This is a very timely project that addresses the education of undergraduates about the field of cyber-security. Included in the project activities are the creation of a "cyber-security house", an applied cyber-security course, and a cyber-security repository for broad dissemination of the materials and results from the project. While national security is critically dependent on a continuous and correct functioning of modern computing systems, current, state-of-the-art computing systems typically do not meet the stringent requirements of security, availability, fault-tolerance, and high performance. The 2001 Computer Crime and Security Survey from CSI/FBI describes two disturbing characteristics:(1) The number of computer crimes and security breaches are increasing, and (2) The total financial loss due to computer crimes and security breaches is increasing. One possible reason for this weakness of modern computing systems is that there is a severe shortage of skilled security professionals, resulting in a large number of computing systems being constructed by people who do not have adequate understanding of basic security principles. A fundamental reason for the shortage of security practitioners is that the principles and practices of security are typically not well covered in undergraduate education and only a handful of undergraduate programs in the USA even offer a course on computer security. The PI hypothesizes that fundamentally new mechanisms, which go beyond traditional classroom settings, are needed to address the current weaknesses associated with cyber-security technology and education. The overall goal of the project is to prepare a work force that is aware of system vulnerabilities, as well as a cadre of professionals that are knowledgeable about the recognized, best, and latest principles and practices available in security and information assurance. This project focuses on six activities: 1. Development of a "cyber-security house" to permit undergraduate students to learn and experiment with security principles and practices throughout their undergraduate career. This is intended to provide students an opportunity to learn and experiment with the latest cyber-security technology, keep up with the fast pace of change in cyber-security technology, and interact with other undergraduate students at different stages in their undergraduate careers. 2. Development of a new undergraduate course on applied cyber-security. This course provides hands-on experience with using the latest security tools, and designing and implementing secure systems. 3. Development of a repository of cyber-security education-related materials, making them available via the Web. The goal is to provide useful materials that are beyond course syllabi and lecture notes. 4. Dissemination of the results from this project to the CISE community. The methods for dissemination includes collaborating with faculties and students from other institutions via workshops, a TA training program, making course materials available on the Web, and publication and participation in CISE education-related conferences. 5. Increasing participation in the project activities of underrepresented groups by involving faculty and student from historically black colleges and universities, and other minority institutions. 6. Evaluation of the project results at regular intervals, and making modifications or extensions a needed. This evaluation will be based on the inputs from the students who take the new course and participate in the cyber-security house, industry who employ these students, and the instructors who teach the new course or supervise student in the cyber-security house. An important aspect of this project is the inclusion of survivability as an integral aspect of the educational topics proposed. Rather than focusing on the more traditional attack/detection paradigm, students are taught how to design software systems that are less vulnerable to attack and that are designed to survive such attack and provide some level of continuing service.
