Dvorak, R., & Whiteman, J. L. (2021, July), A Call to Create an Open-source Project Initiative for Cybersecurity Virtual Labs  Paper presented at 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference. 10.18260/1-2--36554

\bibitem{asee_peer_36554}
  Dvorak, R., \& Whiteman, J. L. (2021, July), \emph{A Call to Create an Open-source Project Initiative for Cybersecurity Virtual Labs}
  Paper presented at 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference.
  10.18260/1-2--36554

Radana Dvorak and John L. Whiteman.  "A Call to Create an Open-source Project Initiative for Cybersecurity Virtual Labs".  2021 ASEE Virtual Annual Conference Content Access, Virtual Conference, 2021, July.  ASEE Conferences, 2021.  https://peer.asee.org/36554 Internet.  14 May, 2024

\bibitem{asee_peer_36554}
  Radana Dvorak and John L. Whiteman.
  "A Call to Create an Open-source Project Initiative for Cybersecurity Virtual Labs".
  \emph{2021 ASEE Virtual Annual Conference Content Access, Virtual Conference, 2021, July}.
  ASEE Conferences, 2021.
  https://peer.asee.org/36554 Internet.  14 May, 2024

@INPROCEEDINGS{asee_peer_36554
author = "Radana Dvorak and John L. Whiteman"
title = "A Call to Create an Open-source Project Initiative for Cybersecurity Virtual Labs"
booktitle = "2021 ASEE Virtual Annual Conference Content Access"
year = "2021"
month = "July"
address = "Virtual Conference"
publisher = "ASEE Conferences"
note = {https://peer.asee.org/36554}
number = {10.18260/1-2--36554}
}

TY  - CPAPER
AB  - Cybersecurity classes present challenging problems to engineering departments having to negotiate with overstretched IT departments to set up specialized labs to support the curriculum. Purchasing third party cyber labs are not an option for many departments due to reduced budgets. Setting up environments is often left to the instructor after finding difficulties with the setup and/or lack of support. This is a difficult option since it is time consuming in addition to the regular activities involved in teaching a curriculum.  This problem has recently been compounded by COVID-19 due to universities having to close down labs.

Creating virtual labs for cybersecurity classes has been given attention in the last few years and ASEE has published papers on the topic. Some universities are creating their own labs while others are using the NFS funded SEED Labs Project. We are proposing an open source project initiative that allows universities, students, and others to contribute their own lab work to a public repository hosted by an entity like GitHub. The work can be shared globally without costs or dependence on funding. 

This presentation is divided into two parts. First, we describe and report success of developing hands-on virtual labs and its importance for cybersecurity classes. Second, we discuss the open source initiative in greater details, demonstrate what we have created, and call on universities to pilot our framework and join to contribute in developing cybersecurity lab activities. We believe the success of this project has great potential for community colleges and universities.

In teaching cybersecurity classes for the last two years we found that students learn best by doing hands-on exercises immediately after they are taught a security concept in a lecture. The more traditional lab model of lecture followed by a different day lab, has shown to be less effective. Furthermore, the authors found that the more realistic the scenarios, the more students became engaged and even excited contributing to making decisions pursuing cybersecurity internships and jobs.
Examples of labs recreating highly publicized breaches:
•	Extracted and analyzed malware from a binary image using open source forensic tools. It was infamous WannaCry ransomware that affected over 200,000 computers in 2017.
•	Found a famous fugitive by extracting coordinates from a pictures taken of him while on the lam in Central America. (John McAfee)
•	Created an encryption and decryption program for one assignment and have it be continuously bombarded with garbage data to see if any security vulnerabilities can be found
•	Ran a capture-the-flag event that simulated a vulnerable website that sold juice

The exercises were stored in a public github repository created by the instructor. First lab required students learn how to build and configure their own VM images. They were taught how to configure the VM network in such a way to protect it from the campus network. Students download new material each week. Creating the VM to support these real-world learning exercises in an open source paradigm – similar to regular software development projects is under development by the authors. New lab content is first peer reviewed by the community to ensure quality and security before submission. If bugs are found later, they can be reported and tracked in the repo's ticketing database. All labs require documentation using a proprietary free language such as markdown. Students can even contribute to the labs. They are the end-users who can add the greatest value to them, in fact, we strongly encourage this.  Making contributions to an open source project focused on security are relevant experiences students can showcase and add to their resumes. Our goal is to reach a wider academic community, excite them about what is being created and contribute to the project. 

*This paper is co-authored
AU  - Radana Dvorak
AU  - John L. Whiteman
CY  - Virtual Conference
DA  - 2021/07/26
PB  - ASEE Conferences
TI  - A Call to Create an Open-source Project Initiative for Cybersecurity Virtual Labs
UR  - https://peer.asee.org/36554
DO  - 10.18260/1-2--36554
ER  -