Cybersecurity is one of the most critical national issues of our time. The trend for cyber-attacks is rapidly increasing in enterprise networks and is extending into other domains like the Internet of Things (IoT) and Industrial Control Systems (ICS). Our 16 Critical Infrastructures are the powerhouses for our military might and our huge economy, and thus protecting these assets is paramount. This class will: (1) introduce students to the history of the problem of Cybersecurity, (2) introduce students to the 16 Critical Infrastructures, and (3) provide students hands-on experience with developing Cybersecurity technology to assess, defend, and monitor enterprise, IoT, and ICS networks.
This course focuses on understanding the history, the vulnerability, and the need to protect our Critical Infrastructure and Key Resources (CIKR). We will start by briefly surveying the policies which define the issues surrounding CIKR and the strategies that have been identified to protect them. Most importantly, we will take a comprehensive approach to evaluating the technical vulnerabilities of the 16 identified sectors, and we will discuss the tactics that are necessary to mitigate the risks associated with each sector. These vulnerabilities will be discussed from the perspective of technical journals/articles which detail recent and relevant network-level CIKR exploits. We will cover well known vulnerable systems such the Internet, SCADA, and lesser known systems such as E911 and industrial robots. Students will be challenged with hacker-type home works inspired by current SANS NewsBites and the instructor's research, and will work on a team-based semester long project.
Module # | Module Title | Module Description |
1 | Why Is There A Cyber Security Problem? | Cyber Security Introduction
|
2 |
|
|
3 | TCP/IP Networks and Security |
|
4 |
|
|
5 | Compute Node Security |
|
6 |
|
|
7 | Vulnerability Monitoring and Analysis | Vulnerability Monitoring and Analysis
|
8 |
|
|
9 | Team Project Question and Answer Session |
|
10 | Malware Monitoring and Analysis | Technical Discussion: Malware Monitoring and Analysis
|
11 |
|
|
12 | Data Analytics and Machine Learning |
|
13 | Cloud Security |
|
14 | Team Project Poster Session |
|
The goals for this class are to: (1) introduce the 16 CIs, (2) introduce the existing and novel protection schemes for CI, (3) but more importantly, challenge students to become cyber researchers and to develop new protection schemes.
Amoroso, Edward. (2011). Cyber Attacks: Protecting National Infrastructure, Elsevier Inc.
Clarke, Richard and Knake, Robert (2010). Cyber War: The Next Threat To National Security And What To Do About It, HarperCollins Publishers.
DHS Website: Critical Infrastructure Sectors Website. (2017). Available at: http://www.dhs.gov/critical-infrastructure-sectors
You will need access to a recent version of MATLAB with the Signal Processing Toolkit. The MATLAB Total Academic Headcount (TAH) license is now in effect. This license is provided at no cost to you. Send an email to software@jhu.edu to request your license file/code. Please indicate that you need a standalone file/code. You will need to provide your first and last name, as well as your Hopkins email address. You will receive an email from Mathworks with instructions to create a Mathworks account. The MATLAB software will be available for download from the Mathworks site.
There will be weekly class discussions (in the class discussion area) covering topics from areas 1-3 mentioned above. This will be assessed under class participation (10%). Every other week, a student will serve as the class leader for the week and will choose CI protection solutions from areas 4 and 5 mentioned above, and will deliver voice track slide presentations to the class. This will be assessed under class leader presentation (10%). Each student not presenting will be responsible for critiquing the solution (not the presentation) in the class discussion area. This will be included under class participation (See above).
There will be two exams, Exam 1 will cover the topics mentioned in area 1 above and Exam 2 will cover the topics mentioned in areas 2-5. These will be assessed under Exam 1 and Exam 2 respectively (15% each, total of 30%). There will be 4 or 5 home works covering topics in areas 1-5 mentioned above. This will be assessed under Hacker Assignments (20%). For the semester long project, the team must produce a double column 5-6 page research paper with the following elements: title, abstract, introduction, related works, experimental evaluation (setup, experiments, results and discussion), conclusions and future work, and properly formatted IEEE formatted references. Also, a technical presentation will be due along with the paper.
The semester long project will be assessed like a peer reviewed conference paper and presentation (30%). Of this 30%, an executive summary will be due in Week 5 worth 5%, in Week 9 a project plan will be due worth 5%, and in Week 14 the technical paper and presentation will be due worth 20%.
Assignments are due according to the dates posted in your Canvas course site. You may check these due dates in the Course Calendar or the Assignments in the corresponding modules. I/We will post grades one week after assignment due dates.
We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.
A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.
A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.
Score Range | Letter Grade |
---|---|
100-98 | = A+ |
97-94 | = A |
93-90 | = A− |
89-87 | = B+ |
86-83 | = B |
82-80 | = B− |
79-70 | = C |
<70 | = F |
Assignment | Percentage of Grade | Comments |
Cyber Security Background History Exam | 15% | 45 minutes |
CIKR Description and Protection Methods Exam | 15% | 60 minutes |
Class Participation:
| 10% |
|
Hacker Assignments | 20% |
|
Class Leader Presentation | 10% | Each student will give at least 1 presentation on a technical paper |
Team Assignment
| 30% | Each group will give a technical presentation and hand in a technical paper |
Deadlines for Adding, Dropping and Withdrawing from Courses
Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.
Academic Misconduct Policy
All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.
This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.
Students with Disabilities - Accommodations and Accessibility
Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.
For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.
Student Conduct Code
The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically.
For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/
Classroom Climate
JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity.
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).
Course Auditing
When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.