MITRE's Cybersecurity Curriculum Makes an Impact and Fulfills a Need
Xeno Kovah
October 2012
 |
Recognizing the need for more training in detecting malware inspired MITRE's Xeno Kovah to develop a series of cybersecurity classes—many of which are now available to the public. |
|
|
Cybersecurity is a critical issue for our government sponsors—which means it's a critical issue for MITRE. To deal with the complexities of this challenge, MITRE employs all kinds of cybersecurity professionals. Most specialize in areas ranging from standards development and system resilience to automated tools creation and the human factors behind many cyber threats.
For example, Xeno Kovah, one of MITRE's many cybersecurity engineers, specializes in detecting stealth malware. But over the last few years, his focus on malware also led him down an unexpected but related path—developing cybersecurity training.
Kovah works within the National Security Engineering Center (NSEC), the federally funded research and development center MITRE manages for the Department of Defense. He joined MITRE's Cyber Security Technical Center in 2006 as an intern working on a malware detection project while finishing his master's degree in information security at Carnegie Mellon University. After graduation, he began working full-time at the McLean, Va. campus. He transferred to our Fort Meade, Md. site in 2010.
For the last several years, Kovah has supported Checkmate, an internal research project focused on detecting stealth malware. "The Checkmate software has two main components," he says. "The first is a trusted-computing component that checks itself to make sure that it hasn't been tampered with. We published details about this component in the IEEE Symposium on Security & Privacy in May.
"The second portion of Checkmate performs memory-integrity assessments, to ensure that the Windows operating systems and third-party software hasn't been tampered with in memory."
Checkmate is a prime example of how MITRE's internal research program supports initiatives that tackle some of the challenges our government sponsors face. His team has scheduled a pilot test of the software for this fall at a sponsor site.
Making Cybersecurity Training Accessible
When he began working on Checkmate in 2009, Kovah recognized the development team needed specialized training in stealth malware. He also realized that the software's users would require training.
"It's not useful to give system administrators an alert if they don't understand the meaning, can't evaluate the impact, or don't know how to remediate it. So I knew the stealth malware training I generated for my own development team would be necessary for Checkmate users." Little did he know that his work in curriculum development was just beginning.
"I started with the 'Introduction to Intel x86: Assembly, Architecture, & Applications' class at the MITRE Institute [our internal training program]. The class teaches how to read the assembly instructions used by the Intel x86 CPUs included in most computers. Stealth malware can manipulate these instructions to change software behavior and hide itself. But knowledge of x86 assembly is also critical to reverse-engineer malware or any other software.
"You need to understand exactly how attackers exploit software weaknesses, create exploits, and manipulate software bugs to break into systems," he explains.
From there, he recruited colleagues to contribute to existing classes and develop new ones. In particular, Matt Briggs developed two days of general-purpose reverse engineering instruction and Corey Kallenberg developed two days of material on Linux exploits.
"I then pushed to get the videos released to the public so that people outside of MITRE could take classes. As of the middle of September 2012, those 68 videos for 12 days of classes have over 40,000 views on Archive.org and over 34,000 views on YouTube."
Beyond class videos, OpenSecurityTraining.info—a site Kovah initially set up to host the public material—has a total of 29 days of open source class materials available to instructors. Much of MITRE's cybersecurity training materials will be available here. In addition, there are seven days of videos and 23 days of materials pending that other MITRE instructors have committed to making public, but have not yet released.
Next Steps
Kovah knows there's more work to do. "Going forward, we hope to influence the government to share its training materials to avoid duplication of effort. I believe we're making progress on training more security experts faster. And we're setting the bar higher on what security professionals need to know."
He recognizes the challenges inherent both in developing cybersecurity training materials and in making them accessible. "We need many more skilled computer experts to defend the nation. With open source training, we can improve training efficiency and bring down costs by sharing class materials that mix foundational and vocational knowledge. As an instructor, it just makes sense to reach thousands of students instead of only dozens."
For Kovah, developing these cybersecurity training materials has been both his hobby and his work. "I'm a security nerd and have spent much of my free time over the last couple of years developing these security classes, and I have ideas for several more," he says.
"But I like how MITRE gives you the freedom to explore cool ideas through the research program. As someone who came here straight out of school, I appreciate the exposure to the many unique security specialty areas—areas that aren't mentioned much in school—and being given the ability to explore them."
—by Kay M. Upham
Related Information
Articles and News
Technical Papers and Presentations
Websites
|
