Developing a framework of cybersecurity competence for cyber-physical systems engineering
|Interdisciplinary Areas:||Security and Privacy
Computing students enter the workforce to develop and maintain cyber-physical systems. These systems underpin many consumer products as well as the nation’s critical infrastructure. Adversaries frequently target cyber-physical systems, causing an annual impact of billions of dollars. It is thus important that computing students learn cybersecurity: how to securely design, implement, and maintain the cyber-physical systems for which they are responsible. Current computing curricula acknowledge the importance of cybersecurity training, yet the relevant competencies are ambiguous. The literature lacks a framework characterizing the knowledge, skills, and abilities (KSAs) that computing graduates (undergrad and grad) require to effectively secure cyber-physical systems. We expect these KSAs include systems thinking, system modeling, failure analysis, and knowledge management.
The objective of this project is to develop a framework of cybersecurity competence by establishing the knowledge, skills, and abilities required to engineer secure cyber-physical systems. One focus of the research project will be human-subjects research with industry and government practitioners, such as our partners at Rolls Royce, Cisco, ThreatModeler, and the US Coast Guard to characterize the KSAs necessary for success in engineering secure cyber-physical systems. The second focus will be developing and validating assessments of these KSAs suitable for use with undergraduate and graduate students.
September 1, 2024
A strong applicant will have prior research experience in relevant areas including cybersecurity education, computing education, or engineering education. An ideal applicant would have training both in computing (e.g. electrical engineering, computer engineering, computer science) and in educational learning theories and research methods. Candidates should have strong written and oral communication skills, ability to thrive in a collaborative environment, and experience and interest in working in an interdisciplinary context.
James Davis, email@example.com, School of Electrical and Computer Engineering, https://davisjam.github.io/
Kirsten Davis, firstname.lastname@example.org, School of Engineering Education, https://engineering.purdue.edu/ENE/People/ptProfile?resource_id=242800
Anandayuvaraj, D., & Davis, J. C. (2022, October). Reflecting on Recurring Failures in IoT Development. In 37th IEEE/ACM International Conference on Automated Software Engineering (pp. 1-5).
Gopalakrishna, N. K., Anandayuvaraj, D., Detti, A., Bland, F. L., Rahaman, S., & Davis, J. C. (2022, May). “If security is required”: Engineering and Security Practices for Machine Learning-based IoT Devices. In 2022 IEEE/ACM 4th International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT) (pp. 1-8).
Hassan, S. A., Aamir, Z., Lee, D., Davis, J. C., & Servant, F. (2022, December). Improving Developers' Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 1313-1330). IEEE Computer Society.
Davis, K. A., Ghaffarzadegan, N., Grohs, J. R., Grote, D., Hosseinichimeh, N., Knight, D. B., Mahmoudi, H., & Triantis, K. (2020). The Lake Urmia vignette: A tool to assess understanding of complexity in socio-environmental systems. System Dynamics Review, 36(2), 191–222. https://doi.org/10.1002/sdr.1659
Davis, K. A., Grote, D. M., Mahmoudi, H., Perry, L., Ghaffarzadegan, N., Grohs, J. R., Hosseinichimeh, N., Knight, D. B., & Triantis, K. (2023). Comparing self-report assessments and scenario-based assessments of systems thinking competence. Journal of Science Education and Technology. https://doi.org/10.1007/s10956-023-10027-2