Gamification to Support Cyber Security Community Education in Lebanon

Transcription

1 Gamification to Support Cyber Security Community Education in Lebanon Antoine M. Melki 1, Moussa G. Chatrieh 2 1 Instructional Technology Unit, University of Balamand, Balamand, Koura, Amioun 33, Lebanon {[email protected]} 2 Ecole Doctorale des Lettres et des Sciences, Université Libaniase, Sin El Fil, Beirut, Lebanon {[email protected]} Abstract: The research presented is a part of a larger project going in Lebanon. The aim of this paper is to describe the experience of the University of Balamand in adopting gamification as a means to provide community education in the field of cyber security. The volume of literature in cyber security field is increasing. One of the major highlighted issues is the place of humans in the security processes. On the other hand, digital citizenship and digital lifestyles are posing a number of challenges that are supposed to be met by education, since humans are involved. Meanwhile, the concepts of learning and teaching have changed drastically with the advances in web technologies and telecommunications. The main challenge lies in assuring cyber security, especially for those outside the regular educational setting. In the case of Lebanon, the majority of internet users are outside the regular outreach of any training or awareness program. This fact is a challenge for cybersecurity education in Lebanon. Accordingly, literature review shows that community learning comes as an appropriate solution, where universities have a major role to play. In addition, to avoid the problems underlying community education, like outreach, teaching difficulties, and financing, it is proposed to use gamification. This philosophy is adopted by the University of Balamand, whose experience is exposed in this research. Keywords: cybersecurity education, gamification, community learning 1. INTRODUCTION The cybersecurity studies are interdisciplinary by nature as they involve the study of several different fields: telecommunications, law, management, psychology, and others. With the advance in research in the field, focus is shifting from technology to humans, and the field is getting more involvement of experts from different backgrounds. In this paper, the human factor in cybersecurity is the main issue. The questions raised are primarily addressing the mass of online users, how to reach to them, and how improve their security in the cyber space. The Lebanese case is taken in specific, and gamification is highlighted as a potential solution of the outreach problem in community education which is proven to be the form that can contribute to the improving the cybersecurity of the large number of users who are outside the regular educational settings. In addition, the role of academia in this process and what it can offer to the community is emphasized. 172

2 2. THE HUMAN FACTOR IN CYBERSECURITY AND THE DIGITAL CITIZENSHIP The increasing number and sophistication of cyber threats is accompanied by concerns over the role of humans in cybersecurity. A large literature exist describing research on people in work settings, with emphasis on their contribution in cybersecurity. Reports cite numbers on the different threats in relation to humans. Threats related to humans include: 75% of people use the same password for multiple accounts, both at work and home, 7% of people use a password, which makes the threat among the top 100 most common problems, 91% of people use a password from the top 1000 most common, and 99.8% of people use a password from the top 10,000 most common FROM SECURITY TO LIFESTYLE On the other hand, attention is not anymore focused on security as a technical issue, as people are getting more immersed in technology and telecommunications. This immersion is tinting the lifestyle of humans as they become more and more dependent on ICT. In this endeavor, humans become the weakest link in cyber security, as they prefer to minimize their own inconvenience, as they reveal their predictability, apathy and general naivety about the potential impacts of their actions [1]. This digital lifestyle places the twenty first century people in the digital citizenship field. As expressed by Jason Ohler: The digital age beckons us to usher in a new era of character education, aimed directly at addressing the opportunities and challenges of living a digital lifestyle [2]. Meanwhile, digital citizenship is interpreted as being character education for the digital age [3] DIGITAL CITIZENSHIP Digital citizenship challenges the different components of societies by being expressed as nine elements as follows: a. Digital Access: full electronic participation in society. b. Digital Commerce: electronic buying and selling of goods. c. Digital Communication: electronic exchange of information. d. Digital Literacy: process of teaching and learning about technology and the use of technology. e. Digital Etiquette: electronic standards of conduct or procedure. f. Digital Law: electronic responsibility for actions and deeds g. Digital Rights and Responsibilities: those freedoms extended to everyone in a digital world. h. Digital Health and Wellness: physical and psychological well-being in a digital technology world. i. Digital Security (self-protection): electronic precautions to guarantee safety [4]. The sequence of citing the themes might not reflect their importance or chronology. If we try to list them by their significance in the cybersecurity context, digital literacy, etiquette, rights and responsibilities, should show before access and commerce. This rearrangement of the sequence highlights the central role of education in forming digital citizens. Shedding the light of this role on the cybersecurity field, education becomes a major challenge. 3. GAMIFICATION IN THE CYBERSECURITY ARENA Gamification is the process of enhancing a specific service by implementing game design elements in a non-game context to enhance the user s overall value creation and experience [5]. In addition, when designed and applied in an appropriate manner and setting, 173

3 gamification provides an alignment between motivation and desire that leads to the anticipated purpose of its use [6]. Gamification is used for educational purposes, not only entertainment. There exist games for science [7](Rouse, 2013), maths [8] (Goehle, 2013), foreign languages [9] (Danowska Florczyk & Mostowski, 2012), cultural heritage [10] (Gordillo, Gallego, Barra, & Quemada, 2013), health [11] (Gabarron, Schopf, Serrano, Fernandez Luque, & Dorronzoro, 2012), computer science [12] (Li, Dong, Untch, & Chasteen, 2013), software engineering [13] (Sheth, Bell, & Kaiser, 2012), business and logistics [14] (Reiners, et al., 2012), and lately for cybersecurity awareness training [15] (Adams and Makramalla) GAMIFICATION OF CYBERSECURITY EDUCATION An important principle of game design is the meaningfulness of the content to the players. Literature review shows that for a learning environment to be engaging, its context has to connect to the everyday lives of the learners. In the case of cybersecurity, the context is not a fictional world but a real one. The pervasiveness of cybersecurity affects the everyday lives of the users and their communities, so they are expected to meaningfully engage in the different tasks and activities created around this context, and presented as games. To conclude this section, this paper is advising the use of educational games as a means for community education to address the human weakness in cybersecurity, raise awareness of it, and assist abandoned users in getting protected. But the issue of cost and financial support remains unsolved. It is proposed to involve higher education institutions. 4. COMMUNITY EDUCATION Since issues of infrastructure are outside the interest of this research, and since this research is dedicated more to handle the matters of human weakness in cyberspace than infrastructure concerns, the problem of lack of awareness is the subject of emphasis. Under these circumstances, community education can be proposed as a solution. Community Education is a process whereby learning is used for both individual and community betterment. It is characterized by: 1) involvement of people of all ages, 2) the use of community learning, resources and research to bring about community change, and 3) the recognition that people can learn through, with and for each other to create a better world (Mezirow & Taylor, 2011). The problems facing community education can be summarized in the following: 1) it relies on non-traditional teaching, 2) its structure is so different from the school structure, 3) relationships between students and instructors, students among themselves, students and administration and instructors and administration are harder to manage and more sophisticated, 4) reaching out to students is more difficult than in school setting, and 5) the cost and financial support is usually the responsibility of the government or local authorities CYBERSECURITY COMMUNITY EDUCATION In the case of teaching about cybersecurity following community education principles, some of the factors dissolve. The issue of reaching out to students is not a problem as the environment is the online itself. In the same course, issues of relationships and administration get different orientation, since the instructor can become confined with the computer or smartphone. The age issue can be linked to learning which involves a process and content with corresponding characteristics. At this stage, gamification is proposed as a solution THE ROLES OF UNIVERSITIES IN COMMUNITY EDUCATION In principle, universities play a number of roles in their communities. They 1) assure continuity of basic education, 2) generate knowledge to drive and transform the community, 174

4 3) improve lives, raise wages and productivity, cultural and political benefits, etc. 4) answer to both governments and communities, 5) widen access and create equity in higher education, 6) work with communities on creating, mobilizing and applying knowledge, 7) and lastly, managing and creating sustainable community initiatives (Ali, 2010). So, the commitment of universities to their communities is obvious. Raising awareness, developing awareness and training programs and running them, doing research, developing software including educational games, can be some of the activities that universities can do as a contribution to nurture cybersecurity. So, since there is a need to raise awareness, develop the Internet ecosystem, and since community education contributes to the solution, universities shall contribute in cybersecurity education through providing community learning. 5. THE LEBANESE CASE A study made by We Are Social titled Digital Landscape: Middle East, North Africa & Turkey in July 2014 stated that in Lebanon whose population is 4,137,000 persons, the internet penetration amounts to 81% represented by 3,337,000 internet users, 94% of mobile subscription penetration represented by 3,900,000 users (We are social). Based on the numbers provided by the Bureau of Statistics in Lebanon, the total number of schools and universities students and the information users amount to 1,302,283. By taking a very optimistic stance in dealing with numbers, and assuming that all those in schools and information organization are reachable for raising awareness on cybersecurity, those who are left with no assistance is 2,034,717. Figure 1: Lebanon Overview Figure 2: Internet users in Lebanon Studies show that more than 50% of the users are not secure in the cyberspace due to 2 main factors: 1) issues related to infrastructure, and 2) lack of awareness. It can be easily concluded that in Lebanon two thirds of the users need assistance for both reasons mentioned above. 6. A PROPOSED PLAN FOR LEBANON Due to the large number of users in need to be reached in Lebanon under any awareness campaign or procedure, community education is needed. Accordingly, the more involved components of the society, the better the results can be. In the case of our study, universities have to play a major role. The case of the University of Balamand (UOB) can be cited as an example to show commitment and show how gamification can be a tool to support community education. 175

5 6.1. UOB S EXPERIENCE Since 2009, UOB had committed its self to raise awareness on cybersecurity. A cybersecurity awareness component was added in a number of courses across all the curricula at the university. A specialized graduate program is under study. A number of projects in the community were completed to raise awareness, like community campaigns at schools, NGOs, youth groups and others, training people on how to deal with cyber risks, development of training material, development of software, delivering training, in addition to creating some partnerships which are project based. Some memoranda of understanding were signed with specialized institutions GAMIFICATION AS A TOOL FOR COMMUNITY EDUCATION As the process dealt with in this paper is online and the players are online users, and based on the facts stated above on the validity of educational games to raise awareness on cybersecurity, UOB started a project named Asfalia in Asfalia is a cybersecurity gamification lab, aiming at: 1): the arabization of open source cyber security games to reach the masses, 2) organizing a summer camp to materialize the community partnership, and 3) games development. 7. CONCLUSION Cybersecurity is not anymore a purely academic issue, but a national concern with multinational dimensions. The diversity of users and their backgrounds requires innovative solutions. Universities, as a workroom of innovation, are expected to offer contributions that go beyond simple teaching of courses. A commitment to innovate solutions that nurture awareness, and encourage the development of a secure cyber ecosystem is required. UOB, as a leading university in Lebanon, is exploiting gamification to increase the outreach of cybersecurity awareness outreach as a means of community education. 8. REFERENCES [1]. Thales (2013). The Human Component of Cyber Security. November Retrieved from on 1/6/2015. [2]. Ohler, J. (2011). Digital Citizenship Means Character Education for the Digital Age, Kappa Delta Pi Record, 47:sup1, 25-27, DOI: / [3]. Ribble, M. (2012). Digital Citizenship for Educational Change. Kappa Delta Pi Record, 48:4, , DOI: / [4]. Brownell, L. (2013). Nine Elements of Digital Citizenship. tutorials/nine-elements-of-digital-citizenship. Retrieved on 1/6/2015. [5]. Huotari, K., & Hamari, J. (2012). Defining Gamification - A Service Marketing Perspective. In Proceedings of The 16th International Academic Mindtrek Conference, Tampere, Finland, October 3-5, [6]. Korolov, M. (2012) Gamification on the Enterprise. Networkworld.com, 10 September 2012, pp [7]. Rouse, K. (2013). Gamification in science education: The relationship of educational games to motivation and achievement. The University Of Southern Mississippi. Publication number: [8]. Goehle, G. (2013). Gamification and Web based Homework. PRIMUS, 23(3), [9]. Danowska-Florczyk, E. & Mostowski, P. (2012). Gamification as a new direction in teaching Polish as a foreign language. Proceedings of the international conference ICT for Language Learning, 5 th edition, Florence, Italy, November [10]. Gordillo, A., Gallego, D., Barra, E., & Quemada, J. (2013). The city as a learning 176

6 gamified platform. Frontiers in Education Conference (pp ). [12]. Gabarron, E., Schopf, T., Serrano, J. A., Fernandez Luque, L., & Dorronzoro, E. (2012). Gamification Strategy on Prevention of STDs for Youth. Studies in health technology and informatics, 192, [12]. Li, C., Dong, Z., Untch, R. H., & Chasteen, M. (2013). Engaging Computer Science Collaborative Learning Environment. International Journal of Information and Educational Technology, 3(1), [13]. Sheth, S. K., Bell, J. S., & Kaiser, G. E. (2012). Increasing Student Engagement in Software Engineering with Gamification. Retrieved from [14]. Reiners, T., Wood, L. C., Chang, V., Gütl, C. H., Teräs, H., & Gregory, S. (2012). Operationalising gamification in an educational authentic environment. IADIS Internet Technologies and Society, (pp ). Perth, Australia. [15]. Adams, M. and Makramalla, M. (2015) Cybersecurity Skills Training: An Attacker- Centric Gamified Approach. Technology Innovation Management Review. January P [16]. Mezirow, J. & Taylor, E. W. (2011). Transformative Learning in Practice: Insights from Community, Workplace, and Higher Education. John Wiley & Sons. pp [17]. Ali, A. (2010). Developing the Community: The Role of Universities and Open and Distance Learning. The 6 th Pan-Commonwealth Forum on Open Learning November Kochi, India. Retrieved on 24/4/2015 from /2010presentation/Pages/ aspx. [18]. We Are Social (2014). Digital Landscape: Middle East, North Africa & Turkey. Retrieved from on 1/6/