|
The United States is facing a cyber-security crisis. Recent studies predict a shortfall of 1.5M global information security jobs by 2020. The lack of qualified cyber-security workforce gives rise to high-profile security incidents. In addition, attacks against the nation's critical infrastructure can have devastating effect that go well beyond the financial losses that we are witnessing today. Example targets include aviation control software, the power grid, and even the networks themselves, with the advent of new and emerging network-centric technologies such as software-defined networks. Therefore, it is crucial to educate the next generation of cyber-security professionals. Cyber-security exercises, in which students analyze software to discover flaws and mitigate them, are an excellent instructional method to effectively improve the security skills of protection, detection, and response.
Security training requires that developers acquire both the skills necessary to find security vulnerabilities in software, as well as the skills to fix existing flawed software. The knowledge that comes from studying vulnerabilities and vulnerability patterns provides students with the hands-on expertise to complement theoretical security skills. Live cyber-security exercises are an excellent tool to teach and reinforce security concepts in students. However, live cyber-security competitions place a significant time and effort burden on the organizers, because as soon as an intentionally-vulnerable software is used in a competition it cannot be used again. Therefore, all the time and effort spent creating the intentionally-vulnerable software is used on a single competition. In addition, running a live cyber-security competition requires technical skills (e.g., networking and server administration) that may be outside the expertise of educators. This project allows any educator or student, regardless of their technical skills, to host their own security competition. In addition, the participants will be able to create the intentionally-vulnerable software, which stimulates creativity and constructive behavior. Finally, this project will develop a repository of intentionally-vulnerable software, which allows educators to select sample vulnerable software from different vulnerability classes, furthering the educational goals of the instructor.
|
EDU: Collaborative: Educating the Security Workforce through On-Demand Live Competitions