Educating Future Multidisciplinary Cybersecurity Teams

We present a vision and the curricular foundations needed for the multidisciplinary cybersecurity teams of the future, which are made up of diverse cybersecurity experts, each contributing unique abilities and perspectives that emerged from their own discipline-centric methodological approaches. Examples demonstrating the effectiveness of current and emerging multidisciplinary cybersecurity teams are included

Reinventing Cybersecurity Internships During the COVID-19 Pandemic

The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research through student-led applied research and creating community-focused workshops. These student-produced workshops are in phishing, identity and privacy cyber safety, social media safety, and everyday home cyber safety. The CAs tailor the program to a particularly vulnerable population such as older adults, students, veterans, or similar people that make up most workshop participants. At this time, the data shows that this pedagogical approach to curriculum development, grounded in the Ground Truth Expertise Development Model (GTEDM), is a unique methodology. This curriculum teaches cybersecurity interns with key non-technical but critical KSAs for cybersecurity professional development has proved to be a factor in accelerated hiring for program participants

Holistic Cyber Education

This paper provides a multi-level, multidisciplinary approach for holistically integrating cyber into a student’s academic experience. Our approach suggests formally integrating cyber throughout an institution’s curriculum, including within the required general education program, in electives from a variety of disciplines, as multi-course threads, as minors, and in numerous cyber-related majors. Our holistic approach complements in-class curricula with both a pervasive cyber-aware environment and experiential, outside-the-classroom activities that apply concepts and skills in real-world environments. The goal of our approach is to provide all educated individuals a level of cyber education appropriate for their role in society. Throughout the description of our approach, we include examples of its implementation at the United States Military Academy.https://digitalcommons.usmalibrary.org/books/1024/thumbnail.jp

CR CyberMar as a Solution Path towards Cybersecurity Soundness in Maritime Logistics Domain

Cybersecurity is now considered as one of the main challenges for the maritime sector. At the same time, the maritime transport industry remains one of the most relevant and driving sectors for the global economy in terms of both the number and operations of active companies, and infrastructure and investments, thanks to the policies pushed to attract the latter. Maritime information systems, whether on board ships or in ports, are numerous, built with standard components available on the market and in many cases designed without factoring in well the ever-growing cyber risk. Digital infrastructure has become essential in operating and managing systems critical to the safety and security of shipping and ports. Specifically, Cyber-MAR is focused upon the simulation and emulation of the real world of maritime systems (e.g. Logistics, Supply Chain). This research effort will examine the creation of a federated Cyber Range (CR Cyber-MAR) which will include various platforms and interconnected systems on board a vessel or ashore, in order to allow a hyper-realistic simulation of cyber-attacks and trying to assimilate them into real-life. Then the identified CR Cyber range will be integrated in the Cybersecurity training needs for different levels of operators. The investigation of the discussed topic will essentially use qualitative techniques, analysing data obtained from publications, official and commercial reports, and interviews of a targeted audience

Creating a Multifarious Cyber Science Major

Existing approaches to computing-based cyber undergraduate majors typically take one of two forms: a broad exploration of both technical and human aspects, or a deep technical exploration of a single discipline relevant to cybersecurity. This paper describes the creation of a third approach—a multifarious major, consistent with Cybersecurity Curricula 2017, the ABET Cybersecurity Program Criteria, and the National Security Agency Center for Academic Excellence—Cyber Operations criteria. Our novel curriculum relies on a 10-course common foundation extended by one of five possible concentrations, each of which is delivered through a disciplinary lens and specialized into a highly relevant computing interest area serving society’s diverse cyber needs. The journey began years ago when we infused cybersecurity education throughout our programs, seeking to keep offerings and extracurricular activities relevant in society’s increasingly complex relationship with cyberspace. This paper details the overarching design principles, decision-making process, benchmarking, and feedback elicitation activities. A surprising key step was merging several curricula proposals into a single hybrid option. The new major attracted a strong initial cohort, meeting our enrollment goals and exceeding our diversity goals. We provide several recommendations for any institution embarking on a process of designing a new cyber-named major

Exploring the Value of Non-Technical Knowledge, Skills, and Abilities (KSAs) to Cybersecurity Hiring Managers

Industry's demand for cybersecurity workers with non-technical knowledge, skills, and abilities (KSAs) that complement technical prowess is not new. The purpose of this study was to connect with cybersecurity practitioners to determine which non-technical KSAs should be emphasized by educators to help meet workforce demands. This research applies a novel application of the Ground Truth Expertise Development Model (GTEDM) for exploring suitable non-technical and particularly soft KSAs necessary for cybersecurity professional development programs. This study focused on the definition and competency determination step and provided foundational KSA prioritization for further research. The field overwhelmingly agreed that non-technical skills were essential to a cybersecurity worker's success. The qualitative process produced three themes as non-technical KSA areas of the most significant import to the cybersecurity field. These KSA themes required included critically using information, communications skills, and collaboration to pursue customer/client success. The findings produce a more comprehensive list of hard, soft, and mixed non-technical skills that will benefit the public, private, and academic sector organizations as they develop cybersecurity curricula

The Development of a Multidisciplinary Cybersecurity Workforce: An Investigation

The unexpected digital transformation that was forced due to COVID-19 found many citizens and organizations unprepared to deal with the relevant technological advances and the cyber threat landscape. This outcome high-lighted once more the cybersecurity skills shortage and the necessity to ad-dress this gap. A solution to this, is to consider a multidisciplinary cybersecurity workforce with professionals originating from different backgrounds, beyond the traditional ones such as computing and IT. To be able to engage people though, they need to be aware of the possibilities that exist in cyber-security for those that originate from non-traditional disciplines. Moreover, cybersecurity professionals need to be aware of the added value when collaborating with these professionals. These are aspects that need to be extensively investigated to provide insights to academia and industry, to develop education and training curricula towards building a multidisciplinary cyber-security workforce. This paper investigated these aspects in a Further Education and Higher Education College in the UK, where 88 students from 5 disciplines were surveyed, providing valuable observations as to the interest of students, and future professionals, to work in cybersecurity industry and their perception on the subject disciplines relevant to cybersecurity jobs

A Celebration of West Point Authors, July - December 2019

Highlighting the 456 collected works of scholarship published and presented between July - December 2019.https://digitalcommons.usmalibrary.org/books/1022/thumbnail.jp

Cyber Defense Planning in Tabletop Exercises and Consideration of a Fractured Flaw Theory for Security Applications

Cybersecurity threats endanger every part of American life. Security and emergency preparedness professionals plan and prevent cyber-attacks using tabletop exercises. The tabletop exercises establish the risks and protection strategies for multiagency threats, thus, various agencies and industrial partners must work together in these training events. The purpose of this grounded study will be to develop criteria for selecting tabletop participants and explore the risks of participation. An additional consideration is the impact of the sponsoring agencies\u27 agenda on the value of the outcome for the participants. There is sufficient evidence to justify the investigation of these issues. Failing to include the correct participants has led to significant data breaches in the last few years. Participants may also place themselves in more significant harm through participation. The publication of the outcomes of tabletop exercises, including security gaps, causes grave concerns. The primary theory guiding security concepts is Walodi Weibull\u27s ‘weakest link theory;’ however, the flawed fracture theory may be invaluable as an alternative to the weakest link theory. The study design will qualitatively evaluate recent critical infrastructure exercises. Historical literature reviews and current qualitative efforts (ongoing exercises, action items, interviews, and surveys) provide the basis for improvement. A survey with 39 participants, four in-depth interviews across multiple business sizes, and one federal employee yielded findings related to noncompliance, tabletop baggage, and cascading events. Not having the correct participants leads to weaknesses across tabletop events. Having a missing organization or participant causes complications in response and leads to unrealistic responses. The current consequence of participating in a tabletop exercise was that although participation improved responsiveness and security, smaller partners may face a disproportionate increase in risk. Finally, the agenda, goals, and objectives are all impacted by the tabletop exercise’s sponsor. The prevalence of organizational noncompliance was unexpected. Theoretically, expanding from the weakest link model to the fractured flaw model will significantly improve how security professionals manage risk and survivability. Improving tabletop exercises will enhance the nation\u27s emergency preparedness and potential resiliency

Cybersecurity Using Risk Management Strategies of U.S. Government Health Organizations

Seismic data loss attributed to cybersecurity attacks has been an epidemic-level threat currently plaguing the U.S. healthcare system. Addressing cyber attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches. Grounded in the protection motivation theory, the purpose of this qualitative multiple case study was to explore risk-based strategies used by IT security managers to safeguard data effectively. Data were derived from interviews of eight IT security managers of four U.S. government health institutions and a review of relevant organizational documentation. The research data were coded and organized to support thematic development and analysis. The findings yielded four primary themes: effective cyber-risk management strategies: structured, systematic, and timely cyber risk management; continuous and consistent assessment of the risk environment; system and controls development, implementation, and monitoring; and strategy coordination through centralized interagency and interdepartmental risk management. The key recommendation based on the study findings is for IT security managers to employ cybersecurity strategies that integrate robust cybersecurity controls and systematic processes based on comprehensive risk management. The implications for positive social change include the potential to positively stimulate patient trust and confidence in healthcare systems and strengthen healthcare professionals\u27 commitments to ensure patient privacy