Engineering Commons^™

Improving Ethics Surrounding Collegiate-Level Hacking Education: Recommended Implementation Plan & Affiliation With Peer-Led Initiatives, Shannon Morgan, Dr. Sanjay Goel

Military Cyber Affairs

Cybersecurity has become a pertinent concern, as novel technological innovations create opportunities for threat actors to exfiltrate sensitive data. To meet the demand for professionals in the workforce, universities have ramped up their academic offerings to provide a broad range of cyber-related programs (e.g., cybersecurity, informatics, information technology, digital forensics, computer science, & engineering). As the tactics, techniques, and procedures (TTPs) of hackers evolve, the knowledge and skillset required to be an effective cybersecurity professional have escalated accordingly. Therefore, it is critical to train cyber students both technically and theoretically to actively combat cyber criminals and protect the confidentiality, integrity, …

Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin

Military Cyber Affairs

Automated approaches to cyber security based on machine learning will be necessary to combat the next generation of cyber-attacks. Current machine learning tools, however, are difficult to develop and deploy due to issues such as data availability and high false positive rates. Generative models can help solve data-related issues by creating high quality synthetic data for training and testing. Furthermore, some generative architectures are multipurpose, and when used for tasks such as intrusion detection, can outperform existing classifier models. This paper demonstrates how the future of cyber security stands to benefit from continued research on generative models.

Securing The Void: Assessing The Dynamic Threat Landscape Of Space, Brianna Bace, Dr. Unal Tatar

Military Cyber Affairs

Outer space is a strategic and multifaceted domain that is a crossroads for political, military, and economic interests. From a defense perspective, the U.S. military and intelligence community rely heavily on satellite networks to meet national security objectives and execute military operations and intelligence gathering. This paper examines the evolving threat landscape of the space sector, encompassing natural and man-made perils, emphasizing the rise of cyber threats and the complexity introduced by dual-use technology and commercialization. It also explores the implications for security and resilience, advocating for collaborative efforts among international organizations, governments, and industry to safeguard the space sector.

Longitudinal Attacks Against Iterative Data Collection With Local Differential Privacy, Mehmet Emre Gürsoy

Turkish Journal of Electrical Engineering and Computer Sciences

Local differential privacy (LDP) has recently emerged as an accepted standard for privacy-preserving collection of users’ data from smartphones and IoT devices. In many practical scenarios, users’ data needs to be collected repeatedly across multiple iterations. In such cases, although each collection satisfies LDP individually by itself, a longitudinal collection of multiple responses from the same user degrades that user’s privacy. To demonstrate this claim, in this paper, we propose longitudinal attacks against iterative data collection with LDP. We formulate a general Bayesian adversary model, and then individually show the application of this adversary model on six popular LDP protocols: …

Utilizing Culturally Responsive Strategies To Inspire African American Female Participation In Cybersecurity, Deanna Bailey, Michel Kornegay, Ladawn Partlow, Charnee Bowens, Karen Gareis, Kevin Kornegay

Journal of Pre-College Engineering Education Research (J-PEER)

The number of African American females participating in cyber fields is significantly low. Science, technology, engineering, and mathematics (STEM) education requires a new approach to student engagement to increase African American female participation in cybersecurity. The most common approach to engaging more African American females in STEM is to provide students access to professional images or role models active in STEM; however, more is needed. More race-centered strategies beyond role modeling are necessary to attract and retain African American females in STEM. Research studies show that integrating personal experiences and making cultural connections can help improve student participation in STEM …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Adoption Of Cybersecurity Policies By Local Governments 2020, Donald F. Norris Phd, Laura K. Mateczun Jd

Journal of Cybersecurity Education, Research and Practice

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. …

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn

SMU Data Science Review

Today, there is an increased risk to data privacy and information security due to cyberattacks that compromise data reliability and accessibility. New machine learning models are needed to detect and prevent these cyberattacks. One application of these models is cybersecurity threat detection and prevention systems that can create a baseline of a network's traffic patterns to detect anomalies without needing pre-labeled data; thus, enabling the identification of abnormal network events as threats. This research explored algorithms that can help automate anomaly detection on an enterprise network using Canadian Institute for Cybersecurity data. This study demonstrates that Neural Networks with Bayesian …

The Security And Cyber Defence Realities And Difficulties In Algeria, Kada Aicha

Journal of Police and Legal Sciences

This research paper aims to shed light on the digital challenge faced by Algeria as it enters the world of the knowledge society, which qualifies it to achieve cybersecurity and cyber defense against various forms and types of security threats, including cyber threats. The researcher used an analytical approach to understand the phenomenon under study and trace its causes, in addition to a case study method to study all aspects of the studied phenomenon and identify the characteristics of the case study - Algeria was chosen as the analysis unit. The study concluded several important results, including:

The deficiency of …

Defensive Industrial Policy: Cybersecurity Interventions To Reduce Intellectual Property Theft, Dr. Chad Dacus, Dr. Carl (Cj) Horn

Military Cyber Affairs

Through cyber-enabled industrial espionage, China has appropriated what Keith Alexander, the former Director of the National Security Agency, dubbed “the largest transfer of wealth in history.” Although China disavows intellectual property (IP) theft by its citizens and has set self-sustained research and development as an important goal, it is unrealistic to believe IP theft will slow down meaningfully without changing China’s decision calculus. China and the United States have twice agreed, in principle, to respect one another’s IP rights. However, these agreements have lacked any real enforcement mechanism, so the United States must do more to ensure its IP is …

Removing The Veil: Shining Light On The Lack Of Inclusivity In Cybersecurity Education For Students With Disabilities, Felicia Hellems, Sajal Bhatia

School of Computer Science & Engineering Faculty Publications

There are currently over one billion people living with some form of disability worldwide. The continuous increase in new technologies in today's society comes with an increased risk in security. A fundamental knowledge of cybersecurity should be a basic right available to all users of technology. A review of literature in the fields of cybersecurity, STEM, and computer science (CS) has revealed existent gaps regarding educational methods for teaching cybersecurity to students with disabilities (SWD's). To date, SWD's are largely left without equitable access to cybersecurity education. Our goal is to identify current educational methods being used to teach SWD's …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

The Soft Skills Business Demands Of The Chief Information Security Officer, Richard Smit, Jeroen Van Yperen Hagedoorn, Patric Versteeg, Pascal Ravesteijn

Journal of International Technology and Information Management

While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied in-depth. This paper describes a first study aimed at filling this gap.

In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis.

With an increasing threat to information security for …

Icts For Surveillance And Suppression: The Case Of The Indian Emergency 1975-1977, Ramesh Subramanian

Journal of International Technology and Information Management

Information and Communications technologies (ICT) pervade society. The Internet, wireless communication, and social media are ubiquitous in and indispensable in society today. As they continue to grow and mushroom, there are new and increased calls from various segments of the society such as technologists, activists, sociologists, and legal experts, who issue warnings on the more nefarious and undesirable uses of ICTs, especially by governments. In fact, government control and surveillance using ICTs is not a new phenomenon. By looking at history, we are able to see several instances when ICTs have been used by governments to control, surveil, and infringe …

Cybersecurity Analysis Of Load Frequency Control In Power Systems: A Survey, Sahaj Saxena, Sajal Bhatia, Rahul Gupta

School of Computer Science & Engineering Faculty Publications

Today, power systems have transformed considerably and taken a new shape of geographically distributed systems from the locally centralized systems thereby leading to a new infrastructure in the framework of networked control cyber-physical system (CPS). Among the different important operations to be performed for smooth generation, transmission, and distribution of power, maintaining the scheduled frequency, against any perturbations, is an important one. The load frequency control (LFC) operation actually governs this frequency regulation activity after the primary control. Due to CPS nature, the LFC operation is vulnerable to attacks, both from physical and cyber standpoints. The cyber-attack strategies ranges from …

As The Role Of The Driver Changes With Autonomous Vehicle Technology, So, Too, Must The Law Change, Nanci K. Carr

St. Mary's Law Journal

Getting a driver’s license is a highly anticipated rite of passage for most teenagers. Being alone behind the wheel, in control of a 3,000-pound machine, is an honor, a privilege, and a sign of adult responsibility. How will that change when driver’s licenses become licenses “to cause technology to engage” with the increased use of autonomous cars? Will driver’s education courses, with their focus on safety rules and defensive driving techniques, be eliminated if all a vehicle operator needs to do is push a button and the vehicle does the rest? While arguably autonomous cars are safer, they will not …

Topical Review Of Vulnerability Management For Local Hampton Roads Industry, Gregory W. Hubbard Jr., Matthew Eunice

OUR Journal: ODU Undergraduate Research Journal

The progress towards an interconnected digital world offers an exciting level of advancement for humanity. Unfortunately, this “online” connection is not safe from the threats and dangers typically associated with physical operations. With the foundation of Cyber Command of DoD cyberspace, the United States Government is taking a prominent stance in cyberspace operations. Like the federal government, both industries and individuals are not immune and are oftentimes unknowingly at risk to cyberattack. This report hopes to bring awareness to common vulnerabilities in multi-user networks by describing a historical background on cyber security as well as outlining current methods of vulnerability …

Application Of Quantum Cryptography To Cybersecurity And Critical Infrastructures In Space Communications, Rita Meraz, Linda Vahala

OUR Journal: ODU Undergraduate Research Journal

As society becomes more dependent on technology and the internet, critical infrastructure, which provides the fundamental services that millions of people depend on, becomes more vulnerable to cyber threats. This paper presents the importance of cybersecurity in critical infrastructure addressing the communications sector which is prevailed by space systems. It gives an overview of laser communications via satellite, and it argues the utility that quantum cryptography can provide to secure the data transmitted between communication satellites and ground stations from cyber attacks. Common encryption algorithms are briefly introduced as well as a review on quantum computing. Quantum cryptography is still …

Systemic Analysis Of The Use Of Artificial Intelligence (Ai) In Regulating Terrorist Content On Social Media Ecosystem Using Functional Dependency Network Analysis (Fdna), Alaina Roman, C. Ariel Pinto

OUR Journal: ODU Undergraduate Research Journal

This research is a systemic analysis of emerging risks to the use Artificial Intelligence (AI) in regulating terrorist content on social media ecosystems using Functional Dependency Network Analysis (FDNA), a proven system-design-and-analysis tool). The research has three phases: 1) framing the problem by identifying and describing AI ecosystem elements as intended, implied and explicit objectives, discernible attributes, and performance indictors; 2) describing the idealized problem-solved scenario, which includes detailing ‘success’ states of the ecosystem; and 3) systemic risk analysis including identifying failure scenarios for each element and establishing causalities among elemental attributes leading to failure scenarios. This research contributes toward …

Drones On The Rise: Societal Misperceptions Of Small Unmanned Aircraft Systems, Renee Keilman

The Journal of Purdue Undergraduate Research

Throughout the past decade, small unmanned aircraft systems (sUAS) have been on the rise in both the civilian and military sectors. It is forecasted that in the near future they will create thousands of jobs and billions in tax revenue due to their ability to execute difficult and hazardous tasks safely, efficiently, and cost-effectively. However, one current issue with the proliferation of the technology is a shortage of skilled employees due to a lack of education and common negative public misperceptions associated with them.

To investigate this, responses from a mixed-methods survey will be analyzed. Within the survey, questions such …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

Project Insight: A Granular Approach To Enterprise Cybersecurity, Sunna Quazi, Adam Baca, Sam Darsche

SMU Data Science Review

In this paper, we disambiguate risky activity corporate users are propagating with their software in real time by creating an enterprise security visualization solution for system administrators. The current problem in this domain is the lag in cyber intelligence that inhibits preventative security measure execution. This is partially due to the overemphasis of network activity, which is a nonfinite dataset and is difficult to comprehensively ingest with analytics. We address these concerns by elaborating on the beta of a software called "Insight" created by Felix Security. The overall solution leverages endpoint data along with preexisting whitelist/blacklist designations to unambiguously communicate …

Mro Cybersecurity Swot, Danita Baghdasarin

International Journal of Aviation, Aeronautics, and Aerospace

This article intended to identify gaps in the safety management system (SMS) framework when it comes to dealing with cyber risks and hazards in the maintenance, repair, and overhaul (MRO) industry. Cybersecurity is currently a concern of the aviation industry, but organizations in the MRO industry do not seem to be aware of any specific risks and hazards and therefore are not prepared to handle them. Concerns are largely around the increasing reach of aviation and the digital transformation of infrastructure, but the body of knowledge does not go into any greater detail. As a result, it is hard to …

Ftc Regulating Cybersecurity Post Wyndham: An International Common Law Comparison On The Impact Of Regulation Of Cybersecurity, Andrew Z. R. Smith

Georgia Journal of International & Comparative Law

No abstract provided.

Autonomous Cars And The Anonymous Threat: The Immediate Need For Cybersecurity Legislation For Self-Driving Vehicles, Forrest Albiston

Brigham Young University Prelaw Review

This paper addresses the immediate need for cybersecurity regulations on self-driving cars. The focus of this paper is to discuss the urgency of these laws and put forth the SPY Car Act of 2017 as a solution with some edits. This Act will help ensure the safety of US citizens and will also benefit businesses.

Employing A User-Centered Design Process For Cybersecurity Awareness In The Power Grid, Jean C. Scholtz, Lyndsey Franklin, Aditya Ashok, Katya Leblanc, Christopher Bonebrake, Eric Andersen, Michael Cassiadoro

Journal of Human Performance in Extreme Environments

In this paper, we discuss the process we are using in the design and implementation of a tool to improve the situation awareness of cyberattacks in the power grid. We provide details of the steps we have taken to date and describe the steps that still need to be accomplished. The focus of this work is to provide situation awareness of the power grid to staff from different, non-overlapping roles in an electrical transmission organization in order to facilitate an understanding of a possible occurrence of a cyberattack. Our approach follows a user-centered design process and includes determining the types …

The Future Of Nuclear Security: A Medical Physicist’S Perspective, Katharine E. Thomson

International Journal of Nuclear Security

Planning for the future of nuclear security is a vital and complex task, requiring cooperation and contribution from many disciplines and industries. This diversity of expertise should include the medical sector, which faces many of the same challenges as the nuclear industry: controlling access to dangerous material, creating a strong security culture, cooperating with the wider world and engaging the public.

Medical physicists, of which the author is one, oversee all aspects of small-scale radiation use. This paper discusses three key areas increasingly important to both medical and nuclear uses of radioactive materials: public engagement, prevention of nuclear and radiological …

Girl’S Cybersecurity Camp, Sarah Cunha, Dale Rowe

Journal of Undergraduate Research

In 2015, the BYU Cybersecurity Research Lab (CSRL) held its first annual summer camp for Girls aged 14-18. A total of 38 girls attended the week’s activities and workshops. While over 75% of girls indicated they had taken a computing-related class, only 40% reported any significant interest in cybersecurity prior to the summercamp with 10% believing they had some experience in the field. At the conclusion of the camp, 80% of attendees reported a significant interest in the field with 100% of attendees interested in attending a similar event again.