权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

SaTC: EDU: Educating STEM Students and Teachers about the Relevance of Social Engineering in Cyberattacks and Cybersecurity

SaTC：EDU：教育 STEM 学生和教师了解社会工程在网络攻击和网络安全中的相关性

基本信息

批准号：
2032292
负责人：
Aunshul Rege
金额：
$ 40万
依托单位：
Temple University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2021
资助国家：
美国
起止时间：
2021-02-01 至 2025-01-31
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2032292&HistoricalAwards=false
关键词：
SaTC EDU Educating STEM Students

项目摘要

Social engineering (SE) is a technique employed by cybercriminals that uses psychological manipulation to obtain sensitive information and gain unauthorized access to restricted areas or systems. Nearly 70% of U.S. organizations experienced SE in 2017, resulting in a $2.76 million loss in operational downtime and revenues. The human factor is often regarded as the weakest link in cyberattacks, making SE a major concern for cybersecurity. Despite the significant threat posed by SE attacks, education, training and general awareness of SE as a tool for cybercrime is low. This is because SE is considered to be outside the scope of the technical domain and thus should be addressed by other disciplines, including psychology, criminology, and sociology. The engineering and computer science disciplines are already investing heavily in cybersecurity education programs that have a primarily technical focus. While this technical approach is important, the resulting pool of students is too small and homogeneous to support the holistic development of the solutions needed by our technologically dependent society. Enlarging and diversifying the pool of students learning about (and teachers educating on) SE will cast a wider net to recruit the most talented students as well as fostering their creative potential as they enter the cybersecurity workforce. Furthermore, the project will reflect the National Science Foundation’s commitment to broadening participation along two fronts identified in its Strategic Plan: (i) Expanding efforts to broaden participation from underrepresented groups and diverse institutions across all geographical regions, and (ii) Preparing a diverse and engaged STEM workforce. Thus, this project will promote diversity, and develop and share resources and sustainable tools for future SE education and research in a safe, ethical, and engaging learning environment.This project has three objectives. First, it will educate students via hands-on course projects and a yearly intercollegiate SE Capture the Flag competition and training event. Second, the project will educate educators by hosting online and in-person training workshops across multiple STEM disciplines. Finally, the project will disseminate free resources such as SE course projects, datasets and analytic frameworks for research and education. The project will also develop a new set of assessment tools (surveys and focus groups) with the Center for the Advancement of Teaching to measure student and educator learning specific to SE. This project proposes to enlarge and diversify the pool of students and educators by recruiting across multiple STEM disciplines at community colleges and universities in the U.S. with varying demographics. Minority serving institutions, historically black colleges and universities, and military/veteran friendly schools will be specifically engaged. In addition, the project team will actively seek participation from faculty belonging to underrepresented groups at these institutions. This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

社会工程（Social engineering， SE）是网络犯罪分子使用的一种技术，通过心理操纵来获取敏感信息，并未经授权访问受限制的区域或系统。2017年，近70%的美国组织经历了SE，导致运营停机时间和收入损失276万美元。人为因素通常被认为是网络攻击中最薄弱的环节，这使得SE成为网络安全的主要关注点。尽管网络安全攻击构成重大威胁，但教育、培训和公众对网络安全作为网络犯罪工具的认识却很低。这是因为SE被认为超出了技术领域的范围，因此应该由其他学科来解决，包括心理学、犯罪学和社会学。工程和计算机科学学科已经在主要以技术为重点的网络安全教育项目上投入了大量资金。虽然这种技术方法很重要，但由此产生的学生人数太少，同质化程度太低，无法支持我们这个依赖技术的社会所需的解决方案的整体发展。扩大和多样化学习网络安全的学生（以及教授网络安全的教师），将为招聘最有才华的学生撒下更大的网，并在他们进入网络安全工作队伍时培养他们的创造潜力。此外，该项目将反映美国国家科学基金会在其战略计划中确定的两个方面扩大参与的承诺：(i)扩大努力，扩大所有地理区域中代表性不足的群体和不同机构的参与，以及（ii）准备一支多元化和敬业的STEM劳动力队伍。因此，该项目将促进多样性，开发和共享资源和可持续的工具，为未来的东南教育和研究提供一个安全、道德和参与的学习环境。这个项目有三个目标。首先，它将通过实践课程项目和每年一次的校际SE夺旗比赛和培训活动来教育学生。其次，该项目将通过举办多个STEM学科的在线和面对面培训研讨会来教育教育工作者。最后，该项目将传播免费资源，如SE课程项目、数据集和分析框架，用于研究和教育。该项目还将与教学促进中心一起开发一套新的评估工具（调查和焦点小组），以衡量学生和教育工作者对SE的学习情况。该项目建议通过在美国不同人口结构的社区学院和大学招聘多个STEM学科的学生和教育工作者，扩大和多样化学生和教育工作者的群体。少数民族服务机构，历史上的黑人学院和大学，以及军事/退伍军人友好的学校将特别参与。此外，项目团队将积极寻求这些机构中代表性不足群体的教员的参与。该项目由安全与可信网络空间（SaTC）计划支持，该计划资助解决网络安全和隐私问题的提案，在这种情况下，特别是网络安全教育。SaTC项目与《联邦网络安全研究与发展战略计划》和《国家隐私研究战略》保持一致，旨在保护和维护网络系统日益增长的社会和经济效益，同时确保安全和隐私。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。