Due to a lack of integrated cybersecurity content in regular CSE/CE (computer science & engineering/ computer engineering) programs and additional challenges in curriculum revisions, we propose to educate UG students on cybersecurity practices by developing and integrating plug-and-play modules for several courses offered in the CE/CSE UG programs. We aim to accomplish this through the realization of the following goals:
• Introduce cyber-secure design and development practices to minimize vulnerabilities during system design rather than the addition of security measures as an after-thought.
• Develop a security mindset at the undergraduate level with a focus on learning how intertwined cyber-security is with any computation-related activity/work/job.
• Inculcate interest in cybersecurity careers with a long-term goal of addressing the national shortage of cybersecurity skills.
We hypothesize that the integration of compact plug-and-play practice-based cybersecurity learning modules within existing CE/CSE programs significantly improves student participation and learning – as measured by performance on specific assessments. We used two guiding questions to test this hypothesis:
1. What courses in the curriculum are most effective for cybersecurity learning given a plug-and-play module is added?
a. What are the characteristics of such modules that interest students?
b. Do students better understand the role of cybersecurity in individual CE/CSE courses through these modules?
2. Does the addition of these modules in CE/CSE courses improve participation?
a. How do these modules affect cybersecurity learning and perception?
b. Does the integration of cybersecurity modules increase students’ interest in pursuing cybersecurity as a career?
The project will examine how the modules may be best integrated into existing curricula and the effects of the modules on student learning and interest in cybersecurity. Assessment leverages several methods including (a) a task load index to quantify rigor, (b) surveys to gain insight into the development of students’ security mindset and perceptions of cybersecurity, and (c) analysis of learning using analytical course rubrics. Deliverables of the project include a suite of plug-and-play cybersecurity modules for CE/CSE courses that span from introductory to advanced levels and meet standards for content breadth and depth. Initial results related to some developed modules have been disseminated through the ASEE 2022 conference. The third year of the project is expected to be utilized in evaluating all the modules developed in the first two years.
The Broader Impacts of this project include training a cyber-mindful and cyber-aware workforce that pays attention to cybersecurity at the system design and development phase rather than focusing on security as an afterthought. At all collaborating institutions, undergraduate and graduate students have been involved in the development of the modules, exposing them to various cybersecurity practices. In addition, all the modules and materials are being designed to be compatible with any CE/CSE program so that they can be used in a wide variety of institutions. Several modules have been tested at least once, while some will be tested twice before these are disseminated to the public. All the content would be made available under the Creative Commons license to allow unlimited use and modification.
Sai Sushmita Sudha, Sai Suma Sudha and Charlene Czerniak, University of Toledo, OH; Quamar Niyaz and Xiaoli Yang, Purdue University Northwest, IN; Sidike Paheding, Michigan Technological University, MI