Laboratory Design for Wireless Network Attacks

ABSTRACT There has been an increased awareness on the importance of a hands-on laboratory component in information security education in recent years. We developed a series of laboratory exercises for wireless network security. These laboratory exercises introduce to the students the following wireless network attacks: Wardriving, Eavesdropping, WEP Key Cracking/Decryption, Man in the Middle, MAC Spoofing, ARP Cache Poisoning, and ARP Request Replay. Open source tools such as Aircrack-ng, Cain and Abel, and Mac Makeup are used in these laboratory exercises to demonstrate how these attacks are conducted. The laboratory exercises were presented to two information security related courses at this university. The student feedback was very positive. Future work will include refining the laboratory design, conducting evaluation of the exercises extensively, developing more laboratory exercises for wireless network security and developing laboratory exercises for the Linux platform

Robustness: A New US Cyber Deterrence Strategy

The growing trend of computer network attacks provokes the necessity for a comprehensive cyber deterrence strategy to deter aggressors from attacking U.S. critical infrastructure. The current U.S. cyber deterrence strategy based on punishment is ineffective in deterring aggressors as evidenced by the increasing number of computer network attacks against U.S. critical infrastructure. Therefore, the U.S. should look towards an alternative strategy based on robustness to deny enemy objectives and absorb attacks. To identify the superior cyber deterrence strategy, this study uses a qualitative assessment based on open-sourced information to evaluate the effectiveness of each strategy. The findings of this study show that a deterrence strategy centered on robustness can be more effective in deterring aggressors. As a result, the United States would be better served to reform its cyber deterrence strategy by establishing a capability to absorb computer network attacks and deny enemy objectives as a deterrent

Peer Review in Cybersecurity Education

Demands for a well-prepared cybersecurity workforce are growing, and instructors who teach cybersecurity to students require effective tools and techniques. Peer review is one technique that has been demonstrated to have practical benefits in many contexts, including instruction. In this paper, we explore the use of peer review in two cybersecurity courses at WPI, and we analyze how students’ reviews deal with the topic of cybersecurity. We find that while they utilize peer review in different ways, the two courses have similarities in their review texts. The construction of review prompts and other factors may influence the degree to which students focus on security. Finally, we discuss our findings and present suggestions for instructors who use peer review in cybersecurity courses

The Development of a Red Teaming Service-Learning Course

Despite advancements in pedagogy and technology, students often yearn for more applied opportunities in information security education. Further, small businesses are likely to have inadequate information security postures due to limited budgets and expertise. To address both issues, an advanced course in ethical hacking was developed which allows students to perform security assessments for local businesses through red team engagements. This paper will allow academics to implement similar courses, improving security education for students and increasing opportunities for local businesses to receive affordable security assessments

Teaching About the Dark Web in Criminal Justice or Related Programs at The Community College and University Levels.

Increasingly, criminal justice practitioners have been called on to help solve breaches in cyber security. However, while the demand for criminal justice participation in cyber investigations increases daily, most universities are lagging in their educational and training opportunities for students entering the criminal justice fields. This article discusses the need to incorporate courses discussing the Dark Web in criminal justice. A review of existing cyber-criminal justice programs in Texas and nationally suggests that most community colleges and 4-year universities have yet to develop courses/programs in understanding and investigating the Dark Web on the internet. The Dark Web serves as the new “Criminal Underground” for illegal activity and needs to be understood. This research outlines the need for criminal justice programs to teach courses in the Dark Web and offer course recommendations. Recommended syllabi material for Dark Web courses in criminal justice, and recommendations for development of these programs are included

Conceptual Systems Security Analysis Aerial Refueling Case Study

In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic Process Analysis approach for Security (STPA Sec) is tailored and presented in three phases which support the development of conceptual-level security requirements, applicable design-level criteria, and architectural-level security specifications. This work uniquely presents a detailed case study of a conceptual-level systems security analysis of a notional aerial refueling system based on the tailored STPA-Sec approach. This work is critically important for advancing the science of systems security engineering by providing a standardized approach for understanding security, safety, and resiliency requirements in complex systems with traceability and testability

Cyber-Human Systems, Space Technologies, and Threats

CYBER-HUMAN SYSTEMS, SPACE TECHNOLOGIES, AND THREATS is our eighth textbook in a series covering the world of UASs / CUAS/ UUVs / SPACE. Other textbooks in our series are Space Systems Emerging Technologies and Operations; Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD); Disruptive Technologies with applications in Airline, Marine, Defense Industries; Unmanned Vehicle Systems & Operations On Air, Sea, Land; Counter Unmanned Aircraft Systems Technologies and Operations; Unmanned Aircraft Systems in the Cyber Domain: Protecting USA’s Advanced Air Assets, 2nd edition; and Unmanned Aircraft Systems (UAS) in the Cyber Domain Protecting USA’s Advanced Air Assets, 1st edition. Our previous seven titles have received considerable global recognition in the field. (Nichols & Carter, 2022) (Nichols, et al., 2021) (Nichols R. K., et al., 2020) (Nichols R. , et al., 2020) (Nichols R. , et al., 2019) (Nichols R. K., 2018) (Nichols R. K., et al., 2022)https://newprairiepress.org/ebooks/1052/thumbnail.jp