Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Academia Menus

Academia Menus

Academia Early Opportunities (K-12) Mathematics Education Partnership Program Concept Development Units Summer Institutes Math and Related Sciences (MARS) Camp Partners in Education Program STARTALK Language Program Advanced Opportunities (University) Information Assurance Academic Outreach National Centers of Academic Excellence - Cyber Operations Criteria for Measurement Academic Requirements for Designation Application Instructions Center of Academic Excellence - Cyber Operations Program Application List of Current Centers of Academic Excellence	Skip Search Box Searchbox Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations Academic Content Requirements: Mandatory Program Content: (Knowledge Units) Low Level Programming Languages (must include programming assignments to demonstrate that students are capable of the desired outcomes) Proficiency in low-level programming languages is required to perform key roles in the cyber operations field (e.g., forensics, malware analysis, exploit development). Specific languages necessary to satisfy this knowledge unit are: C programming Assembly Language programming (for x86, ARM, MIPS or PowerPC) Outcome: After completing these knowledge units, students will be able to develop programs that can be embedded into an OS kernel, such as a device driver, with the required complexity and sophistication to implement exploits for discovered vulnerabilities. C Language programming Outcome: Students will be able to write a program that implements a network stack to manage network communications. Assembly Language programming Outcome: Students will be able to write a functional, stand-alone assembly language program implementing a basic telnet client with no help from external libraries. Software Reverse Engineering (must include hands-on lab exercises) The discipline of reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and aids analysis of software via disassembly and/or decompilation. Specific topics to be covered in this knowledge unit include: Reverse engineering for software specification recovery Reverse engineering for malware analysis Reverse engineering tools Reverse engineering techniques Reverse engineering communications (to uncover communications protocols) Outcome: Students will be able to use a tool such as IdaPro to safely perform static and dynamic analysis of software (or malware) of unknown origin for the purposes of recovering the original implementation or understanding the software functionality. Appropriate tools, techniques and procedures must be covered. Operating System Theory Specific topics to be covered to satisfy this knowledge unit must minimally include, but are not limited to: Privileged vs. non-privileged states Concurrency and synchronization (e.g., semaphores and locks) Processes and threads, process/thread management, inter-process communications Memory management/virtual memory Uni-processor and multi-processor interface and support File Systems IO issues (e.g., buffering, queuing, sharing, management) Distributed OS issues (client/server, message passing, remote procedure calls, clustering) Outcome: Students will have a thorough understanding of operating systems theory and implementation. They will be able to understand operating system internals to the level that they could design and implement significant architectural changes to an existing OS (e.g., make significant modifications to Windows, LINUX, etc.). Networking Specific topics to be covered to satisfy this knowledge unit must minimally include: Routing, network, and application protocols, for example: TCP/IP DNS SMTP HTTP Network architectures Wireless network technologies Network traffic analysis Protocol analysis (examining component-to-component communication to determine the protocol being used and what it is doing) Network mapping techniques (active and passive) Outcome: Students will have a thorough understanding of how networks work at the infrastructure, network and applications layers; how they transfer data; how network protocols work to enable communication; and how the lower-level network layers support the upper ones. They will have a thorough knowledge of the major network protocols that enable communications and data transfer. Cellular and Mobile Communications As more communications are conducted via mobile and cellular technologies, these technologies have become critical (and continue to become more critical) to cyber operations. Smart phone technologies Embedded operating systems (e.g., iOS, Android) Mobile protocols Infrastructures (e.g., fiber optic network) Core network (mobile: 2G, 3G, 4G; and Internet: 802.11b/g/n) Outcome: Students will be able to describe user associations and routing in a telecommunications network, interaction of elements within the telecommunications core, and end-to-end delivery of a packet and/or signal and what happens with the hand-off at each step along the communications path. They will be able to explain differences in core architecture between different generations of cellular and mobile network technology. Discrete Math Outcome: Students will be introduced to first-order logic graphs, accounting, accountability, and induction proofs. Algorithms Outcome: Students will be exposed to fundamental algorithm sorting/searching/data/manipulation or they will analyze the complexity of algorithms. Statistics Calculus I & II Outcome: Students will understand how variability affects outcomes, how to identify anomalous events, and how to identify the meaning of anomalous events. They will be able to integrate and differentiate continuous functions of multiple variables. Automata Outcome: Students will understand how automata are used to describe computing machines and computation, and the notion that some things are computable and some are not. They will understand the connection between automata and computer languages and describe the hierarchy of language from regular expression to context file. Overview of Cyber Defense (must include hands-on lab exercises) Specific topics to be covered in this knowledge unit must minimally include, but are not limited to: Network security techniques and components (e.g., firewalls, IDS, etc.) Cryptography (include PKI cryptography) Malicious activity detection Identification of reconnaissance operations Anomaly/intrusion detection Anomaly identification Identification of command and control operations Identification of data exfiltration activities Identifying malicious code based on signatures, behavior and artifacts System security architectures and concepts Defense in depth Trust relationships Distributed/Cloud Virtualization Outcome: Students will have a sound understanding of the technologies and methods utilized to defend systems and networks. They will be able to describe, evaluate, and operate a defensive network architecture employing multiple layers of protection using technology appropriate for secure mission accomplishment. Security Fundamental Principles (i.e., “First Principles”) The first principles of security are the foundation upon which security mechanisms (e.g., access control) can be reliably built. The first principles of security are the foundation upon which security policies (e.g., mandatory access control, discretionary access control, integrity, availability) can be reliably implemented. A solid understanding of the first principles of security is critical to successful performance in the cyber operations domain. The first principles, when followed, enable the implementation of sound security mechanisms and systems. When not completely followed, the risk that an exploitable vulnerability may exist is increased. Specific topics to be covered in this knowledge unit must minimally include, but are not limited to: Domain separation Process isolation Resource encapsulation Least privilege Layering Abstraction Data hiding Modularity Simplicity of design Minimization of implementation Outcome: Students will possess a thorough understanding of the fundamental principles underlying cyber security, how these principles interrelate and are typically employed to achieve assured solutions, the mechanisms that may be built from—or due to—these principles, and possible ways around them if vulnerabilities exist - e.g., how they could be manipulated to perform offensive cyber operations. Vulnerabilities Specific topics to be covered in this knowledge unit include, but are not limited to: Vulnerability taxonomy Buffer overflows Privilege escalation attacks Trojans /backdoors/viruses Rootkits Root causes of vulnerabilities Mitigation strategies for classes of vulnerabilities Outcome: Students will possess a thorough understanding of the various types of vulnerabilities (design and/or implementation weaknesses), their underlying causes, their identifying characteristics, the ways in which they are exploited, and potential mitigation strategies. They will also know how to avoid these vulnerabilities during system design, development and implementation. Legal There are many laws, regulations, directives and policies that people working in cyber operations must comply with. Cyber operations professionals should fully understand the limits of their authorities to ensure that operations in cyberspace are in compliance with U.S. law. Laws Regulations Directives Policies Outcome: Students will possess a thorough understanding of the legal issues governing the authorized conduct of cyber operations and the use of related tools, techniques, technology and data. Optional Program Content (at least 60% of the following content must be available) Programmable Logic Languages Hardware Design Languages Hardware Programming Languages Outcome: Students will be able to specify digital device behavior using a programmable logic language. FPGA Design Outcome: The student will be able to synthesize, simulate, and implement a programmable logic program on a programmable logic device. Wireless Security (e.g., 2G/3G/4G/WiFi/Bluetooth/RFID) Outcome: Students will be able to describe the unique security and operational attributes in the wireless environment and their effects on network communications. They will be able to identify the unique security implications of these effects and how to mitigate security issues associated with them. Virtualization Virtualization technology has rapidly spread to encompass workstations, servers, infrastructure devices, storage, and networks, and as such has become critical to cyber operations. Specific topics to be covered in this knowledge unit must minimally include, but are not limited to: Virtualization techniques Type 1 and Type 2 virtual machine architectures Uses of virtualization for: Security Efficiency Simplicity Resource savings (space, admin overhead) Outcome: Students will be able to discuss the advantages and disadvantages of virtualization, identify the different approaches for virtualizing computer systems, and list the security implications of each of the different approaches. Large Scale Distributed Systems Cloud Computing/Cloud Security Outcome: Students will be able to describe different kinds of Cloud architecture models, services, security issues, and components (logical and physical). They will be able to identify all associated data paths within a given cloud design. Risk Management of Information Systems Models Processes Outcome: Students will be able to identify classes of possible threats, what are the consequences associated with each threat, and what actions can be taken to mitigate the threat. Computer Architecture (includes Logic Design) Outcome: Students will be able to define devices of electronic digital circuits and describe how these components are interconnected. They will be able to integrate individual components into a more complex digital system and understand the data path through a CPU. Microcontroller Design Outcome: Students will be able to integrate discrete components into a single processor element and describe ways of achieving performance efficiencies through combining components. They will be able to identify trade-offs associated with microcontroller optimization. Software Security Analysis This knowledge unit ensures that students will possess the ability to analyze software for the presence of weaknesses that may lead to exploitable vulnerabilities in operational systems. Source code analysis Binary code analysis Static code analysis techniques Dynamic code analysis techniques Testing methodologies (Black Box/White Box/Fuzz) Outcome: Students will be able to perform analysis of existing source code for functional correctness. They will be able to apply industry standard tools that analyze software for security vulnerabilities. Through the application of testing methodologies, students should be able to build test cases that demonstrate the existence of vulnerabilities. Secure Software Development (Building Secure Software) This knowledge unit ensures that students are knowledgeable in the methods that lead to the development of robust, secure software. Secure programming principles and practices Constructive techniques (What process might provide for “good code.”) Outcome: Students should be able to demonstrate that they understand the techniques specifying program behavior, the classes of well known defects, how they manifest themselves in various languages, and show that they are capable of authoring programs that are free from defects. Embedded Systems Outcome: Students will be able to define requirements which lead to the design and fabrication of an embedded system. They will be able to program the microcontrollers to achieve an application-specific design and identify the security concerns associated with resource constrained devices. Forensics and Incident Response or Media Exploitation (not focusing on the legal aspect) Operating system forensics Media forensics Network forensics Component forensics (cell phones, hard drives, etc.) Outcome: Students will be able to develop a profile of an individual user’s activity, determine the manner in which an operating system or application has been subverted, recover “deleted” and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of components. Systems Programming This knowledge unit ensures that students will be proficient in programming systems software (i.e., software that interacts with the system hardware and/or other low-level system components that interact with the hardware). Systems programming usually uses a low-level programming language (e.g., C, assembly) that allows efficient use of core resources. Systems programming is sufficiently different from applications programming such that programmers tend to specialize in one or the other. Kernel internals Device drivers Multi-threading Use of alternate processors (e.g., graphics card processors) Outcome: Students will be able to build and integrate kernel modules, understand the system call mechanism and how malicious software subverts system calls. They should demonstrate sufficient knowledge of the networking stack to be able to construct network filter components. They will also be able to discuss strengths and weaknesses of alternative processors and demonstrate familiarity of tool sets for making use of alternative processors (e.g., GPUs). Applied Cryptography Outcome: Students will be able to identify the appropriate uses of symmetric and asymmetric encryption. They will be able to assign some measure of strength to cryptographic algorithms and the associated keys. They will also be able to identify what level of algorithm strength is needed for particular applications and the implementation factors related to its suitability for use. Students will understand the common pitfalls associated with the implementation of cryptography, and will understand the challenges and limitations of various key management systems. SCADA Systems Outcome: Students will be able to describe how embedded systems are employed in industrial infrastructures and control systems. They will be able to identify means for capturing instrument telemetry and identifying feedback controls. They should be able to describe methods for managing distributed nodes and identify potential security vulnerabilities associated with the use of such systems and means for mitigating these vulnerabilities. HCI/Usable Security Outcome: Students will understand user interface issues that will affect the implementation of and perception of security mechanisms and the behavioral impacts of various security “policies.” They will also understand the tension between user security and convenience. The following knowledge units may be credited towards meeting the optional academic content requirements of the Cyber Operations CAE Program (currently 10 out of the 16 identified option knowledge units). The addition of the below-identified optional knowledge units will not affect the minimum requirement which, for 2013, will remain at 10. These additional knowledge units may be incorporated into the formula for determining compliance in 2014 (e.g., 60 percent of the optional knowledge units), which will raise the minimum number of optional knowledge units to 11 of 18. Offensive Cyber Operations This knowledge unit provides a high-level overview of the phases of a cyber operation, from target identification through development of operational plans, execution, and assessment. Outcome: Students will understand the phases of a cyber operation, what each phase entails, who has authorities to conduct each phase, and how operations are assessed after completion. Hardware Reverse Engineering This knowledge unit provides students with an introduction to the basic procedures necessary to perform reverse engineering of hardware components to determine their functionality, inputs, outputs, and stored data. Outcome: Students will understand basic fundamental procedures such as probing, measuring, and data collection to identify functionality and to affect modifications to the hardware functionality. Programmatic Requirements: Academic Content 100 percent of Mandatory Knowledge Units 60 percent of Optional Knowledge Units Recognition via Certificate or Focus Area On-site validation of curriculum to determine compliance with academic standards Courses Course content Course Frequency (when was each course last taught, when will it be taught again) Updates (when was each course last updated) Direct interaction with faculty that teach courses during validation process Robust use of labs and “hands-on” exercises (Note that some knowledge units may not be suitable for labs) Lab exercises, programming assignments, student papers, projects, and presentations Student Participation in Classified Summer Seminars Continuous Faculty Development Faculty stays current on topics in field Faculty conducts cyber-related research Participation in Summer Seminars Service Learning Requirements (students must participate in activities that build the Cyber community – e.g., cyber exercise participation, conference participation, outreach to local grade/high schools) Have a program in place for continuous improvement of the program Active and current Cyber research activities
	Date Posted: Jan 10, 2012 \| Last Modified: Sept 11, 2012 \| Last Reviewed: Sept 11, 2012

bottom