With the cyber world becoming ever more complex and pervasive, demand is growing for competent professionals to keep the cloud, and our personal data, safe from nefarious hackers. To introduce students to the possibilities of such cyber-security work, Columbus State Community College held a competitive “Capture the Flag” event late last year. The college is also working on curriculum leading to a cyber-security degree. To find out more about the college’s interest in cyber security, we contacted Lawrence McWherter, an instructor in the Computer Science Department at Columbus State:
Q: Can you tell us about the cyber-security challenge that took place in early December at Columbus State?
A: On December 1, Columbus State hosted the first “Capture the Flag” event held by the Ohio Cyber Collaboration Committee (OC3). This was the inaugural cyber range event for OC3 both in central Ohio and statewide. Local area high school and college volunteers participated in the event, which could accommodate 58 players immersed in a virtual environment.
The idea was for each two-person team to capture as many flags, worth varying point values, as possible to amass the most points in the time allowed. Flag challenges ranged from cyber-security knowledge questions to cyber-attack scenarios in a place called Alphaville, a virtual city consisting of information systems and networks that are found in a typical information ecosystem.
Each location had different operating systems, different security priorities and different challenges for participants to encounter and overcome. Each successful encounter captured another flag.
The event was arranged by me and Mark Bell, the cyber-security outreach coordinator for the Ohio Adjutant General’s Department and a primary player for OC3, in coordination with a number of Columbus State staff members.
Q: Can you tell us more about the Ohio Cyber Collaboration Committee — who is on the committee, and what do they do?
A: OC3’s mission is to provide an environment for collaboration among public, private, military and educational organizations for the furtherance of a stronger cyber-security posture for the state of Ohio.
The committee members’ goal is to:
- Provide a secure cyber-security test and training environment, known as a cyber range, to:
- Facilitate the evaluation and testing of innovative technologies and processes.
- Research and test industry-standard best practices.
- Conduct cyber-security exercises and competitions to hone cross-organizational incident response capabilities and develop future cyber-security professionals.
- Enable a training environment for the current and future cyber-security workforce, including National Guard personnel, state and local government personnel, faculty and students in the education community, and private-sector entities.
- Establish volunteer cyber-incident response teams capable of providing assistance to public- and private-sector organizations in incident containment, eradication and recovery.
- Through the involvement of various job and educational institutions, encourage interested students and individuals to become involved in and further develop their cyber-security skills in order to join and contribute to the future cyber-security workforce.
- Provide a collaborative research and development environment for the development and testing of innovative technologies and processes.
- Share threat intelligence among both public- and private-sector entities, facilitated through the Ohio Homeland Security Fusion Center.
OC3 membership includes Columbus State and other educational institutions such as Ohio State University, Ohio University, the University of Cincinnati and Capital University; the Ohio National Guard; the Ohio Department of Administrative Services’ Office of Information Security and Privacy; Ohio Homeland Security; Battelle; ATIC; OARnet (Ohio Academic Resources Network); Columbus Collaboratory; and the governor’s office. Other members come from the private sector.
Q: Why is Columbus State interested in cyber security? What programs do you have in this area?
A: Columbus State has been developing a Cybersecurity Associate of Applied Science degree that is aligned with the National Institute of Standards and Technology (NIST) guidelines.
According to the Cyber Seek web site, the Columbus metro area has 2,321 job openings in cyber security, with 6,338 workers already employed in the field. Between January 2017 and January 2018, more than 700 cyber-security jobs were created in central Ohio, and the number of unfilled jobs in that time decreased by a mere 112. The entire nation has a similar shortage of available trained and ready workers.
With this gap in mind, Columbus State’s goal is to produce graduates capable of hitting the ground running as developing cyber-security technicians upon graduation. Aligning the Cybersecurity Associate of Applied Science degree to NIST standards is central to accomplishing this goal.
Columbus State is developing a curriculum that will enable a student who completes the course of study to test for nationally recognized certificates such as Microsoft’s Certified Professional; CompTIA’s Linux+, Network+ and Security+; and EC-Council’s Certified Ethical Hacker.
Additionally, the degree provides instruction on the use of the Python programming language for use in producing scripts.
Q: Is Columbus State working with K-12 students to interest them in cyber security and/or other STEM-related areas?
A: Columbus State works with area high schools and career centers to provide support for, and development of, their cyber programs. Columbus State cyber-security personnel sit on the advisory boards for two area career centers and work extensively with high school students through College Credit Plus.
Columbus State’s cyber-security personnel also sat on the college’s We Are STEM planning committee and participated in that event last October as well as the summer STEM educators event.
Q: Will Columbus State have any input in the cyber range planned at the University of Cincinnati? Also, are you working with any other colleges/universities on the issue of cyber-security education?
A: The Michigan Cyber Range, run by Merit Network, has been contracted by OC3 in Phase 1 of the Ohio Cyber Range development to provide range space immediately.
Phase 2 of Ohio’s range is in development and will reside at the University of Cincinnati. Phase 3 of the range will be housed in five locations throughout Ohio and will serve the entire state.
Columbus State personnel sit on OC3’s cyber range and educational subcommittees and will continue to monitor and support the development of the planned five cyber range locations.
It is an exciting and evolving process that Columbus State will participate in for years to come. Columbus State could be among those considered for the central Ohio location.
Columbus State has an articulation agreement for transfer of cyber-security degree credits to Franklin University. We are looking to establish similar agreements with other four-year institutions.
Q: Where can readers get more information about Columbus State’s efforts in the cyber-security area?
A: For more information, readers can visit: https://www.cscc.edu/community/grants/cybersecurity/