Fostering cybersecurity awareness among computing science undergraduate students: motivating by example

Authors

Abstract

To a certain extent, it can be considered that cybersecurity has a PR problem. Despite all the campaigns and publicity surrounding the matter, there are certain age groups for whom the message doesn't go through, either because it sounds too condescending or too technical. This is more of a problem for undergraduate students in computer science courses, especially if we take into account the potential academic and career development paths they may pursue, with many becoming specialized practitioners for areas such as software engineering or information systems design, despite lacking a solid background on cybersecurity and good development practices. Prior experience from the authors has shown that a purely theoretical approach to teaching the fundamental concepts of cybersecurity has several shortcomings, contributing to distance the students from the subject and, in some extreme cases, to foster rejection towards the topic. This is partly due to the fact that the involved formal and theoretical aspects can be quite demanding, especially in terms of subject diversity, involving concepts about operating system design, networking or computer architecture, among others. Presenting this information in an effective way requires taking into account the current level of knowledge expected from the students at a certain point of their academic path, as well as their level of maturity. Engaging the students is a key aspect that has to be central to any strategy. As such, this paper presents an approach to the subject of cybersecurity education at an introductory level, focused on a methodology that has been recently adopted by the authors, with a considerable degree of success. It is based on a hands-on strategy, focused on the vulnerability analysis of a commercial, off-the-shelf consumer IoT device (namely, an IP camera). Starting with a presentation of the Mirai botnet incidents, the authors proceed with a step-by-step dissection of the target device to identify its vulnerabilities and showcase their criticality.

Related Project

5G - Components and Services for 5G Networks (5G - Componentes e Serviços para Redes 5G)

Conference

19th European Conference on Cyber Warfare and Security (ECCWS 2020), Chester, UK, June 2020

DOI