Teaching Psychological Principles to Cybersecurity Students

This paper will discuss our observations gained from teaching psychological principles and methods to undergraduate and postgraduate cybersecurity students. We will draw on and extend our previous work encouraging the teaching of psychology in computing and cybersecurity education. We pay special attention to the consideration of characteristics of cybersecurity students in terms of teaching psychology in a way that will be accessible and engaging. We then discuss the development and use of an online training tool which draws on psychology to help educators and companies to raise awareness of cybersecurity risks in students and employees. Finally, we offer some practical suggestions to incorporate psychology into the cybersecurity curriculum

Introducing Psychological Concepts and Methods to Cybersecurity Students

This chapter will begin with a brief review of the literature that highlights what psychology research and practice can offer to cybersecurity education. The authors draw on their wide-ranging inter-disciplinary teaching experience and in this chapter they discuss their observations gained from teaching psychological principles and methods to undergraduate and postgraduate cybersecurity students. The authors pay special attention to the consideration of the characteristics of cybersecurity students, so that psychology is taught in a way that is accessible and engaging. Finally, the authors offer some practical suggestions for academics to help them incorporate psychology into the cybersecurity curriculum

A COMPREHENSIVE REVIEW OF INTERNET OF THINGS WAVEFORMS FOR A DOD LOW EARTH ORBIT CUBESAT MESH NETWORK

The Department of Defense (DOD) requires the military to provide command and control during missions in locations where terrestrial communications infrastructure is unreliable or unavailable, which results in a high reliance on satellite communications (SATCOM). This is problematic because they use and consume more digital data in the operational environment. The DOD has several forms of data capable of meeting Internet of Things (IoT) transmission parameters that could be diversified onto an IoT network. This research assesses the potential for an IoT satellite constellation in Low Earth Orbit to provide an alternative, space-based communication platform to military units while offering increased overall SATCOM capacity and resiliency. This research explores alternative IoT waveforms and compatible transceivers in place of LoRaWAN for the NPS CENETIX Ortbial-1 CubeSat. The study uses a descriptive comparative research approach to simultaneously assess several variables. Five alternative waveforms—Sigfox, NB-IoT, LTE-M, Wi-sun, and Ingenu—are evaluated. NB-IoT, LTE-M, and Ingenu meet the threshold to be feasible alternatives to replace the LoRaWAN waveform in the Orbital-1 CubeSat. Six potential IoT transceivers are assessed as replacements. Two transceivers for the NB-IoT and LTE-M IoT waveforms and one transceiver from U-blox for the Ingenu waveform are assessed as compliant.Lieutenant, United States NavyApproved for public release. Distribution is unlimited

Roadmap for NIS education programmes in Europe:education

This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe. In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area

A Novel VAPT Algorithm: Enhancing Web Application Security Trough OWASP top 10 Optimization

This research study is built upon cybersecurity audits and investigates the optimization of an Open Web Application Security Project (OWASP) Top 10 algorithm for Web Applications (WA) security audits using Vulnerability Assessment and Penetration Testing (VAPT) processes. The study places particular emphasis on enhancing the VAPT process by optimizing the OWASP algorithm. To achieve this, the research utilizes desk documents to gain knowledge of WA cybersecurity audits and their associated tools. It also delves into archives to explore VAPT processes and identify techniques, methods, and tools for VAPT automation. Furthermore, the research proposes a prototype optimization that streamlines the two steps of VAPT using the OWASP Top 10 algorithm through an experimental procedure. The results are obtained within a virtual environment, which employs black box testing methods as the primary means of data acquisition and analysis. In this experimental setting, the OWASP algorithm demonstrates an impressive level of precision, achieving a precision rate exceeding 90%. It effectively covers all researched vulnerabilities, thus justifying its optimization. This research contributes significantly to the enhancement of the OWASP algorithm and benefits the offensive security community. It plays a crucial role in ensuring compliance processes for professionals and analysts in the security and software development fields.Comment: 2nd International Conference on Software Engineering and Automation (SEAU 2023), November 11 ~ 12, 2023, Dubai, UA

APPLICATION OF GAME THEORY FOR ACTIVE CYBER DEFENSE AGAINST ADVANCED PERSISTENT THREATS

Advanced persistent threats (APTs) are determined, adaptive, and stealthy threat actors in cyber space. They are often hosted in, or sponsored by, adversary nation-states. As such, they are challenging opponents for both the U.S. military and the cyber-defense industry. Current defenses against APTs are largely reactive. This thesis used machine learning and game theory to test simulations of proactive defenses against APTs. We first applied machine learning to two benchmark APT datasets to classify APT network traffic by attack phase. This data was then used in a game model with reinforcement learning to learn the best tactics for both the APT attacker and the defender. The game model included security and resource levels, necessary conditions on actions, results of actions, success probabilities, and realistic costs and benefits for actions. The game model was run thousands of times with semi-random choices with reinforcement learning through a program created by NPS Professor Neil Rowe. Results showed that our methods could model active cyber defense strategies for defenders against both historical and hypothetical APT campaigns. Our game model is an extensible planning tool to recommend actions for defenders for active cyber defense planning against APTs.Approved for public release. Distribution is unlimited.Captain, United States Marine CorpsCaptain, United States Marine CorpsDISA, Arlington, VA, 2220