Transcript Document

John Knight – Information Security
Ivy Tech Community College Northeast
Fort Wayne Indiana
 WHY
ARE WE HERE?
 In part…
1.
2.
3.
4.
S
L
E
E
OBNGH
DTWIN
SYRTC
YRKVL
C
YBERSECURITY




NIST – NICE Initiative
Culture Shift
MATH = 1000+ | Internet = ~12
Need for 60,000 trained Cyber Warriors


Our nation is at risk. The cybersecurity
vulnerabilities in our government and critical
infrastructure are a risk to national security,
public safety, and economic prosperity
Draft_NICE-Strategic-Plan_Aug2011.pdf


Now is the time to begin a coordinated
national initiative focused on cybersecurity
awareness, education, training, and
professional development.
Draft_NICE-Strategic-Plan_Aug2011.pdf


The United States must encourage
cybersecurity competence across the nation
and build an agile, highly skilled workforce
capable of responding to a dynamic and
rapidly developing array of threats.
Draft_NICE-Strategic-Plan_Aug2011.pdf

Please use the clicker to answer
1.
2.
3.
4.
5.
6.
7.
8.
9.
K-12 Teacher
K-12 Administration
2yr Faculty
2yr Administration
4yr Faculty
4yr Administration
Government sector
Private sector
Business sector
1.
2.
3.
4.
5.
6.
7.
8.
DOS - CPM
Windows 3x
AS 400
Windows 9x
NT 4.0
Windows XP
Windows Vista
Linux







Your
Your
Your
Your
Your
Your
Your
position/responsibilities
interest
curriculum
policy
program
budget
experience

A core discipline in U.S. school mathematics
since late 1700’s
◦ Ben Franklin: arithmetic, geometry, astronomy,
classics, accounts, gardening, good breeding
◦ Mathematics “to enhance mental discipline”
◦ Committee of Ten (1893): justification “ for mental
discipline, life, and college entrance”
◦ (Kliebard & Franklin, 2003)
◦ Slide adopted from NIST conference September 21, 2011


~1900: Grew out of psychology, first mathematics
education research dissertations at Teachers
College, Columbia University
1967: national conference on needed research in
mathematics education (University of Georgia)
◦ Patrick Suppes: suggests serious work on building theories of
mathematics learning
◦ Tom Romburg and M. Vere DeVault: research needed on
mathematics curriculum
◦ Bob Davis: grades 1-9 curriculum on discovery approach

1970: Journal for Research in Mathematics Education

Slide adopted from NIST conference September 21, 2011

73 Ph.D programs in mathematics education
across the US*
◦ 18 in Departments of mathematics
◦ 50 in Schools and Colleges of Education
◦ 5 Cross-listed
◦ *http://sigmaa.maa.org/rume/phd.html
◦ Slide adopted from NIST conference September 21, 2011


Late 1990s – present: “Math Wars”
2008: National Mathematics Advisory Panel
(National Mathematics Advisory Board
Final Report: Foundations for Success)
2009: Common Core State Standards in
Mathematics
(state-led effort coordinated by the national Governors
Association Center for Best Practices and the Council of
Chief State School Officers
Slide adopted from NIST conference September 21, 2011


ASSUMPTION: The computing, computer
science and cybersecurity community is
committed to seeing serious attention to their
field in the K-12 curriculum – NICE
Assumption: The same will apply at the 2-yr
community college level?
The Internet was born in 1990!
Just over 21 years ago
 #1
threat to the US is cyber attacks
 President Obama
 Defense
of the US begins at home
on your computer –
 Who is using your home computer?


Chinese hackers: No site is safe - CNN - Featured
Articles from CNN Updated September. 24, 2011
They operate from a bare apartment on a Chinese
island. They are intelligent 20-somethings who seem
harmless. But they are hard-core hackers who claim
to have ...http://articles.cnn.com/2008-03-07/tech/china.hackers_1_hackers-web-siteschines...


Chinese hackers - Squidoo : Welcome to Squidoo
The Dark Visitor(click here) reveals the history,
ideology, organization, exploits, and political
motivations of the Chinese hacker network.
http://www.squidoo.com/thedarkvisitor


Hacking for Fun and Profit in China’s Underworld
The austere bedroom of a Chinese hacker. Legions of
hackers are pilfering information from individuals,
corporations and government.
http://www.nytimes.com/2010/02/02/business/global/02hacker.html

Who is going to be trained?

Who is going to train them?

Who is going to train the trainers?

Who is going to pay for the training?

Who is going to replace the retiring set?

“implementation of the initiative will be very
much a collaborative effort between federal,
state and local government, industry,
academia, non-government organizations
and the general public.”
NIST-NICE



1. Raise awareness among the American
public about the risks of online activities.
2. Broaden the pool of skilled workers
capable of supporting a cyber-secure nation.
3. Develop and maintain an unrivaled,
globally competitive cybersecurity workforce.


38 Advanced Technology Education (ATE)
Centers
Examples:
◦ CISSA – Palos Hills, IL
◦ CyberWatch – Largo, MD
◦ CSEC – Tulsa/Stillwater, OK
◦ http://atecenters.org/centers-map/






K-12
2Yr/4yr
Workforce
Business sector
Government sector
Department of Defense

CyberPatriot is the premiere national high
school cyber defense competition created to
inspire high school students toward careers
in cybersecurity or other science, technology,
engineering, and mathematics (STEM)
disciplines critical to our nation’s future.




designed to give hands on exposure to the
foundations of cyber security.
CyberPatriot is not a hacking competition.
CyberPatiot's goal is to excite students about
Science, Technology, Engineering, and
Mathematics (STEM) education
http://www.uscyberpatriot.org/about/Pages/default.aspx




A CyberPatriot team consists of five students
and up to five alternates. Each team must
have a coach, normally a teacher or
JROTC/CAP Leader.
The coach does not have to have any
technical expertise, and generally serves as
an administrator for the team.
Competitors must be at least 13 years old
and enrolled in grades 9-12.
Teams will have mentors (technical advisors)
to help students prepare for the competition.



an Advanced Technological Education (ATE)
Center
Headquartered at Prince George’s Community
College
Funded by a grant from the National Science
Foundation (NSF).
“Creating the Next Genereation of
Cybersecurity Professionals”

http://cyberwatchcenter.org/index.php?option=com_content&view=article&id=50&Itemid=29


mission is to increase the quantity and quality
of the information assurance (that is,
cybersecurity) workforce.
The CyberWatch goals are focused on
information assurance (IA) education at all
levels, from elementary through graduate
school, but especially the community college
level

The CyberWatch goals include curriculum
development, faculty professional
development, student development, career
pathways, and public awareness

The National Center of Academic Excellence
for Information Assurance 2 Year Education
(CAE2Y), is a means of providing recognition
to institutions that serve as a model for twoyear schools by providing innovative,
comprehensive, and multidisciplinary
education and training in the IA field.

While the CAE designation, which is a joint
program of the National Security Agency
(NSA) and the Department of Homeland
Security (DHS), has been available to fouryear schools for the past 13 years


the community colleges and their IA
programs became eligible for this designation
for the first time in 2010.
CyberWatch and its lead institution, Prince
George’s Community College, worked closely
with the three federal agencies, NSA, DHS,
and the NSF to make the CAE2Y a reality

While the Committee on National Security
Systems (CNSS) 4011 National Training
Standard for Information Systems Security
(INFOSEC) professionals provides a degree of
standardization in technical courses, it does
not provide a holistic review of the program,
faculty capacity, institutional support, and
other related aspects.



Standardization of Curricula – CAE2Y
represents a standard of IA curriculum
accepted in the academic and professional
communities.
Articulation - CAE2Y communicates to fouryear institutions the quality and nature of a
community college’s IA curriculum, thus
facilitating articulation agreements.
Student Recruitment – CAE2Y is an attractant
for students in the external and internal
community.



Student Job Placement – CAE2Y designation
increases the opportunities for program
graduates to find jobs. Industry understands
better the skills students graduating from a
CAE2Y program posses.
Industry Recognition and Support – CAE2Y
provides industry recognition for the purposes of
securing training contracts and industry support
for grant applications.
Community Recognition – CAE2Y is a recognition
respected and appreciated by the local and
political community.



The gap between 2-year Community College
and major 4 year universities
Need for a Bachelors in “Technology”
i.e. Indiana does not have a pathway to its
major universities that will incorporate the
technology classwork from the community
college level.




1. Have a robust IA program
2. Complete the prerequisites – complete the
mapping process by 31 August of the year
submitting for CAE2Y and acquire TWO CNSS
certifications
3. Address all criteria and complete the
CAE2Y application on time (~January 15th)
4. Submit the CAE2Y application


An institution applying for the CAE2Y
designation must have an approved IA
program, qualified faculty, and institutional
support. Prior to submitting an application
for the CAE2Y designation, IA courseware
must be certified under the IA Courseware
Evaluation Program
http://www.nsa.gov/ia/academia/iace.cfm?M
enuID=10.1.1.1l
Certification of TWO CNSS training standards
are required: CNSS 4011 and one other.






4011 - National Training Standard for
Information Systems Security (INFOSEC)
Professionals
4012 - National Training Standard for Senior
Systems Managers (SSM)
4013 - National Information Assurance Training
Standard for System Administrators (SA)
4014 - National Training Standard for
Information Systems Security Officers (ISSO)
4015 - National Training Standard for Systems
Certifiers
4016 – National Training Standard for Risk
Analysts

http://www.cyberwatchcenter.org/images/CW/CAE%20Webinar%20Handouts.pdf




The Center for Systems Security and
Information Assurance (CSSIA) originated in
2003
It is a Regional Advanced Technological
Education (ATE) Center for Cyber Security and
Information Assurance.
CCDC
Training programs for Faculty – outstanding!

Training!


National Science Foundation has several other
supported projects nationally. To see all NSF
opportunities go to
http://www.teachingtechnicians.org/ and
check it out.
See: http://www.teachingtechnicians.org/





Cybersecurity is a National Defense concern
YOU need to understand its importance and
use your position to see that cybersecurity
finds its way into each and every curriculum
Cybersecurity at all levels of education: K-12,
Community Colleges, and 4yrs institutions.
CCDC – CyberWatch and CSSIA brings a
hands-on, real approach to education.
We can meet the Cyber Warrior needs with a
change in current Culture.




Must train faculity
Find funding (NSF, ATEs, grants)
Find the will to get this done
MATH took over a century
Cybersecurity can’t wait