Dale C. Rowe

A survey SCADA of and critical infrastructure incidents

In this paper, we analyze several cyber-security incidents involving critical infrastructure and SCADA systems. We classify these incidents based on Source Sector, Method of Operations, Impact, and Target Sector. Using this standardized taxonomy we can easily compare and contrast current and future SCADA incidents.

Teaching natural user interaction using OpenNI and the Microsoft Kinect sensor

The launch of the Microsoft Kinect for Xbox (a real-time 3D imaging device) and supporting libraries spurred the development of various applications including those with natural user interfaces. We propose that using Kinect offers opportunities for novel approaches to classroom instruction on natural user interaction. A number of development frameworks has come up that can be used to facilitate this instruction. We evaluate the current state of this technology and present an overview of some of its development frameworks. We then present examples of how Kinect-assisted instruction can be used to achieve some of the learning outcomes in Human Computer Interaction (HCI) courses as outlined in IT2008. We have verified that OpenNI, with its accompanying libraries, can be used for these activities in multi-platform learning environments.

Improving accuracy in face tracking user interfaces using consumer devices

Using face and head movements to control a computer can be especially helpful for users who, for various reasons, cannot effectively use common input devices with their hands. Using vision-based consumer devices makes such a user interface readily available and allows its use to be non-intrusive. However, a characteristic problem with this system is accurate control. Consumer devices capture already small face movements at a resolution that is usually lower than the screen resolution. Computer vision algorithms and technologies that enable such also introduce noise, adversely affecting usability. This paper describes how different components of this perceptual user interface contribute to the problem of accuracy and presents potential solutions. This interface was implemented with different configurations and was statistically evaluated to support the analysis. The different configurations include, among other things, the use of 2D and depth images from consumer devices, different input styles, and the use of the Kalman filter.

Improving the learning experience for the deaf through augment reality innovations

One challenge facing the deaf is the need to divide their attention between subject matter and sign language interpreters. Sign language interpreters provide a visual interpretation of speech. However, the observation of an interpreter distracts an individual from other visual stimuli such as a presentation, demonstration or video. This paper proposes an augmented reality, head-mounted display system designed to improve the learning experience for the deaf, specifically a childs experience in a planetarium. The system uses augmented reality to enable a sign language interpreter to remain within the wearers vision. This improves on subtitle-based alternatives by removing literacy as a requirement. The project is part of a three-year development calibration between three Brigham Young University departments and Gallaudet University, with funding from the National Science Foundation. This paper focuses on the design, prototyping and proposed usability testing performed by a team of six IT students for a senior capstone project.

Risks, rewards and raising awareness: training a cyber workforce using student red teams

In this paper we discuss how a research-orientated student red-team provides free security assessments to organizations within the community. Such activities provide students with valuable skills and knowledge in dealing with real-world security issues. We present our approach to implementing such a team as a permanent fixture within our IT programs Cyber Security Research Lab and discuss the mutual benefits that such an offering presents.

Starships and Cybersecurity: Teaching Security Concepts through Immersive Gaming Experiences

As the world grows more technology involved, teaching some measure of cybersecurity has become imperative. Our research lab aims to help increase the cybersecurity interest and awareness among those of all ages. To aid us in this endeavor, we decided to introduce an interesting method that gamifies cybersecurity. Our methodology tests whether our new method is a viable vehicle for cybersecurity education. To do this, we asked participants to take surveys and included our own observations. We conclude our paper with our analysis of survey results and future improvements for an effective educational tool.

The Untrustables: How Underclassmen Evolved Our Approach to Student Red-Teaming

Our student red-team includes students from all years in our program. This has presented a significant challenge in helping underclassmen develop key skills that can be used to contribute to Red Team activities. Forming and building the Red Team at the university has been a continual learning process. The team is now in part managed by upperclassmen who teach train and help their underclassmen. Although it can be difficult to maintain flow when recruiting younger students who lack many fundamentals this approach has led to a deeper and more robust educational environment for all participants. These changes have led to a need for structure, a way in which the students and the faculty can measure progress and continual learning. We have formed a new ranking system for the Red Team with the goal of providing students with a method of self-evaluating their progress in between formal pass-offs with the team advisor. The structure allows students to take initiative in their learning and ranking process rather than waiting on the instruction from professors or more experienced students. Through this process it is easier to gauge the progress of the younger students and obtain an accurate representation of their current projects and struggles. This method facilitates more peer mentoring among students and accelerates the cybersecurity learning process making for a more functional student-run Red Team.

Systems Administration at the Graduate Level: Defining the Undefined

Systems administrators are to computers what a primary care specialist is to the human body. Their responsibilities include diagnosis, prescribing solutions, dealing with the challenges of aging to name but a few. They are a primary line of defense in maintaining system health and must be vigilant in identifying, classifying and removing a variety of threats. They have been needed since the dawn of computing and are everywhere in every business, industry, organization and market sector. Despite the critical role of systems administrators in our technological lives, the role of a systems administrator lacks a precise definition. In the context of education, what are the knowledge areas and skills required of systems administrators? How can these be taught and to what end? In this paper we present a senior/graduate level course in systems administration that has evolved over a three-year period. We include an instructional methodology, course outline and suggestions for lab content. We conclude with our observations and future plans for course development.

Mapping the cyber security terrain in a research context

In this paper we present a mapping of cyber-security research to information technology as a technical research discipline. We first discuss the evolution of IT as an academic discipline and use this to establish technical research objectives in an IT context. We then present our definition of cyber-security and a proposed research agenda based on these objectives and conclude with a discussion of current projects within our institution.

Training Future Cybersecurity Professionals in Spear Phishing using SiEVE

Most enterprise network attacks are the result of spear phishing, a highly personalized form of social engineering attack that is increasingly common. It is imperative that future cybersecurity professionals understand how to protect against such attacks, as well as how to effectively and efficiently perform such attacks during penetration testing. To help such education efforts, this paper introduces a process for creating spear phishing attacks called the Social Engineering Vulnerability Evaluation, or SiEVE for short. The step-by-step process relies solely on open source data and includes the steps of (1) identifying targets, (2) profiling targets, and (3) crafting spear phishing messages. SiEVE was evaluated as part of an experiment that compared performance of two groups of students in a 3rd year University Cybersecurity class: those with SiEVE (n=27) and those without SiEVE. (n=24). Findings show that those using the SiEVE process (a) did not identify more targets, though SiEVE students had significantly lower variance, (b) did identify more information about targets, and (c) did lead to more effective spear phishing attacks. The study illustrates the value of providing simple guidelines on improving performance of social engineering activities.