Cybersecurity: mapping the ethical terrain

This edited collection examines the ethical trade-offs involved in cybersecurity: between security and privacy; individual rights and the good of a society; and between the types of burdens placed on particular groups in order to protect others. Foreword Governments and society are increasingly reliant on cyber systems. Yet the more reliant we are upon cyber systems, the more vulnerable we are to serious harm should these systems be attacked or used in an attack. This problem of reliance and vulnerability is driving a concern with securing cyberspace. For example, a ‘cybersecurity’ team now forms part of the US Secret Service. Its job is to respond to cyber-attacks in specific environments such as elevators in a building that hosts politically vulnerable individuals, for example, state representatives. Cybersecurity aims to protect cyberinfrastructure from cyber-attacks; the concerning aspect of the threat from cyber-attack is the potential for serious harm that damage to cyber-infrastructure presents to resources and people. These types of threats to cybersecurity might simply target information and communication systems: a distributed denial of service (DDoS) attack on a government website does not harm a website in any direct way, but prevents its normal use by stifling the ability of users to connect to the site. Alternatively, cyber-attacks might disrupt physical devices or resources, such as the Stuxnet virus, which caused the malfunction and destruction of Iranian nuclear centrifuges. Cyber-attacks might also enhance activities that are enabled through cyberspace, such as the use of online media by extremists to recruit members and promote radicalisation. Cyber-attacks are diverse: as a result, cybersecurity requires a comparable diversity of approaches. Cyber-attacks can have powerful impacts on people’s lives, and so—in liberal democratic societies at least—governments have a duty to ensure cybersecurity in order to protect the inhabitants within their own jurisdiction and, arguably, the people of other nations. But, as recent events following the revelations of Edward Snowden have demonstrated, there is a risk that the governmental pursuit of cybersecurity might overstep the mark and subvert fundamental privacy rights. Popular comment on these episodes advocates transparency of government processes, yet given that cybersecurity risks represent major challenges to national security, it is unlikely that simple transparency will suffice. Managing the risks of cybersecurity involves trade-offs: between security and privacy; individual rights and the good of a society; and types of burdens placed on particular groups in order to protect others. These trade-offs are often ethical trade-offs, involving questions of how we act, what values we should aim to promote, and what means of anticipating and responding to the risks are reasonably—and publicly—justifiable. This Occasional Paper (prepared for the National Security College) provides a brief conceptual analysis of cybersecurity, demonstrates the relevance of ethics to cybersecurity and outlines various ways in which to approach ethical decision-making when responding to cyber-attacks

Towards a Digital Forensics Competency-Based Program: Making Assessment Count

This paper describes an approach that UMUC has initiated to revise its graduate programs to a Competency-Based Education (CBE) curriculum. The approach, which is Learning Demonstration (LD) centric, includes the identification of learning goals and competences, identification and description of the LDs, mapping of the LDs to the competences, scripting the LDs, placing the LDs into the respective courses, validating the developed materials, and the development of the open learning resources. Programs in the Cybersecurity and Information Assurance Department, including the Digital Forensics and Cyber Investigations program, are being revised. An LD centric approach to curriculum development helps align programs to the needs of employers, and standards of accreditation bodies. The rationale behind this paper is twofold: to support course development through providing reusable competency inventory, LD inventory, and open resources and to provide assessment by defining competences of an individual as a function of knowledge and skills. This is a work in progress. Keywords: learning goal, digital forensics, competences, competency-based education, learning demonstratio

Report of the 2013 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities: Designing Cybersecurity Programs in Support of Science

This 3-day summit focused on challenges of supporting those who secure scientific cyberinfrastructure. Tutorials covered identity management, network security and monitoring cybersecurity planning, and secure software development. Working group efforts continue in the Trusted CI Forum (trustedci.groupside.com). Future summits were discussed.This event was supported in part by the National Science Foundation under Grant Number 1234408. Any opinions, findings, and conclusions or recommendations expressed at the event or in this report are those of their authors and do not necessarily reflect the view of the National Science Foundation or any other organization

Report of the 2015 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

This event was supported in part by the National Science Foundation under Grant Number 1234408. Any opinions, findings, and conclusions or recommendations expressed at the event or in this report are those of the authors and do not necessarily reflect the views of the National Science Foundation

Central Washington University 2021-2022 Graduate Catalog

https://digitalcommons.cwu.edu/catalogs/1185/thumbnail.jp

Central Washington University 2020-2021 Graduate Catalog

https://digitalcommons.cwu.edu/catalogs/1183/thumbnail.jp

Central Washington University 2017-2018 Graduate Catalog

https://digitalcommons.cwu.edu/catalogs/1177/thumbnail.jp

Central Washington University 2016-2017 Graduate Catalog

https://digitalcommons.cwu.edu/catalogs/1175/thumbnail.jp

The CybHER Program supported by CISSE Framework to Engage and Anchor Middle-school Girls in Cybersecurity

There is a piercing shortage of personnel in the cybersecurity field that will take several decades to accommodate. Despite being 50 percent of the workforce, females only account for 11 percent of the cybersecurity personnel. While efforts have been made to encourage more females into the field, more needs to be done. Reality shows that a change in the statistics is not taking place. Women remain seriously under-represented in cybersecurity degree programs and the workforce. Prior research shows that elementary girls are equally as interested in the cyber path as boys. It is in middle school that this interest shifts, which raises interesting questions about middle-school girls’ perceptions of cyber-related studies. This study focuses on middle-school girls’ perceptions of cybersecurity and what promising practices can be discovered to engage middle school girls in cybersecurity. These promising practices are then applied to the CybHER program. Drawing on literature from gender gap and STEM research, prior interventions, and anchoring girls to the field, this study looks specifically at adolescent females in middle school. Through open-ended interviews, rich data was collected to form the CISSE framework of promising practices. The CISSE framework shows that community, influence, social media connection, education, increase in self-efficacy, and education are important factors to anchor girls in a cybersecurity career path. The CISSE framework assisted in developing and enhancing the comprehensive program called CybHER. CybHER started as simply a name with a dream. By incorporating the CISSE framework, paying attention to prior successes and prior research, the CybHER program developed into a comprehensive program that includes intervention methods to educate and motivate girls to pursue cybersecurity. Five CybHER themes make up the program. These themes recognize time and relationships as important elements to girls. CybHER provides community, influence, social media connection, increased selfefficacy and education while also producing anchors for girls in cybersecurity. Evaluation from experts in the field suggest that the program will make a significant difference in recruitment and retention of girls