Cybersecurity Capabilities in a Critical Infrastructure Sector of a Developing Nation

Catota Quintana, Frankie

01 December 2016

When information technology is incorporated into the operations of financial critical infrastructure, it brings with it a range of cyber risks, and mitigating them requires that firms and regulators develop capabilities to foster protection. The sophistication of cyber threats to the financial sector has been growing rapidly. Developed nations have worked hard to improve their knowledge of these threats and establish strategies to respond accordingly. However, in developing nations, both the understanding of the risks posed by cyber threats and the ability to address those risks have been slower to evolve. Developing the needed cybersecurity capabilities in developing countries encounter challenges that need to be identified and addressed. In order to begin to do that, this thesis reports on three studies conducted in the context of Ecuador. The first study identifies and assesses incident experiences, challenges, barriers, and desired actions reported by financial security managers with the objective of identifying strategies to enhance incident response capabilities. The second study begins with the security incidents reported by the Ecuadorian financial stakeholders during the first study and assesses the potential effectiveness of the government policy that is intended to address IT risk in the financial sector. The third study explores the challenges that universities face in order to provide cybersecurity instruction to protect critical infrastructure and explores potential strategies to advance cybersecurity education at the university level. In support of this work we collected data from national practitioners involved in responding to security incidents and in developing cybersecurity skills. Sixty-one in-depth, semi-structured interviews across five cities were conducted (95% in person, the rest by telephone) with respondents who had good knowledge in the subjects. Respondents come mainly from: the financial sector (CISOs, risk and IT managers, security chiefs, security officers, authorities); telecommunications sector, especially ISPs (managers, directors, engineers, authorities); and academia (deans, directors, professors). We transcribed all the interviews, coded them and conducted qualitative text analysis. This research finds that (1) the financial sector is already facing risks driven by outsiders and insiders that lead to fraud and operational errors and failures. The main barriers to improving protection are small team size, network visibility, inadequate internal coordination, technology updating, lack of training, and lack of awareness. The sector has little community support to respond to incidents, and the national legal framework has not supported appropriate prosecution of cyber criminals; (2) the national IT risk management policy has reasonably covered most countermeasures related to reported security incidents. There are however, several areas of gap, one of the most important is network security, which can enable sophisticated malware attacks; (3) today the level of cybersecurity education is mostly elementary in Ecuador. Academic interviewees at only four of the thirteen universities studied expressed confidence that they can provide students with reasonable preparation. Ecuador needs to design a national cybersecurity plan that prioritizes protection for critical infrastructure and should support strategies that allow the country to enhance cybersecurity capabilities. Properly designed these initiatives should allow the nation to develop a core structure to confront current and emergent cyber challenges in the financial sector and other critical national operations, and build the human resources necessary to continue that effort.

capacity building

cybersecurity capabilities

cybersecurity education

cybersecurity policy

developing nations

incident response

Cybersecurity Management System: Defense and Response

Huang, Chenxiang

19 January 2023

Cybersecurity attacks such as phishing, malware, and ransomware have become a major concern in recent years, with many individuals and organizations suffering financial losses as a result. Most people are unaware of the different types of cybersecurity attacks and have not seen examples of them. To address this problem, we developed the Cybersecurity Management System: Defense and Response (CMSDR) cloud software application. It provides both the "Defense" and "Response" to cybersecurity attacks, with educational materials and examples to help users learn about different types of cybersecurity attacks, and a computer-aided reporting and notification system to help organizations respond to ongoing incidents. CMSDR is a universal application that can be used on any platform with a web browser. Any company or organization can effectively run CMSDR on their own server computer for cybersecurity defense and response. / Master of Science / Cybersecurity has become a major concern in recent years as many individuals and organizations have suffered financially from cybersecurity attacks like phishing, malware, and ransomware. This thesis seeks to provide a solution to the emerging number of cybersecurity breaches by introducing Cybersecurity Management System: Defense and Response (CMSDR) cloud software application that features "Defense" and "Response" to cybersecurity attacks. For "Defense", it aims to guide the users of the common types of cybersecurity attacks following the pedagogy "Learning by Examples" by providing cybersecurity examples to support the learning. For "Response", it aims to provide a system that features computer-aided reporting and notification of cybersecurity breaches in a company or organization. The software application is universally usable on any platform with a web browser. With the help of CMSDR, users receive proper education of the types of cybersecurity attacks to raise awareness. Organizations can report and notify ongoing cybersecurity breach incidents to their members easily and effectively.

Cloud software engineering

cybersecurity breach response

cybersecurity defense

cybersecurity education

cybersecurity management

Exploring Cyber Ranges in Cybersecurity Education

Beauchamp, Cheryl Lynn

01 April 2022

According to a report from McAfee, the global cost of cybercrime for 2020 was over one trillion dollars (Smith, Z. et al., 2020). Cybersecurity breaches and attacks have not only cost businesses and organizations millions of dollars but have also threatened national security and critical infrastructure. Examples include the Ransomware attack in May of 2021 on the largest fuel pipeline in the United States and the February 2021 remote access system breach of a Florida water treatment facility which raised sodium hydroxide to a lethal level. Improving cybersecurity requires a skilled workforce with relevant knowledge and skills. Academic degree programs, boot camps, and various certification programs provide education and training to assist this need. Cyber ranges are a more recent development to provide hands-on skill training. These ranges, often virtual, provide a safe and accessible environment to improve practical skills and experience through hands-on application. They provide a training environment to identify threats, apply countermeasures, and secure data from risks separately from the organization's actual network. More and more academic programs utilize cyber ranges due to the perceived benefit of integrating them into their cybersecurity-related programs. Academic cyber ranges offer virtualized environments that support cybersecurity educators' needs to provide students with a safe, separated, and engaging environment. The purpose of my research has two components: 1) to understand who the educators are using academic-facing cyber ranges and how they are using them to support their cybersecurity education efforts, and 2) to understand how cybersecurity educators and students are motivated by using them. Specifically, my research is comprised of three manuscripts: (1) a mixed-method exploratory study of who are the educators using cyber ranges for cybersecurity education and how they are using them to create significant cybersecurity learning experiences, (2) a mixed-method study exploring the motivation of educators using a cyber range for cybersecurity education, and (3) a mixed-method study exploring student motivation participating in cybersecurity CTF competitions. The three manuscripts contribute to understanding cyber ranges in cybersecurity education. The results from my research provided insight from the users of these cyber ranges, cybersecurity educators and students. Results from my first manuscript suggested that high school cybersecurity educators are the primary users. These educators have less formal cybersecurity education and experience compared to cybersecurity educators in higher education. The data also showed that cybersecurity educators primarily used cyber ranges for teaching and learning to meet learning goals and objectives. Results from my second manuscript suggested that educators were motivated mainly by the importance of using a cyber range for cybersecurity education and for the interest-enjoyment their students experience from cyber range usage. Educators found using the cyber range made their class more engaging and relevant to their students.These educators were also confident they could use a cyber range and learn how to use it. However, those without prior experience in cybersecurity or previous experience using a cyber range shared they needed instructor-facing resources, professional development opportunities, and time to learn. Results from my third manuscript suggested that students were motivated by the importance of participating in a cybersecurity CTF competition. Many reported that participating was useful for developing professional skills and readiness. Although CTF competitions were considered difficult and stressful, students did not consider the difficulty pejorative. Many shared that challenging CTFs contributed towards the enjoyment of participating, making them a rewarding and worthwhile experience. However, students also shared that academic and team support contributed towards their confidence in competing. In contrast, those who did not report confidence, stated they lacked a team strategy or support from their academic institution. Additionally, they did not know what to expect to prepare before the competition event. Overall, the results of this dissertation highlight the importance of prior preparation for educators and student CTF participants. For educators, this prior preparation includes curriculum supporting resources such as content mapping to learning objectives and professional development opportunities that do not assume any prior knowledge or experience. For students, prior preparation includes understanding what to expect and recommendations for academic and team support. / Doctor of Philosophy / The technology era has enabled a global connectedness to attend conferences and meetings via our laptop computers while working from home. The proliferation of smart devices has also provided a means to view and communicate with visitors who ring our smart doorbells while we are not home. This interconnected network, i.e., the Internet, has altered how we pay our bills, buy our groceries, and attend classes virtually. It has also enabled cyber attacks and breaches that have contributed to identity thefts, increasing financial costs, business collapses, job losses, and even threatened national security. A cybersecurity workforce has become increasingly vital to address the need for improving cybersecurity. Thus, there is a need for academic cybersecurity programs to prepare future professionals to fill this national workforce shortfall. Consequently, more and more organizations have integrated cyber ranges as the means to provide a simulated environment for applying and developing cybersecurity-related knowledge and skills. Similar to a driving range for a golfer to practice their golf swing or a shooting range for those in law enforcement to earn their firearms qualifications, a cyber range supports efforts to provide cybersecurity training with hands-on exercises and labs to practice skills in a safe, virtual environment. My research contributes to understanding who uses cyber ranges and how they are motivated to use them for cybersecurity education. The first purpose of my research was to understand the educators who were using cyber ranges and how they were using them for cybersecurity education. More specifically, I examined their usage for alignment with a learning taxonomy to verify the usage contributed to successful and significant student learning. This understanding contributed to my research's second purpose, which explored how educators were motivated using cyber ranges. The third purpose of my study explored student motivation using a cyber range. Due to varying cyber range resources and activities, my research focused on the cybersecurity competition activity, Capture the Flag (CTF). This study provided an understanding of how students who participated in a cybersecurity CTF competition were motivated. My research demonstrates that educators and students are interested in using cyber ranges and believe using them for cybersecurity education and professional readiness is important. However, both educators and students who lack prior knowledge or experience using a cyber range or participating in a CTF shared the concern of not knowing what they do not know. PD time and instructor-facing resources that do not assume any prior cybersecurity knowledge were recommended to support educators who did not have a background or experience in cybersecurity. Students shared that although not knowing was stressful and made participating difficult, the difficulty and stress were good attributes because if the CTF were easy, it wouldn't be worth their time and would be less rewarding. Students also reported that team strategies and academic support were motivational aspects of CTF participation. Overall, educators and students were motivated using cyber ranges for cybersecurity education, but professional development and preparation resources would contribute positively to their usage.

cybersecurity education

cyber ranges

significant learning experiences

cybersecurity CTF competition

MAnanA: A Generalized Heuristic Scoring Approach for Concept Map Analysis as Applied to Cybersecurity Education

Blake Gatto, Sharon Elizabeth

06 August 2018

Concept Maps (CMs) are considered a well-known pedagogy technique in creating curriculum, educating, teaching, and learning. Determining comprehension of concepts result from comparisons of candidate CMs against a master CM, and evaluate "goodness". Past techniques for comparing CMs have revolved around the creation of a subjective rubric. We propose a novel CM scoring scheme called MAnanA based on a Fuzzy Similarity Scaling (FSS) score to vastly remove the subjectivity of the rubrics in the process of grading a CM. We evaluate our framework against a predefined rubric and test it with CM data collected from the Introduction to Computer Security course at the University of New Orleans (UNO), and found that the scores obtained via MAnanA captured the trend that we observed from the rubric via peak matching. Based on our evaluation, we believe that our framework can be used to objectify CM analysis.

Cybersecurity Education

Concept Map Analysis

Fuzzy Set Theory and Logic

Heuristic Scoring

Membership Function

Artificial Intelligence and Robotics

Information Security

Theory and Algorithms

DEVELOPING TRAINING MATERIALS TO SUPPLEMENT THE INDIANA CYBERSECURITY SCORECARD

Madison Renae Thomas (11226636)

20 July 2022

<p> Cybersecurity is an important aspect of all businesses as well as the public sector. As information technology becomes more interconnected with our everyday lives, it opens more opportunities for network vulnerabilities and therefore more breach opportunities. Previous work within the State of Indiana has produced a cybersecurity scorecard but leaves those using the scorecard with no way to improve their scores. This research is conducted to help Indiana counties improve their cybersecurity practices with a limited budget. As well, this research and implementation guide will be accessible in a way that any employee at the county level, despite their cybersecurity knowledge, will have a solid foundation on where to begin to improve their score. The goal of this study is to develop a framework that identifies the weaknesses in an Indiana county's response to the Cybersecurity Scorecard and provides resources to improve their scores. The framework should identify the specific issues and give definitions or resources for the counties to use to improve their score. </p>

cybersecurity

information technology

cybersecurity education

computer science education

training

computer science training

cybersecurity training

Study of Cybersecurity Awareness Enhancement through Mobile Applications for High School Students

Bandreddi, Jyothi Priyanka

January 2020

No description available.

Curriculum Development

Education

Computer Engineering

cybersecurity education

security mindset

smartphone apps

mobile education

curriculum

high school

phishing

cyber safe practices

A Study on inculcating cyber awareness among undergraduate students by introducing interactive visualization-based cybersecurity modules into STEM education.

Jyothirmai, Kothakapu

January 2021

No description available.

Curriculum Development

Curricula

Computer Science

Computer Engineering

Cybersecurity Education in Utah High Schools: An Analysis and Strategy for Teacher Adoption

Cornel, Cariana June

01 August 2019

The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In 2017, a meeting was proposed to discuss cybersecurity training methods for Utah high school teachers. Meeting attendees included the researcher, Brigham Young University Cybersecurity Professor, Dale Rowe, the Alpine IT Career and Technology Engineering (CTE) Program Area Specialist, Karsten Walker, and the IT Education specialist for the Utah State Board of Education (USBE), Brandon Jacobson. However, due to limited budget, resources, and time, few results were achieved since the meeting, including a cybersecurity class certification and offering of advanced cybersecurity related courses on UEN’s WebEx Platform (Alpine District only).However, due to limited budget, resources, and time, few results were achieved since the meeting, including a cybersecurity class certification and offering of advanced cybersecurity related courses on UEN’s WebEx Platform (Alpine District only).The research shows that of the 9 school districts reviewed, only 2 of the public high schools taught cybersecurity-focused courses as outlined by the Utah State Board of Education. This is a scarcity that cannot be ignored. There are insufficient offerings of cybersecurity courses in Utah high schools. As a result, Utah is one of the many states unable to fill the shortage of cybersecurity professionals. Thus, this research was conducted to better understand what is inhibiting potential teachers from offering a cybersecurity-focused course. In the hopes of answering the mentioned query, the research involved surveying high school computer teachers about their experience, as well as their perspective on teaching cybersecurity.

Utah

High Schools

Teacher

Secondary Education

Utah State Board of Education

Public schools

Cybersecurity Education

CTE

STEM

Cybersecurity

Education

Engineering

Information Security

Practice-Oriented Cybersecurity Training Framework

Podila, Laxmi Mounika

January 2020

No description available.

Academic Guidance Counseling

Computer Engineering

Computer Science

Curriculum Development

Education

An Image-based ML Approach for Wi-Fi Intrusion Detection System and Education Modules for Security and Privacy in ML

Rayed Suhail Ahmad (18476697)

02 May 2024

<p dir="ltr">The research work presented in this thesis focuses on two highly important topics in the modern age. The first topic of research is the development of various image-based Network Intrusion Detection Systems (NIDSs) and performing a comprehensive analysis of their performance. Wi-Fi networks have become ubiquitous in enterprise and home networks which creates opportunities for attackers to target the networks. These attackers exploit various vulnerabilities in Wi-Fi networks to gain unauthorized access to a network or extract data from end users' devices. The deployment of an NIDS helps detect these attacks before they can cause any significant damages to the network's functionalities or security. Within the scope of our research, we provide a comparative analysis of various deep learning (DL)-based NIDSs that utilize various imaging techniques to detect anomalous traffic in a Wi-Fi network. The second topic in this thesis is the development of learning modules for security and privacy in Machine Learning (ML). The increasing integration of ML in various domains raises concerns about its security and privacy. In order to effectively address such concerns, students learning about the basics of ML need to be made aware of the steps that are taken to develop robust and secure ML-based systems. As part of this, we introduce a set of hands-on learning modules designed to educate students on the importance of security and privacy in ML. The modules provide a theoretical learning experience through presentations and practical experience using Python Notebooks. The modules are developed in a manner that allows students to easily absorb the concepts regarding privacy and security of ML models and implement it in real-life scenarios. The efficacy of this process will be obtained from the results of the surveys conducted before and after providing the learning modules. Positive results from the survey will demonstrate the learning modules were effective in imparting knowledge to the students and the need to incorporate security and privacy concepts in introductory ML courses.</p>

Data and information privacy

Data security and protection

System and network security

Adversarial machine learning

Deep learning

adversarial machine learning (AdvML)

Adversarial Machine Learning

Privacy Preserving Machine Learning

PPML

AML

Cyber Security

AWID

AWID3

Cybersecurity Education

Intrusion Detection

Wi-Fi Networks

Deep Learning

Wireless Intrusion Detection

Security and Privacy