ABSTRACT

Social engineering (SE) is a technique employed by cybercriminals that uses psychological manipulation to obtain sensitive information and gain unauthorized access to restricted areas or systems. Nearly 70% of U.S. organizations experienced SE in 2017, resulting in a $2.76 million loss in operational downtime and revenues. The human factor is often regarded as the weakest link in cyberattacks, making SE a major concern for cybersecurity. Despite the significant threat posed by SE attacks, education, training and general awareness of SE as a tool for cybercrime is low. This is because SE is considered to be outside the scope of the technical domain and thus should be addressed by other disciplines, including psychology, criminology, and sociology. The engineering and computer science disciplines are already investing heavily in cybersecurity education programs that have a primarily technical focus. While this technical approach is important, the resulting pool of students is too small and homogeneous to support the holistic development of the solutions needed by our technologically dependent society. Enlarging and diversifying the pool of students learning about (and teachers educating on) SE will cast a wider net to recruit the most talented students as well as fostering their creative potential as they enter the cybersecurity workforce. Furthermore, the project will reflect the National Science Foundation?s commitment to broadening participation along two fronts identified in its Strategic Plan: (i) Expanding efforts to broaden participation from underrepresented groups and diverse institutions across all geographical regions, and (ii) Preparing a diverse and engaged STEM workforce. Thus, this project will promote diversity, and develop and share resources and sustainable tools for future SE education and research in a safe, ethical, and engaging learning environment.

This project has three objectives. First, it will educate students via hands-on course projects and a yearly intercollegiate SE Capture the Flag competition and training event. Second, the project will educate educators by hosting online and in-person training workshops across multiple STEM disciplines. Finally, the project will disseminate free resources such as SE course projects, datasets and analytic frameworks for research and education. The project will also develop a new set of assessment tools (surveys and focus groups) with the Center for the Advancement of Teaching to measure student and educator learning specific to SE. This project proposes to enlarge and diversify the pool of students and educators by recruiting across multiple STEM disciplines at community colleges and universities in the U.S. with varying demographics. Minority serving institutions, historically black colleges and universities, and military/veteran friendly schools will be specifically engaged. In addition, the project team will actively seek participation from faculty belonging to underrepresented groups at these institutions.

This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Please report errors in award information by writing to: awardsearch@nsf.gov.