500 likes | 629 Views
Security Education Trends for Community Colleges: National Standards 4011 and 4013. John Knight – Information Security Ivy Tech Community College Northeast Fort Wayne Indiana. Welcome to STEM tech!. WHY ARE WE HERE ? In part…. C_B_R_E_U_I_Y. S O B N G H L D T W I N E S Y R T C
E N D
Security Education Trends for Community Colleges: National Standards 4011 and 4013 John Knight – Information Security Ivy Tech Community College Northeast Fort Wayne Indiana
Welcome to STEMtech! • WHY ARE WE HERE? • In part…
C_B_R_E_U_I_Y • S O B N G H • L D T W I N • E S Y R T C • E Y R K V L
In this sesion • NIST – NICE Initiative • Culture Shift • MATH = 1000+ | Internet = ~12 • Need for 60,000 trained Cyber Warriors
National Institute of Standards and Technology (NIST) – National Initiative on Cybersecurity Education – (NICE) • Our nation is at risk. The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity • Draft_NICE-Strategic-Plan_Aug2011.pdf
NICE: Executive Summary • Now is the time to begin a coordinated national initiative focused on cybersecurity awareness, education, training, and professional development. • Draft_NICE-Strategic-Plan_Aug2011.pdf
NICE: Executive Summary • The United States must encourage cybersecurity competence across the nation and build an agile, highly skilled workforce capable of responding to a dynamic and rapidly developing array of threats. • Draft_NICE-Strategic-Plan_Aug2011.pdf
Who’s Here • Please use the clicker to answer
Who are you? • K-12 Teacher • K-12 Administration • 2yr Faculty • 2yr Administration • 4yr Faculty • 4yr Administration • Government sector • Private sector • Business sector
My first OS was? • DOS - CPM • Windows 3x • AS 400 • Windows 9x • NT 4.0 • Windows XP • Windows Vista • Linux
This makes a difference as to how you think about cybersecurity • Your position/responsibilities • Your interest • Your curriculum • Your policy • Your program • Your budget • Your experience
Mathematics Education • A core discipline in U.S. school mathematics since late 1700’s • Ben Franklin: arithmetic, geometry, astronomy, classics, accounts, gardening, good breeding • Mathematics “to enhance mental discipline” • Committee of Ten (1893): justification “ for mental discipline, life, and college entrance” • (Kliebard & Franklin, 2003) • Slide adopted from NIST conference September 21, 2011
Research About Mathematics Teaching and Learning for a Century • ~1900: Grew out of psychology, first mathematics education research dissertations at Teachers College, Columbia University • 1967: national conference on needed research in mathematics education (University of Georgia) • Patrick Suppes: suggests serious work on building theories of mathematics learning • Tom Romburg and M. VereDeVault: research needed on mathematics curriculum • Bob Davis: grades 1-9 curriculum on discovery approach • 1970: Journal for Research in Mathematics Education • Slide adopted from NIST conference September 21, 2011
Where does this research happen? • 73 Ph.D programs in mathematics education across the US* • 18 in Departments of mathematics • 50 in Schools and Colleges of Education • 5 Cross-listed • *http://sigmaa.maa.org/rume/phd.html • Slide adopted from NIST conference September 21, 2011
Debates Within Mathematics Education • Late 1990s – present: “Math Wars” • 2008: National Mathematics Advisory Panel (National Mathematics Advisory Board Final Report: Foundations for Success) 2009: Common Core State Standards in Mathematics (state-led effort coordinated by the national Governors Association Center for Best Practices and the Council of Chief State School Officers Slide adopted from NIST conference September 21, 2011
ASSUMPTION: The computing, computer science and cybersecurity community is committed to seeing serious attention to their field in the K-12 curriculum – NICE • Assumption: The same will apply at the 2-yr community college level?
It took Mathematics more than a century… 1000+ years The Internet was born in 1990! Just over 21 years ago
CYBERSECURITY is Culture Shift • #1 threat to the US is cyber attacks • President Obama • Defense of the US begins at home on your computer – • Who is using your home computer?
Did you see… • Chinese hackers: No site is safe - CNN - Featured Articles from CNNUpdated September. 24, 2011 • They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have ...http://articles.cnn.com/2008-03-07/tech/china.hackers_1_hackers-web-sites-chines... • Chinese hackers - Squidoo : Welcome to Squidoo • The Dark Visitor(click here) reveals the history, ideology, organization, exploits, and political motivations of the Chinesehacker network. http://www.squidoo.com/thedarkvisitor • Hacking for Fun and Profit in China’s Underworld • The austere bedroom of a Chinesehacker. Legions of hackers are pilfering information from individuals, corporations and government. http://www.nytimes.com/2010/02/02/business/global/02hacker.html
Government says 60,000 trained Cyber Warriors needed - now • Who is going to be trained? • Who is going to train them? • Who is going to train the trainers? • Who is going to pay for the training? • Who is going to replace the retiring set?
NICE has the “lead” • “implementation of the initiative will be very much a collaborative effort between federal, state and local government, industry, academia, non-government organizations and the general public.” NIST-NICE
NICE implementation covers three goals: • 1. Raise awareness among the American public about the risks of online activities. • 2. Broaden the pool of skilled workers capable of supporting a cyber-secure nation. • 3. Develop and maintain an unrivaled, globally competitive cybersecurity workforce.
Who is going to train them? • 38 Advanced Technology Education (ATE) Centers • Examples: • CISSA – Palos Hills, IL • CyberWatch – Largo, MD • CSEC – Tulsa/Stillwater, OK • http://atecenters.org/centers-map/
Who is going to be trained? • K-12 • 2Yr/4yr • Workforce • Business sector • Government sector • Department of Defense
High Schools • CyberPatriot is the premiere national high school cyber defense competition created to inspire high school students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future.
The premier national high school competition • designed to give hands on exposure to the foundations of cyber security. • CyberPatriot is not a hacking competition. • CyberPatiot'sgoal is to excite students about Science, Technology, Engineering, and Mathematics (STEM) education • http://www.uscyberpatriot.org/about/Pages/default.aspx
Teams • A CyberPatriot team consists of five students and up to five alternates. Each team must have a coach, normally a teacher or JROTC/CAP Leader. • The coach does not have to have any technical expertise, and generally serves as an administrator for the team. • Competitors must be at least 13 years old and enrolled in grades 9-12. • Teams will have mentors (technical advisors) to help students prepare for the competition.
CyberWatch • an Advanced Technological Education (ATE) Center • Headquartered at Prince George’s Community College • Funded by a grant from the National Science Foundation (NSF). “Creating the Next Genereation of Cybersecurity Professionals” • http://cyberwatchcenter.org/index.php?option=com_content&view=article&id=50&Itemid=29
mission is to increase the quantity and quality of the information assurance (that is, cybersecurity) workforce. • The CyberWatch goals are focused on information assurance (IA) education at all levels, from elementary through graduate school, but especially the community college level
CyberWatch • The CyberWatch goals include curriculum development, faculty professional development, student development, career pathways, and public awareness
Community College: CAE2Y • The National Center of Academic Excellence for Information Assurance 2 Year Education (CAE2Y), is a means of providing recognition to institutions that serve as a model for two-year schools by providing innovative, comprehensive, and multidisciplinary education and training in the IA field.
Joint NSA and DHS initiative • While the CAE designation, which is a joint program of the National Security Agency (NSA) and the Department of Homeland Security (DHS), has been available to four-year schools for the past 13 years
the community colleges and their IA programs became eligible for this designation for the first time in 2010. • CyberWatch and its lead institution, Prince George’s Community College, worked closely with the three federal agencies, NSA, DHS, and the NSF to make the CAE2Y a reality
CNSS 4011 not enough • While the Committee on National Security Systems (CNSS) 4011 National Training Standard for Information Systems Security (INFOSEC) professionals provides a degree of standardization in technical courses, it does not provide a holistic review of the program, faculty capacity, institutional support, and other related aspects.
Benefits • Standardization of Curricula – CAE2Y represents a standard of IA curriculum accepted in the academic and professional communities. • Articulation - CAE2Y communicates to four-year institutions the quality and nature of a community college’s IA curriculum, thus facilitating articulation agreements. • Student Recruitment – CAE2Y is an attractant for students in the external and internal community.
Benefits cont • Student Job Placement – CAE2Y designation increases the opportunities for program graduates to find jobs. Industry understands better the skills students graduating from a CAE2Y program posses. • Industry Recognition and Support – CAE2Y provides industry recognition for the purposes of securing training contracts and industry support for grant applications. • Community Recognition – CAE2Y is a recognition respected and appreciated by the local and political community.
Missing Element • The gap between 2-year Community College and major 4 year universities • Need for a Bachelors in “Technology” • i.e. Indiana does not have a pathway to its major universities that will incorporate the technology classwork from the community college level.
What are the steps to accomplish the CAE2Y status? • 1. Have a robust IA program • 2. Complete the prerequisites – complete the mapping process by 31 August of the year submitting for CAE2Y and acquire TWO CNSS certifications • 3. Address all criteria and complete the CAE2Y application on time (~January 15th) • 4. Submit the CAE2Y application
Prerequisites • An institution applying for the CAE2Y designation must have an approved IA program, qualified faculty, and institutional support. Prior to submitting an application for the CAE2Y designation, IA courseware must be certified under the IA Courseware Evaluation Program http://www.nsa.gov/ia/academia/iace.cfm?MenuID=10.1.1.1l • Certification of TWO CNSS training standards are required: CNSS 4011 and one other.
CNSS Training standards are: • 4011 - National Training Standard for Information Systems Security (INFOSEC) Professionals • 4012 - National Training Standard for Senior Systems Managers (SSM) • 4013 - National Information Assurance Training Standard for System Administrators (SA) • 4014 - National Training Standard for Information Systems Security Officers (ISSO) • 4015 - National Training Standard for Systems Certifiers • 4016 – National Training Standard for Risk Analysts • http://www.cyberwatchcenter.org/images/CW/CAE%20Webinar%20Handouts.pdf
CSSIA – Palos Hills, IL • The Center for Systems Security and Information Assurance (CSSIA) originated in 2003 • It is a Regional Advanced Technological Education (ATE) Center for Cyber Security and Information Assurance. • CCDC • Training programs for Faculty – outstanding!
CSSIA • Training!
NSF Supported Training • National Science Foundation has several other supported projects nationally. To see all NSF opportunities go to http://www.teachingtechnicians.org/ and check it out. • See: http://www.teachingtechnicians.org/
Summary • Cybersecurity is a National Defense concern • YOU need to understand its importance and use your position to see that cybersecurity finds its way into each and every curriculum • Cybersecurity at all levels of education: K-12, Community Colleges, and 4yrs institutions. • CCDC – CyberWatch and CSSIA brings a hands-on, real approach to education. • We can meet the Cyber Warrior needs with a change in current Culture.
Summary con’t • Must train faculity • Find funding (NSF, ATEs, grants) • Find the will to get this done • MATH took over a century Cybersecurity can’t wait