Stepping-stone intrusion is a hacking strategy in which an attacker sends attacking commands through compromised hosts, called stepping-stones, in order to remotely access a target host. These stepping-stones form part of a connection chain that serves as an intermediary between the target and attacker hosts, providing the attacker with increased anonymity and detection avoidance capabilities. It is well-known that a long connection chain with three or more connections often indicates malicious activities.

The Internet of Things (IoT) paradigm promises to make “things” include a more generic set of entities such as smart devices, sensors, human beings, and any other IoT objects to be accessible at any time and anywhere. IoT allows for the interconnectivity of devices or objects to collect, send, and receive information. IoT varies widely in its applications, but one of its most beneficial uses is in the medical field. Healthcare utilizes IoT and its emerging technologies to provide more efficient and quality care for patients while reducing the workload and burden on healthcare facilities.

This presentation shares a best practice in teaching network defense based on recent research on network security. Computer networks as part of critical infrastructure facilities and assets for most organizations are facing increasing challenges in defending against various and sophisticated cyber threats, intrusions, and attacks. Knowledge discovery is a key factor in cyber defense, and honeypots could be an effective tool for gaining knowledge for cyber defense.

The healthcare ecosystem involves several interconnected stakeholders with different and sometimes conflicting security and privacy requirements. Sharing medical data, particularly remotely generated data, is a challenging task. Although there are several solutions in the literature that address the interoperability & scalability functional requirements of such services, as well as the security & privacy requirements, achieving a good balance between these is not a trivial task as off-the-shelf solutions do not exist.

This proposal discusses considerable benefits of a recent outreach project to strengthen relationships between Indiana University of Pennsylvania (IUP), an established CAE for over two decades, and several Community Colleges (CCs) and technical institutes across Pennsylvania. IUP has been working with several CCs for years to promote cybersecurity education and research in the western PA region.

Modern power grids, such as smart grid and micro-grid systems, have various intelligent and sophisticated controllers at all stages of generation, transmission, sub transmission, distribution, and customer ends. Moreover, renewable energy sources (wind generator, photovoltaic systems, etc.) are being connected to the grids through various power electronics components and energy storage systems (ESS). According to a recent report, solar and wind together represent roughly 10 percent of the world’s installed capacity.

Critical Infrastructure training based on the current threat environment is at a high level throughout the nation and worldwide. A concerted effort by multiple professors, professional cybersecurity personnel, students and staff, a workshop has been developed based that provides training on current topics using in some cases actual examples of security incidents, demonstrations such as pen-testing and necessary remediation steps and methodologies.

As the capability to detect network intrusion has increased, so has attackers’ ability to avoid detection. Commonly, attackers use Secure Shell (SSH) to hide their identity. SSH securely connects two hosts together and encrypts their interactions.

The need for cybersecurity workers is clear. With a documented current shortage of cybersecurity workers in the U.S. identified as over 300,000 openings, the need to attract, and retain more future cybersecurity workers could not be more clear. Many efforts have been created to address this need and have had clear positive results.

This presentation will review the development of a week-course for high school students. The course is designed to introduce students to the exciting science of Cybersecurity using an experiential gamification approach to learning Computer Science, with an emphasis on application and teamwork. The course includes practice using current Cybersecurity industry tools and technologies, development of cyber detective skills, and academic team competition. The course is offered during the Honors Summer Academy on the Oklahoma Christian University campus.