Collaborative Project: Puzzle-Based Cybersecurity Learning to Enhance Defensive Skills of Front-Line Technicians

Keeping computers and information systems secure is a major challenge. Business, industry, and government need well-prepared technicians who can prevent, detect, and investigate cybersecurity breaches, and the growth of cyber-threats has created a need for many more workers who have appropriate, specific knowledge and skills. The objective of this project is to develop innovative "puzzles," using specialized software, to assist students in learning concepts of and approaches to cybersecurity. Every day, new cyber-attack patterns and vulnerabilities are emerging. Passive methods of cybersecurity education do not adequately prepare students to defend against rapidly evolving, real-world threats. The central idea behind puzzle-based learning is to provide interesting challenges that engage students in thinking about multiple approaches to solving a problem. Puzzles formulate a problem in a specific format that encourages students to use their knowledge and skills and to think "outside the box."

The project team will design and develop interactive, multi-level puzzles both for students who have limited knowledge of computers, networks, and cybersecurity and for students who have a moderate to high level of expertise. The complexity of the developed puzzles will be varied based on the target audience. Puzzle-based learning addresses two issues: (1) It places emphasis on developing critical thinking skills instead of simply covering content. (2) It promotes and builds mathematical and logical reasoning skills. Many institutions have already used puzzles in their STEM curricula successfully. Puzzles have been introduced in introductory computer science courses. However, no significant work has been done on introducing puzzles into cybersecurity curricula. The project team will design scenario-based security puzzles that explore a range of topics (such as identifying and neutralizing malicious software, deploying a secure wireless network, and detecting e-mail spam) using logical decision trees, truth tables, and directed graphs. At the end of each exercise, participants will be able trace back their decisions and analyze how an incorrect decision stem can lead to the exploitation of a vulnerability and how correct actions can prevent it. The investigators will phase in the use of these puzzles so as to: i) examine how to effectively integrate such puzzle-based learning technology with instructional content of community college courses to improve the skill sets of front line cyber defenders, and ii) better identify and understand the circumstances under which success occurs. The project team will also conduct a small-scale efficacy study by having students participate in cyber "capture-the-flag" competitions to determine if the new enhanced courseware enables increased learning compared to the existing instructional methodology.

This is a collaborative project involving Jackson State Community College (Award DUE-1406992) and the University of Memphis (Award DUE-1406853).