College Education for Cyber Operations Careers
The National Security Agency's (NSA) National Centers of Academic Excellence (CAE) in Cyber Operations Program supports the President's National Initiative for Cybersecurity Education (NICE): Building a Digital Nation and furthers the goal to broaden the pool of skilled workers capable of supporting a cyber-secure nation.
The CAE-Cyber Operations program is intended to be a deeply technical, inter-disciplinary, higher education program firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines, with extensive opportunities for hands-on applications via labs/exercises.
The CAE-Cyber Operations program complements the existing Centers of Academic Excellence (CAE) in Cyber Defense (CAE-CD) programs, providing a particular emphasis on technologies and techniques related to specialized cyber operations (e.g., collection, exploitation, and response), to enhance the national security posture of our Nation. These technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform these specialized operations. Below is a list of the current Centers of Academic Excellence in Cyber Operations, the academic years for the designation, and the level of study that has met the criteria:
The Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations are very rigorous. The academic content requirements provide insight to what students will learn and experience in pursuing a degree in cyber operations. The Outcomes listed in each Knowledge Units (KU) description are examples of the level of depth cyber operations students must demonstrate to meet the requirement. To qualify for designation as a CAE in Cyber Operations, the institution/program must demonstrate that their curriculum satisfactorily covers all ten Mandatory KUs to the desired breadth and depth.
Mandatory KUs area number one: Low Level Programming Languages (must include programming assignments to demonstrate that students are capable of the desired outcomes). Low level programming allows programmers to construct programs that interact with a system without the layers of abstraction that are provided by many high level languages. Proficiency in low-level programming languages is required to perform key roles in the cyber operations field (e.g., forensics, malware analysis, exploit development). Specific languages required to satisfy this knowledge unit are C programming and Assembly Language programming (for x86, ARM, MIPS or PowerPC).
After completing the course content mapped to this knowledge unit, students will be able to develop programs that can be embedded into an OS kernel, such as a device driver, with the required complexity and sophistication to implement exploits for discovered vulnerabilities. In the C Language programming students will be able to write a program that implements a network stack to manage network communications. In Assembly Language programming students will be able to write a functional, stand-alone assembly language program such as a basic telnet client with no help from external libraries. In addition to course syllabi, applications must include examples of hands-on low level programming assignments in both C and assembly language to demonstrate that students have achieved mastery of this KU.
Mandatory KUs area number two: Software Reverse Engineering (must include hands-on lab exercises). The discipline of reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and to aid in the analysis of software via disassembly and/or de-compilation. The ability to understand software of unknown origin or software for which source code is unavailable is a critical skill within the cyber operations field. Use cases include malware analysis and auditing of closed source software. Specific topics to be covered in this knowledge unit include:
Students must be able to use the tools mentioned above to safely perform static and dynamic analysis of software (or malware) of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality. In addition to course syllabi, applications must include examples of hands-on lab exercises to demonstrate that students have achieved mastery of this KU.
Mandatory KUs area number three: Operating System Theory. Operating systems (OS) provide the platform on which running software acquires and uses computing resources. Operating systems are responsible for working with the underlying hardware to provide the baseline security capabilities of a system. Understanding the underlying theory of operating system design is critical to cyber operations as operating systems control the operation of a computer and the allocation of associated resources. Specific topics to be covered in this knowledge unit include:
Students must have a thorough understanding of operating systems theory and implementation. They will be able to understand operating system internals to the level that they could design and implement significant architectural changes to an existing OS.
Mandatory KUs area number four: Networking (must include hands-on lab exercises). Computer and communications networks are the very environment in which cyber operations are conducted. An understanding of these networks is essential to any discussion of cyber operations activities. Specific topics to be covered in this knowledge unit include:
Students must have a thorough understanding of how networks work at the infrastructure, network and applications layers; how they transfer data; how network protocols work to enable communication; and how the lower-level network layers support the upper ones. They will have a thorough knowledge of the major network protocols that enable communications and data transfer.
Mandatory KUs area number five: Cellular and Mobile Technologies. As more communications are conducted via mobile and cellular technologies, these technologies have become critical (and continue to become more critical) to cyber operations. It is important for those involved in cyber operations to understand how data is processed and transmitted using these ubiquitous devices. Specific topics to be covered in this knowledge unit include:
Students must be able to describe user associations and routing in a cellular/mobile network, interaction of elements within the cellular/mobile core, and end-to-end delivery of a packet and/or signal and what happens with the hand-off at each step along the communications path. They will be able to explain differences in core architecture between different generations of cellular and mobile network technologies.
Mandatory KUs area number six: Discrete Math and Algorithms. In order for cyber operators to make educated choices when provided with an array of algorithms and approaches to solving a particular problem, there are essential underlying concepts drawn from discrete mathematics, algorithms analysis, and finite automaton with which they should be familiar. Specific topics to be covered in this knowledge unit include:
Given an algorithm, a student must be able to determine the complexity of the algorithm and cases in which the algorithm would/would not provide a reasonable approach for solving a problem. Students must also understand how variability affects outcomes, how to identify anomalous events, and how to identify the meaning of anomalous events. In addition students must understand how automata are used to describe computing machines and computation, and the notion that some things are computable and some are not. They will understand the connection between automata and computer languages and describe the hierarchy of language from regular expression to context file.
Mandatory KUs area number seven: Overview of Cyber Defense (must include hands-on lab exercises). Cyber operations encompass both offensive and defensive operations. Defensive operations are essential in protecting our systems and associated digital assets. Understanding how defense compliments offense is essential in a well-rounded cyber operations program. Specific topics to be covered in this knowledge unit include:
Students must have a sound understanding of the technologies and methods utilized to defend systems and networks. They will be able to describe, evaluate, and operate a defensive network architecture employing multiple layers of protection using technologies appropriate to meet mission security goals. In addition to course syllabi, applications must include examples of hands-on lab exercises to demonstrate that students have achieved mastery of this KU.
Mandatory KUs area number eight: Security Fundamental Principles (i.e., First Principles). The first fundamental security design principles are the foundation upon which security mechanisms (e.g., access control) can be reliably built. They are also the foundation upon which security policies can be reliably implemented. When followed, the first principles enable the implementation of sound security mechanisms and systems. When not completely followed, the risk that an exploitable vulnerability may exist is increased. A solid understanding of these principles is critical to successful performance in the cyber operations domain. Specific topics to be covered in this knowledge unit include:
Students must possess a thorough understanding of the fundamental principles underlying cyber security, how these principles interrelate and are typically employed to achieve assured solutions, the mechanisms that may be built from or due to these principles. Given a particular scenario, students will be able to identify which fundamental security design principles are in play, how they interrelate and methods in which they should be applied to develop systems worthy of trust. Students will also understand how failures in fundamental security design principles can lead to system vulnerabilities that can be exploited as part of an offensive cyber operation.
Mandatory KUs area number nine: Vulnerabilities. Vulnerabilities are not random events, but follow a pattern. Understanding the pattern of vulnerabilities and attacks can allow one to better understand protection, risk mitigation, and identify vulnerabilities in new contexts. Vulnerability analysis and it's relation to exploit development are core skills for one involved in cyber operations. Specific topics to be covered in this knowledge unit include:
Students must possess a thorough understanding of the various types of vulnerabilities (design and/or implementation weaknesses), their underlying causes, their identifying characteristics, the ways in which they are exploited, and potential mitigation strategies. They will also know how to apply fundamental security design principles during system design, development and implementation to minimize vulnerabilities. Students must also understand how a vulnerability in a given context may be applied to alternative contexts and to adapt vulnerabilities so that lessons from them can be applied to alternative contexts.
Mandatory KUs area number ten: Legal. People working in cyber operations must comply with many laws, regulations, directives and policies. Cyber operations professionals should fully understand the extent and limitations of their authorities to ensure operations in cyberspace are in compliance with U.S. law. Specific topics to be covered in this knowledge unit include:
Given a cyber operations scenario, students must be able to explain the authorities applicable to the scenario. Students will also be able to provide a high-level explanation of the legal issues governing the authorized conduct of cyber operations and the use of related tools, techniques, technology and data.
Optional Program Content: (Knowledge Units). At least 10 of the following 17 optional knowledge units must exist in the institutions curriculum and be available to all students during their required course of study. For students to qualify for recognition of completing the Cyber Operations program they must take courses that meet at least 4 of the institutions mapped 10+ Optional KUs.
Optional KUs area number one: Programmable Logic (must include hands-on lab exercises). In digital electronic systems, logic devices provide specific functions, including device-to-device interfacing, data communication, signal processing, data display, timing and control operations, and several other system functions. Logic devices can be fixed or programmable using a logic language. The advantage of a programmable logic device (PLD) is the ability to use a programmable logic language to implement a design into a PLD and immediately test it in a live circuit. Specific topics to be covered in this knowledge unit include:
Students must be able to specify digital device behavior using programmable logic language. They will be able to design, synthesize, simulate and implement logic on an actual programmable logic device. For instance, students will be able to perform parallel computational tasks such as taking multiple cipher cores and running them in parallel to perform password cracking attacks.
Optional KUs area number two: Wireless Security (must include hands-on lab exercises). Wireless systems are essential to enabling mobile users. However, a significant impact in security can result from the use of wireless or the improper configuration of wireless security due to the erratic nature of the wireless environment. The dynamic and inconsistent connectivity of wireless requires unique approaches to networking in everything from user identification and authentication to message integrity and cipher synchronization. Specific topics to be covered in this knowledge unit include:
Students must be able to describe the unique security and operational attributes in the wireless environment and their effects on network communications. They will be able to identify the unique security implications of these effects and how to mitigate security issues associated with them. Students will be able to describe and demonstrate the vulnerabilities with ineffective mechanisms for securing or hiding 802.11 traffic. Students will also be able to understand, describe, and implement a secure wireless network that uses modern encryption and enforces the proper authentication of users. Students will also be able to compare and contrast mechanisms for association and authentication with a GSM BSC and a UMTS RNC.
Optional KUs area number three: Virtualization (must include hands-on lab exercises). Virtualization technology has rapidly spread to become a core feature of enterprise environments, and is also deeply integrated into many server, client, and mobile platforms. It is also widely used in IT development, research, and testing environments. Virtualization is also a key technology in cyber security. As such a deep technical understanding of the capabilities and limitations of modern approaches to virtualization is critical to cyber operations. Specific topics to be covered in this knowledge unit include:
Students must understand and be able to describe the technical a mechanism by which virtualization is implemented in a variety of environments, and their implications for cyber operations. Students will also be able to enumerate and describe the various interfaces between the hypervisors, VMs, physical and virtual hardware, management tools, networking, storage, and external environments.
Optional KUs area number four: Cloud Security/Cloud Computing. Cloud resources are commonly used for a wide variety of use cases, including the provision of enterprise services, data processing and analysis, development and testing, and a wide variety of consumer focused services. As such it is important that the students have a clear understanding of the variety, complexity, and capabilities of modern cloud platforms. Cloud computing has implications for cyber operations not only as a potential target, but also as an extensive resource to bring relatively cheap computing power to solve problems (e.g. cracking passwords) which would have been more difficult pre-cloud. Specific topics to be covered in this knowledge unit include:
Students must understand and be able to describe a variety of cloud service models and deployment modes, and select appropriate service models and delivery modes for a variety of potential workloads, including enumerating the security tradeoffs associated with their selections. Students will also be able to develop and deploy a workload in an appropriate cloud environment, including addressing issues associated with deployment, configuration, management, scalability, and security. The recommended resource for this KU: NIST 800-145.
Optional KUs area number five: Risk Management of Information Systems. Risk Management of Information Systems is a critical topic area which forms the basis for applying information system security principles to an operational environment. Risk Management decisions are the embodiment of the organization's security culture and values as demonstrated through the willingness to commit resources to information system security capabilities. Given the significant and growing danger of cyber security threats, it is imperative that all levels of an organization understand their responsibilities for achieving adequate information security and for managing information system-related security risks. Specific topics to be covered in this knowledge unit include:
Students must be able to identify, measure (quantitative and qualitative), and mitigate key information technology risks. Students will also be able to describe each of the tasks associated with risk framing, assessment, response and monitoring.
Optional KUs area number six: Computer Architecture (includes Logic Design). This knowledge unit ensures students understand the components that comprise a computing system and possess the ability to assess processor design and organization alternatives as they impact functionality and performance of a system. Specific topics to be covered in this knowledge unit include:
Students must be able to define devices of electronic digital circuits and describe how these components are interconnected. They will be able to integrate individual components into a more complex digital system and understand the data path through a CPU.
Optional KUs area number seven: Microcontroller Design (must include hands-on lab exercises). A microcontroller (or MCU, short for microcontroller unit) is a small, simple computer on a single integrated circuit containing a processor core, limited memory, and programmable input/output peripherals and sensors. Microcontrollers are typically inexpensive and have little or no interface for human interaction. The