Abstract
In this work, we discuss lessons learned over the past three years while supporting a graduate capstone course centered on research projects in industrial control system (ICS) security. Our course considers real-world problems in shipboard ICS posed by external stakeholders: a system-owner and related subject matter experts. We describe the course objectives, format, expectations and outcomes. While our experiences are generally positive, we remark on opportunities for curricula improvement relevant to those considering incorporating realistic ICS topics into their classroom, or those working with an external SME.
The views expressed in this material are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AlienVault OSSIM: The open source SIEM (2015). https://www.alienvault.com/products/ossim
Zabbix: the enterprise-class monitoring solution for everyone (2015). http://www.zabbix.com/
Dark, M., Bishop, M., Linger, R.C., Goldrich, L.: Realism in teaching cybersecurity research: The agile research process. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 9. IFIP AICT, vol. 453, pp. 3–14. Springer, Heidelberg (2015)
Department of Homeland Security (U.S.). Critical infrastructure and control systems security curriculum, March 2008
Digital Bond, Inc.: Quickdraw SCADA IDS (2014). http://www.digitalbond.com/tools/quickdraw/
Executive Order no. 13636. Improving Critical Infrastructure Cybersecurity, February 2013. http://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf
Foo, E., Branagan, M., Morris, T.: A proposed australian industrial control system security curriculum. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 1754–1762. IEEE (2013)
Foreman, J.C., Graham, J.H., Hieb, J.L., Ragade, R.K.: A curriculum model for industrial control systems cyber-security with sample modules. Technical Report 2012–14, Center for Education and Research, Purdue University (2012)
Francia III, G.A.: Critical infrastructure security curriculum modules. In: Proceedings of the 2011 Information Security Curriculum Development Conference (InfoSecCD 2011), pp. 54–58, Sept 2011
Francia III, G.A., Beckhouche, N.: Portable SCADA security toolkits. Int. J. Inf. Netw. Secur. (IJINS) 1(4), 265–274 (2012)
Francia III, G.A., Snellen, J.: Embedded and control systems security projects. Inf. Secur. Educ. J. 1(2), 77–84 (2014)
Irvine, C.: A cyberoperations program. IEEE Secur. Priv. Mag. 11(5), 66–69 (2013)
Luallen, M.E., Labruyere, J.-P.: Developing a critical infrastructure and control systems cybersecurity curriculum. In: 46th Hawaii International Conference on System Sciences (HICSS), pp. 1782–1791. IEEE, January 2013
McGrew, R.W., Vaughn, R.B.: Discovering vulnerabilities in control system human-machine interface software. J. Syst. Softw. 82(4), 583–589 (2009)
Mishra, S., Romanowski, C.J., Raj, R.K., Howles, T., Schneider, J.: A curricular framework for critical infrastructure protection education for engineering, technology and computing majors. In: 2013 IEEE Frontiers in Education Conference (FIE), pp. 1779–1781. IEEE, October 2013
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)
Mulder, J., Schwartz, M., Berg, M., Van Houten, J.R., Mario, J.: WeaselBoard: zero-day exploit detection for programmable logic controllers. Technical report SAND2013-8274, October 2013
National Institute of Standards and Technology (U.S.): Framework for improving critical infrastructure cybersecurity, February 2014
National Security Agency (U.S.): Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations (2014). https://www.nsa.gov/academia/nat_cae_cyber_ops/nat_cae_co_requirements.shtml
The Snort Project. SNORT users manual (2014). http://manual.snort.org/snort_manual.htm
Tofino Security Inc.: Tofino SCADA security simulator (TSSS) user’s guide, January 2013
Vaughn, R.B., Morris, T., Sitnikova, E.: Development & expansion of an industrial control system security laboratory, an international research collaboration. In: CSIIRW 2013: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. ACM, January 2013
Weis, B., Gross, G., Ignjatic, D.: Multicast extensions to the security architecture for the internet protocol. RFC 5374, November 2008
Wightman, R.: S4x12: Project basecamp (2012). http://vimeopro.com/s42012/s4-2012/video/35783988
Acknowledgements
The authors would like to thank David E. Reed (NSWCCD, Ship Systems Engineering Station), Mark Roman (NSWCCD) and John Mulder (Sandia) for collaboration during course projects, and Cynthia Irvine for guidance and course support under the Cyber Systems and Operations curriculum at the Naval Postgraduate School.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Nguyen, T.D., Gondree, M.A. (2016). Teaching Industrial Control System Security Using Collaborative Projects. In: Bécue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds) Security of Industrial Control Systems and Cyber Physical Systems. CyberICS WOS-CPS 2015 2015. Lecture Notes in Computer Science(), vol 9588. Springer, Cham. https://doi.org/10.1007/978-3-319-40385-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-40385-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40384-7
Online ISBN: 978-3-319-40385-4
eBook Packages: Computer ScienceComputer Science (R0)