomic particles, and other materials engineered using quantum mechanics. Through quantum mechanics, these computers can solve problems that classical computers deem too complex. Today the closest computing technology compared to quantum computers are supercomputers, but similarly to classical computers, supercomputers also have faults. With supercomputers, when a problem is deemed too complex, it is due to the classical machinery components within the computer, thus causing a halt in solving the task or problem. In contrast, these problems could be solved with a quantum computer due to the advancements in engineered materials based on quantum mechanics. Apart from the hardware that enables a quantum computer to function more intelligently, the software developed for these computers can also show tremendous improvements in certain aspects, such as cryptography. This research examines quantum computing from its origins and details how the computer runs, its faults and limitations, ways to protect from quantum computing attacks, and demonstrates what programming a quantum computer would entail.

In modern vehicles, radio frequency identification (RFID) key fobs, a form of remote keyless entry (RKE), play a pivotal role in vehicular security and functionality. The goal of this research is to implement and demonstrate radio-based cyberphysical attacks against identified vulnerabilities associated with RFID key fobs and provide insights on how to fortify security precautions against such attacks. Furthermore, this research reviews and acknowledges pre-existing security features that have been implemented to prevent the recurrence of these vulnerabilities. An additional goal of this research is to discover the security disparity between RFID tags and readers from vehicles manufactured in the early 2000s and vehicles from the mid-2010s or later.

It has been widely admitted by researchers and educators that hands-on activities are a core component in digital forensics education to help students gain practical skills that are needed in real-world forensic investigations. However, it is not clear in existing works about what kinds of hands-on activities are recommended to be integrated into a digital forensics course and how to design and develop them. In our teaching practice, hands-on activities for a digital forensics course are designed in three categories: 1) activities that assist students in learning how to use common digital forensics tools; 2) activities that help students gain in-depth understanding of the basic concepts and fundamental knowledge that are presented in class lectures; 3) activities that promote students the development of mindsets and data analytical skills that are needed for a digital forensic investigator. Various formats are employed to develop these hands-on exercises in different categories. The educational objectives and student learning outcomes map well to the CAE-CD (Centers of Academic Excellence - Cyber Defense) outcomes by completing their forensic knowledge units. In this paper, we share our idea and experience to design and implement such hands-on assignments in each category for meeting specific educational objectives. Sample exercises are briefly described to explain our idea in each category. Open source tools and data sets are introduced for references. Experiences, lessons, and sample feedback from students are discussed. Our results will provide a point of reference for those who teach digital forensics courses at a college or university, or are developing a digital forensic curriculum.

With the continued changes in the way businesses work, cyber-attack targets are in a constant state of flux between organizations, individuals, as well as various aspects of the supply chain of interconnected goods and services. As one of the 16 critical infrastructure sectors, the manufacturing sector is known for complex integrated Information Systems (ISs) that are incorporated heavily into production operations. Many of these ISs are procured and supported by third parties, also referred to as interconnected entities in the supply chain. Disruptions to manufacturing companies would not only have significant financial losses but would also have economic and safety impacts on society. The vulnerabilities of interconnected companies created inherited exploitations in other interconnected companies. Cybersecurity practices need to be further enhanced to understand supply chain cybersecurity posture and manage the risks from lower-tier interconnected entities up to the top-level dependent organization. This paper will provide an overview of the Theory of Cybersecurity Footprint to emphasize the relationship among interconnected entities and the cybersecurity effects one organization can have on another regardless of size. This paper provides a literature review on the manufacturing industry with a recommendation for future developmental research using the Delphi method with a panel of experts to develop an index to measure cybersecurity posture based on interconnected entities from lower tiers and establish index weights specifically for the manufacturing industry.

Boise State University's (BSU) Cyber Operations and Resilience CORe program was intentionally designed so that any student, especially non-traditional and non-technical students, with an interest in cybersecurity could have an education and training pathway to enter the cyber workforce. The CORe curriculum focuses on teaching students how to design, apply, and improve cybersecurity through the interaction of people, processes, and technology. CORe is a stackable curriculum with elective credit hours and options for various academic and industry certificates and certifications that enable students to customize their unique career pathway. The CORe program guides students to think about the system being managed, the risks presented, and the dynamic intersection of system elements when considering how to incorporate resilience frameworks in achieving a resilient system. By developing systems thinking, the students gain an understanding of the interdependencies interacting with the operational system. The CORe program encourages students to integrate cybersecurity knowledge with models and frameworks found in other academic disciplines through a unifying systems approach. CORe is designed around the realities of today's broad cyber landscape: that breaches will occur in any system over time and proactive design of resilience into systems to detect, respond, and recover in a timely and orderly manner is critical. Students are taught to think holistically about cybersecurity focusing on all system elements. CORe is not a traditional cybersecurity degree. CORe is distinguished by the non-traditional engineering, computer science approach to cybersecurity education with the singular focus on infusing resilience operations and transdisciplinary systems thinking principles throughout the curriculum.

Cyber attacks are a common feature of current news and many of them are the result of easy to avoid vulnerabilities in software. It is imperative that students graduating from an undergraduate Computer Science (CS) curriculum understand the consequences of vulnerable code. When developing lessons and assignments, it would be useful to have a sense of students' attitude toward cybersecurity and appreciation of the need to write secure code. This paper describes an analysis of the results of a survey of students in core CS courses at our large public university, in which students answer free response questions about what they find interesting and relevant about cybersecurity. The survey was conducted in Fall 2022 and repeated in Spring 2023 after cybersecurity interventions were introduced into several core CS courses. We performed a Natural Language Processing (NLP) analysis of the free response answers to determine the overarching themes in the responses. We found that the most prevalent topics students are interested in are cryptography and penetration testing, and did not change over the two semesters. In answer to the question about the relevance of studying cybersecurity, we found that as students progress through the curriculum, what students find relevant moves from protecting their personal data to its importance in job duties and writing secure programs. When developing lessons and assignments, it may be helpful to introduce cryptography or penetration testing to engage students. Also, students should be taught early and often about the relevance of cybersecurity in their future job duties.