1 of 40

Introduction to Cybersecurity�

GenCyber Teacher Pre-Camp: Day 1

Instructor: David Pratt

School of Education and Counseling

Purdue University Northwest

2 of 40

GenCyber Teacher Camp

Federal Program

sponsored by National Security Agency (NSA)
funded by National Science Foundation (NSF)

Sustain cybersecurity interest at the K-12 level in order to build a competent, diverse, and adaptable cybersecurity workforce pipeline through alignment with the National Centers of Academic Excellence in Cybersecurity (NCAE-C).�

Increase awareness of K12 cybersecurity content and college/career opportunities
Increase student diversity in cybersecurity college and career readiness pathways at the K-12 level.
Develop a teaching learning community to learn, develop, and deliver cybersecurity content for the K-12 classroom

Purdue University Northwest

3 of 40

TODAY’s Agenda

Overview of Experience

Introductions

Overview of Cybersecurity

How to Teach Cybersecurity

Purdue University Northwest

4 of 40

Overview of Experience

Pre-Camp (online)

GenCyber Workshops (PNW)

Follow-Up Sessions

Purdue University Northwest

5 of 40

Agenda for this week

MONDAY – FRIDAY 9:00-10:30

Day 1: Camp Overview and Introductions (Dave)

Day 2: Robots, Sparki and Related Concepts (George)

Day 3: Hacking and Programming (Chuck)

Day 4: Review of SIX Cyber Security Concepts (Dave and Chuck)

Day 5: Website Resources and Lesson Plan format (Michael Tu and Dave)

Purdue University Northwest

6 of 40

Objectives

By the end of the GenCyber Teacher Camp, teachers will be able to:

Discuss the basic principles of how the Internet works, including networks, servers, and accounts and how to enhance cybersecurity in these areas including good password design.
Discuss the importance of cybersecurity within the greater context of digital citizenship and social media.
Identify and explain the 6 Cybersecurity concepts with examples.
Identify and use tools that illustrate cybersecurity principles with students in order to promote safe and ethical use of technology in the classroom.
Define and use strategies for scenario-based learning in creating scenario activities that integrate cybersecurity principles.
Create programming exercises using the C programming language for controlling a Sparki robot and demonstrate concepts that enhance cybersecurity through good coding practices.
Setup a Raspberry Pi and create programming exercises in Python for enhancing security of Internet of Things (IoT) devices.
Discuss and use tools for demonstrating ethical hacking and cyber forensics
Create lesson plans for cybersecurity topics.

Purdue University Northwest

7 of 40

Who are we??

Purdue University Northwest

8 of 40

Who We Are

Purdue University Northwest

Computer Information Technology and Graphics Department

B.S. in Computer Information Technology
B.S. in Cybersecurity (starts Fall 2022)
B.S. in Computer Graphics Technology
M.S. in Technology with concentration in Computer Information Technology
Graduate Cybersecurity Certificate

Education Department

Purdue University Northwest

9 of 40

Who are YOU?

What is your role in working with High school students?
Why do you think it is important to teach CYBERSECURITY in HS?

Purdue University Northwest

10 of 40

Cybersecurity- Just for IT people???

Not true! Cybersecurity is part of everyone’s life!

If you use any device that hooks up to the Internet - and that includes your watch, your Fitbit, your refrigerator, your toys…�
As technology gets easier to use, it also gets less transparent - do you know what your device is doing when you’re not looking? What about your accounts? Or your students’ accounts?

Purdue University Northwest

11 of 40

Cybersecurity Facts for 2022

85% of cybersecurity breaches are caused by human error. (Verizon)
94% of all malware is delivered by email. (CSO Online)
Ransomware attacks happen every 10 seconds. (InfoSecurity Group)
71% of all cyberattacks are financially motivated (followed by intellectual property theft, and then espionage). (Verizon)
The annual global cost of cybercrime is estimated to be $10.5 trillion by 2025. (Cybersecurity Ventures)

DAMAGE: $190,000 every SECOND!

Purdue University Northwest

12 of 40

Notable Cybersecurity Attacks

Reference: https://digitalguardian.com/blog/biggest-incidents-cybersecurity-past-10-years-infographic

2013–2014

Target and Home Depot

Point of Sale systems infected with malware – BlackPOS
110M customer files stolen at Target, 56M credit card data at Home Depot

2015

Experian Data Breach

Impact: 15M

2017

Equifax Data Breach

Technique: Failed to install patches to Apache Struts
Impact: 150M credit card details and SSNs.

2017

Windows Computers attacked

Technique: Ransomware crypto-worm (WannaCry), spread through EternalBlue, an exploit made by the NSA.
Impact: 230K computers infected, $300 in Bitcoin to unlock

2017

Uber

Impact: 50M customer addresses, phone numbers, emails stolen.

2018

Marriot

Technique: Login credentials compromised of two employees which allowed the Starwood centralized database to be hacked back in 2014.
Impact: 500M customers info

2021

Colonial Pipeline attack

Technique: Ransomware
Impact: 4.4M paid, 45% of all fuel for east coast is from this Texas pipeline, caused gas availability problems in US East coast.

Purdue University Northwest

13 of 40

v

Purdue University Northwest

14 of 40

Purdue University Northwest

15 of 40

Purdue University Northwest

16 of 40

Purdue University Northwest

17 of 40

\

Purdue University Northwest

18 of 40

Approaches to Teaching

Survey of Teachers
Methods for increasing motivation
Resources

Purdue University Northwest

19 of 40

Survey of Teachers: How to Teach

207 out of 214 respondents (97%) agreed with the prompt, “I would like to learn more about cybersecurity.”

Are your students motivated to learn through playing games? YES (98%)

“If you were provided with computer games that teach cybersecurity concepts and knowledge, would you use them to teach cybersecurity or related topics in the future?” YES (85%)

Purdue University Northwest

20 of 40

Survey of Teachers: How to Teach

Question	Interested	Very interested	Total
Cyber hacking	39%	44%	83%
Computer forensics investigation	39%	44%	83%
Robotic game programming	37%	45%	82%
3D games	38%	41%	79%

Purdue University Northwest

21 of 40

Resources for Cybersecurity

https://docs.google.com/document/d/17S0q65UVp0w3seNWbqDbVDtdJlQAKSSth6DM95qcHxs/edit?usp=sharing

Purdue University Northwest

22 of 40

The Curriculum: Robotics and Programming

Includes basics, remote control programming, wall avoidance and moving, controlling the gripper
Cybersecurity elements include bluetooth sniffing and hijacking, data hiding principles

22

Purdue University Northwest

23 of 40

23

24 of 40

The Curriculum: Ethical Hacking

Purpose: improve the security of the network or systems by fixing the vulnerabilities found during testing.
May use the same methods and tools used by the malicious hackers but with the permission of the authorized person for the purpose of improving the security and defending the systems from attacks by malicious users.
Uses Virtual Machines for labs (Windows and Linux); future plans include online access to VMs for use with Chromebooks
Concentrates on basic cybersecurity, penetration testing, and understanding vulnerabilities in a system

24

Purdue University Northwest

25 of 40

The Curriculum: Digital Forensics

Software needed is provided (open-source Windows-based)
Hardware and software-based lessons on forensics
Includes steganography and cryptography concepts with hands-on activities

25

Purdue University Northwest

26 of 40

26

27 of 40

Discussion Time

What experience do you have teaching technology or cybersecurity to students?
What have been effective approaches you have used?

Purdue University Northwest

28 of 40

What can I teach about Cyber?

Careers/Post-secondary opportunities

Digital Citizenship

Cybersecurity topics

Purdue University Northwest

29 of 40

First Principles of Cybersecurity

Data Hiding – The principle of keeping information inaccessible except within the process itself.

Abstraction – The principle that the interface of a hardware or software component should be independent of its implementation.

Resource Encapsulation – The process of separating an entity (system, object or hardware) to include and isolate its own data.

Modularity – The process of separating functionality into independent pieces to ensure each piece performs a separate function and keeps its own data.

Layering – The process of providing multiple layers of protection or controls between critical data and attackers; layered security can be considered one step of defense-in-depth strategy.

Least Privilege – The principle of allowing entities (people, processes, devices) only the capabilities necessary to accomplish their assigned duties and functions.

Domain Separation – Implies that data, processes, and systems should logically define their area of control (domain).

Process Isolation – Ensuring that programs or operating systems run completely separate from other programs or operating systems for the purpose of controlling access to system resources memory.

Simplicity - the quality of designing programs, systems, and processes to be free of complexity, easier to test, easier to operate, easier to protect.

Minimization – keeping all design and functionality aspects to a minimum, reducing needless size and complexity.

Purdue University Northwest

30 of 40

Cybersecurity Concepts OVERVIEW

Each part of the "hand" works together as a whole unit, just like each of your fingers and the palm. As such, each concept is dependent on the next - when one is compromised or not optimal, the entire system is compromised.

Purdue University Northwest

31 of 40

Defense in Depth

Definition: A comprehensive strategy of including multiple layers of security within a system so that if one layer fails, another layer of security is already in place to stop the attack/unauthorized access.

Example: To make a purchase on Xbox, you must sign into Xbox, enter a password, and enter a 6-digit pin.

Terminology:

access control

Dual

Authentication

Authorization

Cipher

Cryptography

Cybersecurity

Firewall

Information security policy

Password

computer network defense

Purdue University Northwest

32 of 40

Think Like an Adversary

Definition: The strategy of putting yourself inside the mindset of a potential attacker that allows you to anticipate attack strategies and defend your systems accordingly.

data breach

denial of service

Hacker

Adversary

Ethical Hacking

Example: Programmers of grade-keeping software enhance products by looking at situations were students or parents were able to break into gradebooks.

Terminology:

Purdue University Northwest

33 of 40

Availability

Definition: The property that information or information systems are accessible and usable on demand.

Example: Soon, DESMOS graphing calculator capabilities will be accessible during the online version of the SAT.

Terminology/Vocabulary:

system administration

security policy

Purdue University Northwest

34 of 40

Integrity

Definition: The property that data or a component of a system has not been modified in an unauthorized manner. The system maintains the data as expected and updates the data as often as planned.

Example: The system maintains the data as expected and updates the data as often as planned.

Terminology/Vocabulary:

antivirus software

data integrity

trojan horse

Virus

Worm

Spyware

Spam

Spoofing

electronic signature

malicious code

Malware

Phishing

Purdue University Northwest

35 of 40

Confidentiality

Definition: The property that information is not disclosed to unauthorized individuals, entities, or processes; preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Example: Individual's salary and benefits information is accessible to only the human resource department in a company.

Terminology/Vocabulary:

VPN

Decryption

Encryption

Purdue University Northwest

36 of 40

Keep It Simple

Definition: Value of keeping computer programming/system design simple without compromising the ability to protect information/data from unauthorized access.

Example: Writing a program with as few lines as possible, using loops and defined operations to make repeated calculations or drawings.

Purdue University Northwest

37 of 40

Lesson Plans

Purdue University Northwest

38 of 40

Resources

https://sites.google.com/view/gencyberpnw/home

Purdue University Northwest

39 of 40

Final thoughts?

Which of these 6 are you most interested in learning more about?

Which do you think are most essential for students to know?

Purdue University Northwest

40 of 40

Thank you!

See you tomorrow for another chance to learn more about the exciting topic of CYBERSECURITY!

Purdue University Northwest