Asee peer logo

Cybersecurity Awareness and Training through a Multidisciplinary OSINT Course Project

Download Paper |

Conference

2020 ASEE Virtual Annual Conference Content Access

Location

Virtual On line

Publication Date

June 22, 2020

Start Date

June 22, 2020

End Date

June 26, 2021

Conference Session

Computing and Information Technology Division Technical Session 2

Tagged Division

Computing and Information Technology

Tagged Topic

Diversity

Page Count

14

DOI

10.18260/1-2--34367

Permanent URL

https://peer.asee.org/34367

Download Count

588

Paper Authors

biography

Alyssa Mendlein Temple University

visit author page

Alyssa is a PhD student in the Department of Criminal Justice at Temple University. She earned a Bachelor of Arts in Psychology from Boston University and a Master of Philosophy in Criminological Research from the University of Cambridge. She is now working on an NSF CAREER grant for Dr. Aunshul Rege, exploring adversarial decision-making and cybersecurity education innovation.

visit author page

biography

Thuy-Trinh Nguyen Temple University

visit author page

Trinh is a PhD student in the Department of Criminal Justice at Temple University. She earned a Bachelor of Arts in Criminology, Law, and Society from the University of California, Irvine and a Master of Science from the California State University, Long Beach in Criminology and Criminal Justice. She is currently working on the NSF CAREER grant for Dr. Aunshul Rege, exploring adversarial decision-making and cybersecurity education innovation.

visit author page

biography

Aunshul Rege Temple University

visit author page

Dr. Rege is an Associate Professor with the Department of Criminal Justice at Temple University. Her National Science Foundation sponsored research projects address critical infrastructure and proactive cybersecurity, cyberadversarial decision-making and adaptations across intrusion chains, cyber and cyber-physical security, and advancing cybersecurity education in multiple STEM fields.

visit author page

Download Paper |

Abstract

Open Source Intelligence (OSINT) is the process of gathering information that is readily obtainable through free access to public resources, and it has particular value currently as technological advances have increased the amount and accessibility of publicly available material. OSINT can be used offensively or defensively, such as by malicious actors or law enforcement; in fact, government agencies can, and do, use OSINT in both ways. Because of the importance of OSINT in offensive and defensive maneuvers in both the public and private spheres, there is utility in teaching students who could work in a variety of fields about the advantages and dangers of OSINT. This paper shares one educator’s experience creating and implementing an OSINT-inspired undergraduate classroom activity.

The following case study includes a detailed undergraduate course project description, with the logistics and scope for both technical OSINT and physical OSINT components. In the first part, student teams were given eight clues, which they could solve using any basic internet search engines. Each clue’s answer was a two-digit code; the clues were then assembled sequentially to reveal the latitude and longitude of a building on campus. In the second part, teams had to visit the identified building and complete physical observations, including typical clothing worn by occupants, ingress and egress points, entry requirements, and security protocols. They also had to locate a specific target within the building using a unique image as a clue that was provided by the educator. The goal for this project was for students to understand how information publicly available online could be harvested and pieced together to create individual profiles, identify schedules, and even design spear (targeted) phishing attacks. The course project was conducted in the Spring 2019 semester, with multidisciplinary undergraduate students. Both of the technical and physical OSINT projects were allotted 80 minutes. Student teams provided an in-class presentation and a final report about their experiences, and also completed an online evaluation survey asking them to rate the OSINT projects. This project was approved by the university’s ethics board.

Overall, students thought the project was fun and interesting, with many students enjoying the “scavenger hunt” aspect of the activity the best. Most students felt that the project went well, and they had few failures or challenges. Interestingly, most students recommended increasing the project difficulty. A key survey finding was that students indicated an increased awareness of the accessibility of public information, and some students mentioned that they could see how this information could be utilized for malicious or positive purposes, such as in the course of cybercrime or law enforcement. Finally, this paper summarizes lessons that were learned by the educator, including those related to ethical considerations, project design, and modifications for future implementations. The authors hope that this case study encourages educators across multiple disciplines to include OSINT-related activities within their curriculum to not only raise awareness about the many uses of OSINT, but also better prepare students for future employment across a variety of important fields.

Mendlein, A., & Nguyen, T., & Rege, A. (2020, June), Cybersecurity Awareness and Training through a Multidisciplinary OSINT Course Project Paper presented at 2020 ASEE Virtual Annual Conference Content Access, Virtual On line . 10.18260/1-2--34367

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2020 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015