Center for Cybersecurity and Data Intelligence

Cyber-mindfulness is more than the awareness that cyber threats exist. It's an attitude of alertness to threats and an expectation that threats will evolve. It's a sense of stewardship for both personal and community information resources. It's taking responsibility to stay informed, share knowledge, report concerns, and actively take steps to reduce risk and increase defenses. It's a commitment to the ongoing development of knowledge, skills, and communication.

At the University of Dayton, faculty, staff, and students are demonstrating that cyber-mindfulness has meaningful impact in reducing risk and increasing effective defenses against cyber threats. More importantly, awareness, knowledge, and ongoing practice are proving a powerful combination for increasing people's confidence to participate as cyber citizens in a community effort.

In 2016, UD employees were invited to engage in a year of becoming cyber-mindful. Through thought-provoking newsletters, hands-on training exercises, face-to-face classes, and incentives for participation, employees embraced the opportunity. Not only did they learn fundamental practices for protecting University information resources, but they also learned practical skills for home computing safety.

Eight months into the program, survey comparison results demonstrated the changes in attitudes, confidence, and efficacy that becoming cyber-mindful can achieve:

• 13% increase of employees who said that they would be able to recognize a suspicious email message (for a total of 77%).
• Increase to 94% of end-users who agreed with the statement that "everyone has a responsibility to protect their computer from hackers."
• Decrease to 9.6% of employees who feel that central IT is solely responsible for computer security.
• Decrease to just 6.0% of employees who felt that if hackers wanted access to their computer, there was little that they could do so stop them.

The Center for Cybersecurity and Data Intelligence will use the success of the UD employee cyber-mindful training as a springboard for community outreach.

Educators and professionals alike can utilize the Range through developing access, use and assessment processes and practices for the cyber range, support reporting and continuous improvement outcomes, sharing in the collaborative development of relevant educational exercises, assignments and practices and assisting with industry-focused outreach efforts for both continuing education and community demonstration exercises.

As we integrate the Dayton Regional Cyber Range into classes, courses, workshops and institutes, assessment will be enhanced to capture cyber range-relevant data as part of the larger assessment and continuous improvement process already mandated by the Ohio DHE and our institutional accrediting agencies.

The Dayton Regional Cyber Range will allow both individual users and teams to engage in simulated cybersecurity training exercises, supporting the growth of workforce-ready professionals.

While located in UD's Center for Cybersecurity and Data Intelligence, this infrastructure is a multi-institutional resource. Member schools and industry partners can engage in shared training and cooperative scheduling.

With its robust experiential exercises, the Cyber Range will serve as an effective training tool, benefiting students, our community, and the information security industry as a whole.

This virtual simulation will apply textbook concepts to workplace realities. As an immersive tool, the Cyber Range will provide students with cybersecurity threat detection and mitigation practices that parallel real-world experiences.

Specifically, the Dayton Regional Cyber Range will offer capabilities that directly reflect the skills and experiences most desired by industries seeking cybersecurity talent, including:

• Virtual cybersecurity training environments with varying levels of skill-building
• Support of cybersecurity teams to engage in collaborative problem-solving and effective teaming practices
• "Real-world, on-the-job" cybersecurity threat-vector experiences
• Robust competitions and exercises, such as "capture the flag"
• Simulated industry incident management and response exercises
• Rich reporting and tracking for performance validation and post exercise reviews

These skill-building experiences are critical to developing a qualified cybersecurity workforce, and they also provide continued learning opportunities for those individuals already in the industry.

Cybermindfulness is more than the awareness that cyber threats exist. It's an attitude of alertness to threats and an expectation that threats will evolve. It's a sense of stewardship for both personal and community information resources. It's taking responsibility to stay informed, share knowledge, report concerns and actively take steps to reduce risk and increase defenses. It's a commitment to the ongoing development of knowledge, skills and communication.

Interested organizations may adapt this toolkit to develop their own Cybermindfulness programs.

The UD-CCDI has developed a library offering videos on a wide variety of cybersecurity topics:

• Short-form public service announcement-style messages on a wide range of cybersecurity awareness topics such as phishing, choosing good passwords, protecting personal information, backing up personal machines, etc. These videos are shorter and make cybersecurity topics approachable for non-technical audiences
• Long-form instructional videos on topics such as Social Engineering, the Artificial Intelligence and Blockchain. These run up to twenty minutes and are more in-depth and instructional in nature

Led by John Wolfe, and using AT&T's AlienVault Open Source Security Information and Event Management (OSSIM) tool, the UD-CCDI has built a SOC simulator. A key feature is that we use the Open Source Carnegie-Mellon Ghosts traffic generator to target specific traffic at the SOC so that students may be assessed on how well they identify patterns of malicious traffic appearing on the simulated network environment.

The best way to help your personnel avoid being phished is to phish them yourself as a training tool. Several companies provide this service, but it may be prohibitive for smaller organizations.

Developed by John Wolfe, and employing the GoPhish open source phishing framework, UD-CCDI has taken the tool provided by GoPhish and developed a set of instructions (.pdf) that small organizations may use to configure this framework for use on their network.

The Cyber Flyers are organized into three core teams, each focused on a distinct area of cybersecurity outreach and operations. Each team is led by a director, with an executive director overseeing the full program.

Campus Marketing and Communication (CMAC)

The CMAC team develops brand strategy and plans and coordinates campus events such as:

• Speaker series, tabling events and giveaways.
• Collaborative programming with student organizations (e.g., SGA, Greek councils, Flyer News, Flyer Enterprises).
• Collaboration with University departments (e.g., Communication, Criminal Justice, Computer Science, MIS, Athletics, Dining Services).

Phishing Simulation and Training (PSAT)

The PSAT team focuses on building the University's resilience to phishing attacks through hands-on simulation and education. Their responsibilities include:

• Designing, building, and maintaining a library of phishing email templates and landing pages.
• Planning and running phishing simulation campaigns using open-source tools such as GoPhish.
• Supporting research into cybermindfulness principles, training effectiveness and the decay of training over time.
• Contributing to documentation of campaign processes and technical procedures for University IT partners.

Cyber Threats and Mitigation Research (CTMR)

The CTMR team researches current cybersecurity threats, vulnerabilities and mitigation strategies. Their work includes:

• Producing written deliverables such as articles, briefs or whitepaper-style reports that may inform campus outreach content and could be suitable for publication.
• Collaborating with institutional resources to ensure research is timely and relevant.
• Monitoring emerging threat landscapes to keep the UD community informed.

In addition to the three core teams, Cyber Flyers members contribute to emerging initiatives that extend the team's impact beyond campus outreach into hands-on technical work and community service.

Cyber Range Architecture and Operations

Students contribute to the design and operation of the University's cyber range infrastructure, gaining hands-on experience with:

• Hypervisor configuration and management.
• Identity and access management systems.
• Network architecture and segmentation.
• Remote access solutions and secure connectivity.

Cybersecurity Clinic

Cyber Flyers support community-facing cybersecurity clinic services, providing pro bono assistance to nonprofits and small businesses. Services include:

• Security assessments and vulnerability scanning.
• Policy review and recommendations.
• Risk analysis and mitigation planning.
• Engagement with industry frameworks such as NIST and CIS.

Project Planning and Documentation

Across all special projects, students develop professional skills in project planning, technical documentation and client communication. These experiences prepare students for careers in cybersecurity consulting, IT governance and security operations by engaging with standard security tools and real-world workflows.