Cyberspace has developed into a difficult abstraction presenting innumerable fresh potential and services as well as possibilities for enemies to cause destruction. Lately, the United States Armed Forces has affixed “Cyberspace” to its mission statement because it distinguished the substantial effect of this new field of expertise. Education act as a fundamental role in producing cyber soldiers to maintain the mission of the United States Military. (Dodge & Ragsdale, 2005) The NSA funded the cyber defense exercises presenting priceless real-world knowledge about the new field of cyberspace. The Cyber Defense curriculum was started in the Military schools in 1999. Another reason for the implementation of the Cyber Defense Curriculum for the military schools is the increasingly plausible fact of the growing number of hackers that threatens national defense. The Y2K predicament was a significant problem that was faced in the start of the millennium. (Dodge & Ragsdale, 2005)
Students started to receive training on how to create and defend cyber weaponry. The course was called Information Assurance. The objective of the course was to enhance consciousness of security issues with information systems. (Felder & Brent, 2003) In the Information Assurance course, learn many offensive and defensive techniques in the cyber domain. Cadets can write malevolent applets and viruses but at the same time, form defense mechanisms from it. The reason of this course is not to craft them to become hackers but give them the knowledge of how potential enemies might exercise cyber warfare and target their vulnerability especially in the commercially prevailing information systems. (Gunsch, Raines, & Lacey, 2003)
The first Cyber Defense Exercise in the United States was executed in 2001 to test the skills of different military schools in Cyber Defense. The partakers chosen were the West Point Academy, the US Air Force Academy and the Naval Postgraduate School. The schools were divided into teams were engaged into a cyber warfare. The team that scored the most number of points in the offensive and defensive ordeal is declared the winner. In the successive years, more military school joined the competition. (“Cyber Defense Exercise,” 2009)
Evaluations of the Cyber Defense Program
There were several evaluations that were made for the Cyber Defense Course and its relative fields. The studies focused on both technical and general aspect of the program. Although it was effective in developing the skills of the cadets, some other issues were still in question. The following were some of the research questions of the evaluations:
Is the Cyber Defense Program cost efficient?
In the study of Schepens et. Al. in 2003, it focused on the cost efficiency and impact of the Cyber Defense Course. The rough estimate of conducting the course would be $20,000 for all the hardware and software components. (Schepens, Schafer, Surdu, & Ragsdale, 2002) Other costs were not yet included like technical monitoring and repair. The question rising would be if the hefty cost is worth the increase in education effectiveness. (Tomes, 2000) There is an eminent intuitive interest to the concept that innovative experience provided by the Information Assurance course. When cadets essentially execute an attack, they must also depict how they would guard against several attacks. The twofold function of the course instigates self learning since technology constantly upgrade. The course trains a student’s critical, analytic and amalgamating skills. (Schepens, et al., 2002)
Some remarks of the students under the first Information Assurance course said that it was a fresh breath of air and that it was invigorating to have hands down experience and learning about cyber defense. Another comment of the course is that it teaches them the indispensable lesson that security is an immense field to defend and it continuously expands. (Tomes, 2000)
In terms of the cost efficiency, the starting point of the Information Assurance program was expensive and was shouldered by the National Security Agency. (Augustine & Dodge, 2006) In time, more military schools implemented the Information Assurance course. With additional military school consumers, the expenditure of the course basically lessened.
In another evaluation for cost efficiency of the Cyber Defense Program, it was noted that military schools can use open source software. Open source is computer software for which the source code and further rights are presented beneath a software license that convenes the open source characterization. (Gourley, 2009) This characterization allows consumers to utilize, alter and develop the software and restructure it in modified or unmodified figure. An example of Open Source software is Linux and an example of Closed Source software is Microsoft. Open Source software is continuously accessible for assessment, and in the majority situations it is cultivated in an open, public, mutual approach. Open source does not just signify approach to the source code, but also give the user the power to develop something greater. (Gourley, 2009) Another feature of open source is its inexpensive price. Since most of the open source software is not in the mainstream of the market, their prices are lower than the trendy closed source software. Therefore, the use of open source software can lower the cost of the Information Assurance course. (Gourley, 2009)
One downfall for the use of open source software is its advance interface for beginners. It is not so much user friendly than its rival closed software. (Gourley, 2009) In a military school that is starting Information Assurance, its students might not be that specialized with open source software. Nevertheless, the application of open source software in Information Assurance can be cost minimization scheme.
Is the Cyber Defense Program time effective?
In another study, the time effectiveness of the program was evaluated. The Cyber Defense Program demonstrated numeral of effective dealings utilized to preclude, or perceive, compromises. However, it is substantial that the application and execution of the course require more time to operate than regular military courses. (Mullins, Lacey, & Mills, 2007) Also, scrupulously understanding attacks and defends were essential for safe security operations, but requiring a tedious learning process. Furthermore, it was imperative to make sure the systems applied have been correctly patched and renewed. It should be mentioned that in real-world procedures, patch management is a multifaceted matter that needs receptiveness and attention. This makes additional time consumption. Another time spending effect of the Cyber Defense Program is the time and resource intensity for the workload of the instructor. (Mullins, et al., 2007)
However, even with time consuming activities of the course, it is still being managed. Military schools somehow compress the activities to course to conserve time consumption. The faculty of the military schools that has Information Assurance courses remark that the additional load given are worth the excellent performance of the students. Another remarkable activity of the course that improves time utilization is the further engagement in Cyber Defense Exercise between different schools. (Adams, Lacey, Gavas, & Leblanc, 2009) This was mentioned earlier in the paper in which military schools take part in the annual Information Warfare. The warfare investigates the effectiveness and time efficiency of the Information Assurance course in the schools. Cadets will build up their own team and represent their school. The Information Warfare improves time effectiveness of the course because it compels the cadets to attack and defend as fast as possible in a certain given time. The improvement in time effectiveness in the course is a huge factor that helps the military schools to win the competition. In a given school year, cadets with potential skills in Information Assurance are time pressured to create attacks and concoct defensive schemes in a nick of time. (Adams, et al., 2009) The inclusiveness of time effectiveness in course permeates the time saving scheme in the program.
In a recent Information Warfare between several military schools, the winner of the competition was the school that attacked and defended in the most number of times in a given time limit. (Mullins, et al., 2007) Therefore, it can be deduced that time effectiveness is correlated with successful Information Assurance courses.
Table 1. 2006 Cyber Defense Exercise Results
(Mullins, et al., 2007)
Results and Conclusion
The following evaluations were clear in addressing two vital concerns about the Cyber Defense Program which is cost efficiency and time effectiveness. In the cost effectiveness of the program, the evaluations clearly pointed out that the Cyber Defense Program is costly. A plausible solution for this predicament would be the increase of Information Assurance course military school users. The greater the consumers of the course would result into a reduced expenditure. Therefore, the Information Assurance course should be promoted to the different military schools around the United States. Also, it can be opened that the Information Assurance course should not be held back to military schools exclusively. Other school should also access the course for further learning improvement.
Another concern of the evaluations would be the use of cheaper software. The open source software is relatively economical than the other commercially closed software. The problem concerned with open source software for the Information Assurance course would be its advanced interface in which new users of the program might not easily familiarize with the system compared to the other software. Therefore, it should be recommended that open source software may be used by military schools that have an established experience in Information Assurance to lessen expenditure and greater progress into advance technical systems.
Time effectiveness was also addressed as an issue on the Information Assurance course. The technicality and complexity of the program spends much time. In a certain evaluation, it was seen that the military school faculty can still cope-up with the additional time effort as long as they can see the improvement in the cadets. Another activity that boosts the time effectiveness of the course is the construction of Cyber Defense Exercise between military schools. It inculcates time effectiveness in the students in attacking and defending during a certain period of time. However, it was not yet certain whether an increase in the budget of the Information Assurance course would increase the effectiveness of the program. Therefore the creation of competitive and spirited competition should be increased because it can improve the time effectiveness of the course.
In all the gathered evaluations for Cyber Defense Program, it was unanimous that the students positively liked the program and has increased their analytic and cognitive skills. In a generalization, even with some unresolved matters, the effectiveness of the program is unwavering. The benefits produced by the program outweigh its costs. Therefore, the Cyber Defense Program should continue and grow.
Adams, W. J., Lacey, T., Gavas, E., & Leblanc, S. P. (2009). Collective Views of the NSA/CSS Cyber Defense Exercise Curricula and Learning Objectives, 4(2), 10.
Augustine, T., & Dodge, R. C. (2006). Cyber Defense Exercise: Meeting Learning Objectives thru Competition. Paper presented at the Proceedings of the 10th Colloquium for Information Systems and Security Education, Adelphi, Maryland.
Cyber Defense Exercise (2009). Realistic Network Defense in a Hostile World: NSA CDX Fact Sheet, 23(3), 21.
Dodge, R. C., & Ragsdale, D. J. (2005). Technology Education at the US Military Academy. IEEE Security and Privacy, 3(2).
Felder, R. M., & Brent, R. (2003). Learning by Doing. Chemical Engineering Education, 36(4).
Gourley, B. (2009). Open Source Software and Cyber Defense Paper presented at the White House Review of Communications and Information Infrastructure
Gunsch, G. H., Raines, R. A., & Lacey, T. H. (2003). Integrating CDX into the Graduate Program. IEEEInternational Conference on Systems, Man and Cybernetics, 5(2).
Mullins, B. E., Lacey, T. H., & Mills, R. F. (2007). The Impact of the NSA Cyber Defense Exercise on the Curriculum at the Air Force Institute of Technology. Paper presented at the 40th Hawaii International Conference on System Sciences, Honalulu, Hawaii.
Schepens, W., Schafer, J., Surdu, J., & Ragsdale, D. (2002). The Evaluation of the Effectiveness of Information Assurance Education. Paper presented at the The Cyber Defense Exercise.
Tomes, R. (2000). Boon or Threat? The Information Revolution. Naval War College Review, 53(5), 21-38.