Dr. Dave Dampier Professor of Computer Science and Engineering Director, Distributed Analytics and Security Institute and the Center for Computer Security Research
} Faculty Quantity and Quality } Courses Cross-disciplinary Undergraduate and Graduate Lab-Based (Hands-On Requirements) } Equipment Physical equipment and laboratories, if possible Virtual laboratories at least } Students Undergraduate and Graduate American Citizens, if you want to build a reputation with government agencies, or government contractors } Budget Leadership buy-in is critical! } Recognition CAE Credentials
} Faculty are needed across multiple disciplines CS, CPE, IS at a minimum ISE and EE desired Cyber Security if you must } Senior and Junior faculty are needed In sufficient quantity to: Build and Teach classes, Propose and Conduct research, Mentor students and faculty Of sufficient quality to: Successfully publish, Be successful with grants, Guide graduate students in meaningful research, Mentor junior faculty to successful careers
} Needed in many disciplines Security Policy and Law Computer Security Software Security Hardware Security Network Security Cyber Physical Systems Security, AKA SCADA Security These can be courses in any major where control systems engineering is taught. Digital Forensics } Courses build on basic computational science and engineering courses, such as programming, systems programming, networking, etc.
} Hands-on instruction is critical to building a quality cyber security education program Laboratory facilities should be of sufficient quantity and quality to support the expected size of the program. Isolated from the internet, but networked. Computers should be able to boot in any OS, at least in a VM. Hardware must be kept up to date (refreshed regularly) Software must be sufficient to allow students a realistic experience. Commercial or Open Source doesn t matter as much as exposure to as many tools as possible. If physical laboratories and/or hardware are not in the budget, then using virtual laboratories like those available in the RAVE program is acceptable.
} Need motivated students who are willing to focus their education in cyber security. Taking one or two courses is not sufficient. The program must allow them to take at least a semester equivalent of courses (12-15 hours), depending on the discipline. Students who are American citizens will get hired by the government if they want it. For industry, my guess is that American citizens is desirable for them as well. } Need undergraduates and graduate students Jobs available at all levels, but the best way to ensure American graduate students is to grow them in undergraduate programs.
} New programs cost money, and a commitment of funding needs to be made by the institution. Faculty lines should be dedicated to cyber security across multiple disciplines. Assistantships and scholarships should be made available for cyber security. Laboratories and equipment cost money. New course development costs time = money! } Capacity building grant opportunities should be relentlessly pursued.
} CAE-2Y: Center of Academic Excellence in Information Assurance/Cyber Defense Education for Community Colleges (32) } CAE-IA/CD: Center of Academic Excellence in Information Assurance/Cyber Defense Education (130) } CAE-R: CAE in Information Assurance/Cyber Defense Research (58) } CAE-Cyber: Center of Academic Excellence in Cyber Operations (13) Seven institutions have CAE-(IA/CD, R, and Cyber) AFIT, Auburn, CMU, MSU, NPS, Northeastern, NYU Poly, Tulsa https://www.nsa.gov/ia/academic_outreach/nat_cae/
} Originally known as CAE-IAE (Information Assurance Education) Oldest credential, started in 2000 Most basic credential available to four year institutions } To achieve this designation, curriculum has to be mapped to a detailed set of knowledge units derived from NICE framework. Very time-intensive process (probably at least 100 man-hours for someone very familiar with the curriculum.) Course/Textbook/Syllabus/Required Activity NICE National Initiative for Cyber Security Education http://crsc.nist.gov/nice/framework
} Originally started in 2008 } Must be doctoral granting institutions (or service academies) } Must graduate minimum of three PhDs every five years working in cyber security. } Must have research productive faculty producing at least ten publications every five years. } Students must also publish at least ten publications every five years. } Research funding production also considered. } 20 of 58 schools have only CAE-R https://www.iad.gov/nietp/documents/requirements/cae-r_criteria_newinstitutions.pdf
} Very specialized instruction required Outlined in very specific knowledge units Detailed evidence of instruction required } Assessment visit scheduled for those institutions with successful written applications Must prove to visitors that institution actually does what it wrote that it did. } My opinion is that only computer engineering or computer science need apply, unless degree program designed specifically for credential. } Students should be U.S. citizens as they are all destined for employment with the Department of Defense (if they desire). } Students eligible for summer training opportunities. https://www.nsa.gov/academia/nat_cae_cyber_ops/nat_cae_co_criteria.shtml
} Currently 54 active scholarship grants Air Force Inst of Tech Georgia Tech Miss State Pace U.C. Irvine Arizona State Hampton Missouri S&T Penn State Univ of Houston Univ of North Texas Univ of Pittsburgh Auburn Idaho State Naval Postgrad School Purdue Univ of Idaho Univ of South Alabama Cal State- Sacramento Indiana of PA New Mexico Tech Stevens Inst of Tech Univ of Illinois Chicago UT Austin Cal State-San Bernardino Carnegie Mellon Iowa State NYU Syracuse UIUC UT Dallas James Madison Norfolk State Towson UMBC UT San Antonio Dakota State Johns Hopkins NC A&T SUNY-Buffalo U of Nebraska- Omaha Univ of Tulsa Florida State Kansas State Northeastern Alabama- Huntsville Univ of New Mexico Univ of Washington George Washington Marymount Norwich Arizona UNC Charlotte Virginia Tech
Approximately 500 SFS Scholars nationwide.
} Full Tuition and Fees for Students Out of State and In-State } Book Allowance - $1000 per year } Health Insurance Allowance - $2000 per year } Travel Allowance - $3500 per year } Stipend Undergraduate - $20,000 per year Graduate - $32,000 per year } Summer Internship Great way to entice American students to stay in Graduate School!
} Serve 1 to 1 payback to: Local, State, or Federal Government State universities count as state government FFRDC (National Labs, Mitre, IDA, TVA, etc.) Tribal Governments } Must serve in Cyber Security position } Must obtain security clearance. } Must perform internship each summer } Must attend Job Fair each year } Obligated to look for a job } Failure to find a job within reasonable period of time results in monetary payback obligation.
} CAE-IA/CD 2001/2004/2007/2012/2014-2021 } CAE-R 2008/2014-2021 } CAE-Cyber 2013-2018 } Students and Faculty with clearances up to TS/SCI } Cross-disciplinary; multi-college Builds on degree programs in College of Engineering and College of Business BBA Business Information Systems BS Computer Science, Computer Engineering, Electrical Engineering, Industrial Engineering, Software Engineering MS Computer Science, Electrical and Computer Engineering, Industrial Engineering MSIS Information Systems PhD Computer Science, Electrical and Computer Engineering, Industrial Engineering, Business Administration (Information Systems)
Dr. David Dampier Professor of Computer Science and Engineering Computer Security and Digital Forensics Director of DASI Dr. Drew Hamilton Professor of Computer Science and Engineering Computer Security and Digital Forensics Assoc. VP for Research Dr. Merrill Warkentin Professor of Management Information Systems Social Aspects of Security Dr. Yogi Dandass Associate Professor of Computer Science and Engineering FPGA Development and Supply Chain Security Dr. Tommy Morris Associate Professor of Electrical and Computer Engineering Electrical Grid and Control System Security Director of CIPC Dr. Mahalingam Ramkumar Associate Professor of Computer Science and Engineering Trustworthy Computing Dr. Rob Crossler Assistant Professor of Management Information Systems Data Security and Privacy Dr. Wes McGrew Assistant Research Professor of Computer Science and Engineering Control Systems Human Machine Interface Security and Malware Reverse Engineering
} BIS 4113/6113: BIS Security Policy Constructing and maintaining security policies for organizations } CSE 4243/6243: Information and Computing Security Introductory class with weekly lab exercises, final exercise is Capture the Flag exercise. Cross-listed as ECE 4763/6763 } CSE 4273/6273: Computer Crime and Digital Forensics Practical training in investigative techniques with lab, semester long practical exercise, final exercise is Mock Trial } CSE 4363/6363: Reverse Engineering of Malware Practical training in malware reverse engineering, semester long practical exercise } CSE 4383/6383: Cryptography and Network Security Programming assignments } CSE/ECE 8990: Full Graduate Level Special topics classes in current security research
} } } } } } } } } } } Advanced Digital Forensics - CSE Advanced Topics in Network Security - CSE Computer Security Research Seminar (INSURE) - ECE Cyber Physical System Security - ECE Information Security Research Design - MIS Internet Security Protocols - CSE Process Control System Security - ECE Security in the Cloud - CSE Security in Cooperative Systems - CSE Software Security -CSE Trustworthy Computing -CSE
} MSU has three hands-on laboratories as well as virtual laboratories: Computer Security Laboratory 22 networked MAC minis that boot in Mac, Linux, and Windows Isolated from the internet to allow students complete freedom to try things in the lab. Digital Forensics Laboratory 20 fully functional digital forensics workstations All associated equipment including write-blockers, imagers, and cell phone analysis tools Control System Laboratory Eight control system physical stations with authentic control systems, radio communication, master stations running commercial HMI software.
} First SFS grant in 2001 Fourth SFS grant in 2012 } Currently have 23 students on SFS 2 PhD (Information Systems) 6 M.S. (5 Computer Science, 1 Computer Engineering) 7 B.S./M.S. (All CS for MS, 6 CS for BS, 1 SE for BS) 8 B.S. (CS, CPE(2), EE, SE (2), IS(2)) } Total close to 150 for the life of the program.
} Department of Defense Army, Navy, Air Force, DISA, NSA, Cyber Command, DIA } FBI, CIA, FDIC, Treasury, DHS } National Labs (Sandia, Oak Ridge, PNNL, Livermore) } Choctaw Indian Reservation } State of Mississippi
} DASI Distributed Analytics and Security Institute University Level Research Institute } CCSR Center for Computer Security Research College Level Research Center } NFTC National Forensics Training Center } CIPC Critical Infrastructure Protection Center Department Level
} Develop capabilities for Mississippi and the U.S. in: Big Data Analytics Cyber Security Critical Infrastructure Protection } Conduct research in these activities on a High Performance Computing Platform } Research and Assess the ability to do these activities over a geographically distributed platform.
Ioana Banicescu CSE Dave Dampier CSE Jenny Du ECE Jim Fowler ECE Drew Hamilton CSE Mike Mazzola ECE Donna Reese CSE Ed Swan CSE Merrill Warkentin MIS Nick Younan ECE Sherif Abdelwahad ECE Kari Babski-Reeves ISE Yogi Dandass CSE Yong Fu ECE T.J. Jankun-Kelly CSE Tommy Morris ECE Mahalingam Ramkumar CSE Bob Reese ECE Lesley Strawderman ISE Song Zhang CSE Derek Anderson ECE Chris Archibald CSE John Ball ECE Rob Crossler ISE Pan Li ECE Wes McGrew CSE Hugh Medal ISE Byron Williams CSE Uttam Adhikari DASI Joe Crumpton DASI Dae Glendowne DASI Chris Ivancic DASI Patrick Pape DASI
Dr. David A. Dampier Professor of Computer Science and Engineering Director, Distributed Analytics and Security Institute dad6@msstate.edu