420 Views
  1. Aunshul Rege
  2. http://sites.temple.edu/care
  3. Associate Professor
  4. Presenter’s NSFRESOURCECENTERS
  5. Temple University
  1. Rachel Bleiman
  2. https://sites.temple.edu/rbleiman/
  3. Graduate Research Assistant
  4. Presenter’s NSFRESOURCECENTERS
  5. Temple University
  1. Katorah Williams
  2. Graduate Research Assistant
  3. Presenter’s NSFRESOURCECENTERS
  4. Temple University

SaTC: EDU: Educating STEM Students and Teachers about the Relevance of Social...

NSF Awards: 2032292

2021 (see original presentation & discussion)

Grades 9-12, Undergraduate, Graduate

Social engineering (SE) is a technique employed by cybercriminals that uses psychological manipulation to obtain sensitive information and gain unauthorized access to restricted areas or systems. The human factor is leveraged often in cyberattacks, making SE a major concern for cybersecurity. Despite the significant threat posed by SE attacks, education, training and general awareness of SE as a tool for cybercrime is low. This video will showcase the CARE (Cybersecurity in Application, Research and Education) Lab’s efforts to incorporate SE into cybersecurity education, as well as engaging the community to ensure equal accessibility to cybersecurity education, broadening participation from diverse domains (race, gender, discipline, etc.). Enlarging and diversifying the pool of students learning (and teachers educating on) SE will cast a wider net to recruit the most talented students as well as to foster their creative potential as they enter the cybersecurity workforce.

This video has had approximately 114 visits by 91 visitors from 40 unique locations. It has been played 29 times.
activity map thumbnail Click to See Activity Worldwide
Map reflects activity with this presentation from the 2021 STEM For All Video Showcase website, as well as the STEM For All Multiplex website.
Based on periodically updated Google Analytics data. This is intended to show usage trends but may not capture all activity from every visitor.
show more
Discussion from the 2021 STEM For All Video Showcase (12 posts)
  • Icon for: Thomas Smith

    Thomas Smith

    Facilitator
    Professor
    May 11, 2021 | 06:48 p.m.

    So glad you are working on this, given the crazy year we have had with cyber and ransomeware attacks. Are you developing a curriculum the includes SE or an online learning tool? What are some of the ways that you are engaging the the community to ensure equal accessibility to cybersecurity education? I am particularly interested what you are doing to diversify the pool of students learning about SE and gaining an interest in a cybersecurity career.

  • Icon for: Aunshul Rege

    Aunshul Rege

    Lead Presenter
    Associate Professor
    May 11, 2021 | 07:17 p.m.

    Thank you so much for visiting our page/video! We have many SE course projects on our website that are free to download: https://sites.temple.edu/care/resources/ These have also been mapped to the NIST NICE Framework.

    Access equity strategy #1: All of our resources are free (including the course project).

     

    Diversifying pool of candidates strategy #1: We have summer SE competitions open to students across ALL domains (not just technical fields). https://sites.temple.edu/care/se_pentest/

    Diversifying pool of candidates strategy #2: The summer SE competitions are open to students at all levels (high schools, undergrads, grads, adult learners, etc.). 

    Diversifying pool of candidates strategy #3: The summer SE competition is open internationally  - we have 9 international teams competing (more details will be announced next week). Bringing in cultural context and diversity is important when studying SE.

    Access equity strategy #2: The summer SE competitions are virtual, so students from all over the US and abroad can engage. Students from smaller schools (not just ivy league schools) who may not have funds to travel to compete in competitions can compete in our events.

    I hope this helps!

     
    1
    Discussion is closed. Upvoting is no longer available

    Bernard Yett
  • Icon for: Mike Vargas

    Mike Vargas

    Facilitator
    Physics Teacher
    May 12, 2021 | 07:06 a.m.

    I was interested in your programs metrics. How many schools are participating, numbers of outreach to date so far, and what kinds of things are you planning to scale up this project for further outreach? 

    I think this idea for a program is super interesting and also wanted to know what you thought was the greatest personal threat to peoples cyber security at any given time. 

    Thanks for your insights 

  • Icon for: Aunshul Rege

    Aunshul Rege

    Lead Presenter
    Associate Professor
    May 12, 2021 | 08:36 a.m.

    Thank you for visiting our page/video! And thank you for your interest, question and kind words!

    We have three events for this NSF grant, and I am providing metrics for each:

    1. Educator workshop (June 7)

    https://sites.temple.edu/care/educator-workshop/

    We have 10 educators from high schools, 17 from community colleges and universities, some STEM non-profit members, and librarians from all over the country.

    2. Summer SE Pen Test Competition

    https://sites.temple.edu/care/se_pentest/

    We have 29 teams competing (details will be released next week on our website), 11 graduate teams, 15 undergraduate teams, and 2 high school teams. 9 of the 29 teams are international.

    3. CollegiateSECTF

    http://sites.temple.edu/socialengineering

    We have just opened the applications for this (it is open only to undergraduate students, and is international in scope). It is too early to list metrics for this, but last year was the inaugural event. We received 25 applications.

    Potentially scaling up

    We have been asked this question, and at the moment, we are just ensuring that can in fact implement these events in a safe and ethical manner. There are MANY steps that go into planning these events, especially the competitions: getting ethics review/approval, background checks for working with minors, waivers with risk management, etc. Our typical rule is can to have three successful iterations before moving forward.

    We want to make things easier for potential partners. More importantly, we want to bring Liberal Arts into the picture as technical fields have already dominated the space of cybersecurity education, which while important, unfortunately portrays the stereotype that one must be technical to contribute to cybersecurity.

    We are open to feedback as we are learning through this process!

     
    1
    Discussion is closed. Upvoting is no longer available

    Mike Vargas
  • Icon for: Rebecca Vieyra

    Rebecca Vieyra

    Facilitator
    Doctoral Student
    May 12, 2021 | 12:13 p.m.

    Hi, team!

    I'm curious to know more about what these trainings and/or student-directed curriculum and activities look like. For example, I've taken courses for work that introduce me to "how to spot a fishing e-mail," where there are clickable activities in which I have to find suspicious info. Are your activities also primarily student-computer interaction-based? Or, are there whole-group, non-computer activities, too? (I tried clicking on the links in the above discussion, but they mostly took me to PD applications, from what I could tell).

  • Icon for: Aunshul Rege

    Aunshul Rege

    Lead Presenter
    Associate Professor
    May 12, 2021 | 01:12 p.m.

    Greetings and thank you so much for visiting us!

    I was just having this conversation yesterday with a collaborator. Most of the SE/phishing trainings we have seen fall into three broad categories (i) online quiz, (ii) talks about latest trends, and (iii) gamification (which is what you mention).

    Ours are structured differently. For instance, our Lab is the 'target'. Students have to (i) conduct reconnaissance (OSINT) to understand our lab activities and employees (me and my grad students), (ii) use their Lab OSINT and any external OSINT to develop  believable pretexts/backstories that most likely to 'hook' us, (iii) embed the pretexts into a convincing phishing email and use psychological persuasion techniques to convince us to do something (ex: send a file), and (iv) be ready to adapt to any pushback employees might given them.

    So as you can see, the phishing experience is target-specific, demonstrates the many factors that go into a phishing email (psychology, OSINT, pretext development), and also  offers realistic adaptation capabilities. We offer a human-centric experience. Also, this entire exercise, while still not representative of reality, is a great simulation and makes the student think about the non-technical aspects of phishing.

    Almost all of our activities are structured like this. Hands-on, in-person (pre-COVID days!), solo or group-based. We try to get as close to reality as we can in a safe and ethical manner. All of our projects have been vetted by the ethics board. You can see the projects here: https://sites.temple.edu/care/resources/. We have made these resources free for download. They come complete with instructions and rubrics. The only thing you would have to do is get ethics approval at your end (and we can help with that too).

    I hope this helps. I'm happy to discuss further if you like!

  • Icon for: Rebecca Vieyra

    Rebecca Vieyra

    Facilitator
    Doctoral Student
    May 12, 2021 | 02:46 p.m.

    Thanks, Aunshul! (I requested to see one of the projects by filling out the form, but it looks like it needs to get approved). I also tried clicking on the mapping for each course project, but I'm getting a 404. 

  • Icon for: Aunshul Rege

    Aunshul Rege

    Lead Presenter
    Associate Professor
    May 12, 2021 | 03:49 p.m.

    Hmm - that's odd. Can you please try accessing the mapping document again? It's working for me. If it still doesn't work, each one has been mapped on the actual webpage anyway. 

    Yes, we have received the request for the project download, and usually get back within 24-48 hours. I'll see if I can get to it later today though!

  • Icon for: Rebecca Vieyra

    Rebecca Vieyra

    Facilitator
    Doctoral Student
    May 12, 2021 | 09:21 p.m.

    Thanks, I got access to everything now!

  • Icon for: Aunshul Rege

    Aunshul Rege

    Lead Presenter
    Associate Professor
    May 13, 2021 | 07:28 p.m.

    Wonderful! Please let me know if you have any questions!

  • Icon for: Kara Dawson

    Kara Dawson

    Higher Ed Faculty
    May 13, 2021 | 06:11 p.m.

    This is such an important topic. We briefly introduce social engineering to 3rd-5th graders in our CrypoComics curriculum and I really appreciate the scope of your lab's efforts. Keep up the great work. 

  • Icon for: Aunshul Rege

    Aunshul Rege

    Lead Presenter
    Associate Professor
    May 13, 2021 | 07:30 p.m.

    Thank you so much for stopping by, and yes, we agree!

    I'd love to connect with you to discuss how you are engaging with 3rd-5th graders on this topic. We have just started branching into the high school space, and are open to learning and partnering with others.

  • Further posting is closed as the event has ended.

Multiplex Discussion
  • Members may log in to post to this discussion.