Students in their first or second year of a master’s degree
Program Overview:
The DoD Cyber Scholarship Program (DoD CySP) is both a scholarship program for the DoD, and a capacity building tool for the nation. The program is a result of commitment from DoD and Congress to support higher education as a means to prepare the DoD workforce to deal with threats against the Department’s critical information system and networks.
Given our increasing reliance on cybersecurity, information technology (IT), the growing threats to information, and information systems and infrastructures, it is critical that the Department of Defense (DoD) protect itself. To do so, the DoD must be staffed with technically savvy personnel.
To help achieve this task, the DoD Cyber Scholarship Program (DoD CySP) was established. The DoD CySP is sponsored by the DoD Chief Information Office and administered by the National Security Agency (NSA).
The objectives of the program are to promote higher education in all disciplines of cybersecurity, to enhance the Department’s ability to recruit and retain cyber and IT specialists, to increase the number of military and civilian personnel in the DoD with this expertise, and ultimately, to enhance the nation’s cyber posture.
Here are some details on the scholarship (w/internship and job guarantee):
(a) Students selected as Cyber Scholars will receive the full cost of tuition, books (from the institution/degree specific required book list, not books which are optional for the class), required fees (including health care), and a stipend to cover room and board. The stipend levels are $22,000 for community college students (pilot program), $27,000 for undergraduate students and $32,000 for graduate (Master’s/PhD) students. Awards will be made via a grant to the NCAE-Cs.
(b) Students selected to participate in the DoD CySP will be required to sign a written agreement obligating them to work for the DoD, as a civilian employee for one calendar year for each year of scholarship assistance. This agreement is provided to the selecting agency for their records to ensure compliance with the service commitment.
(c) Students will be required to serve in internship positions, if timing permits, with the selecting DoD organization during the time they are receiving scholarship support until they complete the course of study provided for by the scholarship. These internships will be arranged by the DoD organizations to occur during the summer or other breaks between school terms, as appropriate to the individual’s circumstances and the institution’s calendar. The internship does not count toward satisfying the period of obligated service incurred by accepting the CySP scholarship.
(d) Students will be required to formally accept or decline the scholarship within 15 days of notification. Non-acceptance by this date will mean the scholarship will be offered to the next available student.
(e) Students will be required to complete a security investigation questionnaire to initiate the process for a background investigation in preparation for their internships, if applicable, and as a condition of future employment with the DoD. Drug tests or other suitability processing will occur as appropriate.
(f) Students will be required to sign an agreement stating that they will accept assignments requiring travel or change of duty stations as interns or employees. Individuals who voluntarily terminate employment during intern appointments or before the end of the period of obligated service required by the terms of Chapter 112, title 10, United States Code, will be required to refund the United States, in whole or in part, the cost of the educational assistance provided to them. Web pages have been provided in the Application Background and Application Package for review Page |4
about security clearances to assist both the principle investigator and the students in understanding these requirements before they apply.
(g) An opportunity also exists for scholarship payback through military service. Individuals choosing to enlist or accept a commission to serve on active duty in one of the Military Services shall incur a service obligation of a minimum of 4 years on active duty in that Service upon graduation. The Military Services may establish a service obligation longer than 4 years, depending on the occupational specialty and type of enlistment or commissioning program selected.
(h) Community College (pilot program) and Undergraduate scholarship recipients will be required to maintain a 3.2 out of 4.0 grade point average or the equivalent; graduate students will be required to maintain an overall 3.5 out of a 4.0 grade point average, or equivalent. Failure to maintain satisfactory academic progress will constitute grounds for termination of financial assistance and termination of internship and/or employment appointment.
(i) Students who fail to complete the degree program satisfactorily or to fulfill the service commitment upon graduation shall be required to reimburse the United States, in whole or in part, the cost of the financial (scholarship) assistance provided to them.
(j) Students will be required to agree to a code of conduct. A student handbook that includes the code of conduct rules will be provided to each selected student.
(k) Except for small achievement awards, not to exceed $6,000 in an academic year, a student may not accept simultaneous remuneration from another scholarship or fellowship. The DoD CySP is a first pay scholarship program.
The National Security Agency (NSA) in partnership with the Maryland Innovation & Security Institute (MISI) and the GBC MISI Academy seek applicants for an 8-week paid internship program designed for college seniors about to enter the technical workforce currently enrolled in an institution designated as a CAE-CD or CAE-CO by the National Security Agency Center of Academic Excellence in Cybersecurity.
Beginning March 7, 2022, through April 29, 2022, MISI and the GBC MISI Academy will host a virtual internship for a maximum of 20 students.
Interns will be immersed into real-world cyber settings of 3 focus areas we call ‘tracks’: The DoD Cybersecurity Policy Track, The SOC Tier 1 Track, and The Fundamentals of Cybersecurity Track. Interns will also receive the opportunity to meet and speak with cyber leaders in government and academia.
This brochure and the application link above have additional information:
NCAE Cyber Games is a competition for students who have never competed before, creating an on-ramp for interested students who don’t know where to start.
Have you ever thought about signing up for a cyber competition? Even for a cybersecurity pro, they can be daunting if you’ve never tried one before. How do they work? Do I need to know programming? What if I don’t have a team?
The National Centers of Academic Excellence in Cybersecurity (NCAE-C) program wants to make it easier for first-time competitors to get involved in the cyber competition world, so they are launching the NCAE Cyber Games: the first team competition for students who have never competed before.
We are a designated NCAE-C institution, and I am putting together a team to compete in the NCAE Cyber Games. It’s the perfect chance to learn how competitions work (and how to win), why they’re important (they’re great for your resume), and how to build your skills (including the all-important soft skills).
What do you need to get started? Curiosity and willingness to learn. If you would like to find out more about this program and possibly join the team, visit NCAECybergames.org (click the “Login” button to register) or email Tim Henry at [email protected]. Competitions are an essential part of the cybersecurity field, and I’ll hope you’ll consider giving it a try.
Please see attached the NSA’s Research Directorate News flyer. The Research Directorate is the largest and most established in-house research organization in the Intelligence Community, employing experts with world-class skills in mathematics, computer science, engineering, cybersecurity, physics, neuroscience and linguistics.
Please join us for the November CAE Forum on Wednesday, November 3, 2021 beginning at 1:00 pm EST.
Below are the details for the presentations and the logistics for attendance: CAE-Forum – November 2021
Time: 1:00-1:50 pm EST Topic: Taking a Timely Opportunity to Evaluate the Security of your Physical Security Video Surveillance Solution Location: https://caecommunity.zoom.us/my/caeforum
AND
Time: 2:00 – 2:50 pm EST Topic: Mapping Low Cost and Open Source Lab to the NICE Workforce Framework and CAE KU’s Location: https://caecommunity.zoom.us/my/caeforum
Just log in as “Guest” and enter your name. No password required.
If you have a topic you’d like to present, please email [email protected].
Thanks, Lauren M. Scott, M.B.A CAE National Program Manager Centers of Academic Excellence in Cybersecurity (CAE-C) Program Management Office
New England Institute of Technology’s Cybersecurity Program is recognized by the Department of Homeland Security and the National Security Agency
Dr. Douglas H. Sherman, Senior Vice President and Provost at New England Institute of Technology (NEIT), announced that the Department of Homeland Security and the National Security Agency have designated the university as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through academic year 2025.
NEIT is one 183 colleges and universities in the United States and one 8 in the northeast that has earned this prestigious distinction. This recognition puts NEIT on the national map for cybersecurity education. In September 2018, The National Cyber Strategy was announced by President Donald J. Trump. It addressed the critical shortage of professionals with cybersecurity skills and highlighted the importance of higher education as a solution to defending America’s cyberspace.
NEIT’s Information Technology faculty worked tirelessly over the last two years to earn the CAE-CDE designation for its Bachelor of Science degree in Cybersecurity and Network Engineering. To demonstrate that the program covered all the knowledge units, topics and objectives required, the faculty had to incorporate this information into the lessons and present evidence through course materials that the information was being taught. A summary of the criteria included:
Examples of student work, hands-on activities and program assessments as well as participation in cybersecurity competitions.
Faculty must be experienced in cybersecurity, be active in the field and support student activities.
Evidence that other NEIT programs outside of the IT department teach cybersecurity concepts, such as privacy and data security in Health Sciences and digital forensics in Criminal Justice to demonstrate that cyber defense is a multidisciplinary practice at the university.
NEIT’s institutional cybersecurity plan established by its Department of Technical Services was presented to show that the university has implemented its own cybersecurity practices as well as operate an active Cybersecurity Center at https://dots.neit.edu/cybercenter/.
Demonstrate that the university, faculty and students performed cyber outreach in the community which included faculty presentations at other schools, businesses and local government workshops. Students participated in internships, hosted cybersecurity events and training at NEIT as well as collaborated with other universities on cybersecurity projects.
As stated in a letter to NEIT dated June 25, 2020 from the National Centers of Academic Excellence in Cyber Defense Education, “Your ability to meet the increasing demands of the program criteria will serve the nation well in contributing to the protection of the National Information Infrastructure. A highly skilled cybersecurity workforce is a strategic national security advantage. The United States Government will continue to invest in and enhance programs that build the domestic talent pipeline, from primary through postsecondary education. Education is the key to promoting these ideals.”
For more information regarding NEIT’s Associate in Science and Bachelor of Science Cybersecurity and Networking Engineering programs, please contact the Admissions Office at 800-736-7744 or by email at [email protected]. Program information may be found at www.neit.edu.
###
Under the leadership of President Richard I. Gouse, New England Institute of Technology is a private, non-profit technical university with an enrollment of nearly 3,000 students and is accredited by the New England Commission on Higher Education. Founded in 1940, the university offers more than 50 associate, bachelor’s, master’s, doctoral and online/hybrid degree programs focusing on a proven combination of technical expertise coupled with hands-on learning. Visit www.neit.edu and follow news of the university on Facebook, Twitter, You Tube, Instagram and LinkedIn.
Microsoft has released the Microsoft Application Inspector, a cross-platform open-source command-line tool that its engineers use to quickly probe third-party open-source software components for security issues.
The static source-code analyzer aims to help developers handle potential security issues that arise through code reuse when incorporating open-source components, such as software libraries, into a project.
“You trust your engineering team, but the code they write often accounts for only a tiny fraction of the entire application. How well do you understand what all those external software components actually do?”
As they note, modern web applications often have hundreds of third-party components that contain tens of thousands of lines of code, which were written by thousands of contributors. And typically developers who use those components rely on the author’s description, which Microsoft argues is not reliable or enough to meet Microsoft’s responsibility for shipping secure code, which includes external components.
Microsoft argues Application Inspector is a unique static code analyzer because it doesn’t flag ‘good’ or ‘bad’ patterns but rather highlights ‘interesting’ features in a report based on over 500 rule patterns. The idea is that the tool can help identify these interesting characteristics more quickly than manual introspection.
The tool targets features of software components that affect security, such as the use of cryptography, components that connect to a remote entity such as a public cloud, and the platforms it runs on.
Application Inspector is built on .NET Core, which means it can be used by developers on Windows, Linux or macOS.
“Application Inspector’s primary objective is to identify source-code features in a systematic and scalable way not found elsewhere in typical static analyzers. This enables developer and security professionals to validate purported component objectives, eg, a string padding library only does what it says,” Microsoft explains in a wiki.
The tool can analyze millions of lines of source code from components that are built in multiple popular programming languages.
Application Inspector produces a browser-based report that summarizes the major characteristics identified, including application frameworks, cloud interfaces, cryptography, sensitive data like access keys, personally identifiable information, operating system functions, and security features.
But the company stresses that Application Inspector doesn’t remove the need for security code review or a security static analyzer. However, it could be a useful addition for developers facing tight deadlines.
FILE – In this Jan. 11, 2010 file photo, a display for Microsoft’s Windows 7 is shown at the National Retail Federation’s convention in New York. Users still running Microsoft’s Windows 7, on their computer’s might be at risk. Microsoft is no longer providing free security updates for the system as of Tuesday, Jan. 14, 2020, meaning computers using it will be more vulnerable to viruses and malware. Users who want to protect their data need to upgrade to Windows 10. (AP Photo/Mark Lennihan, File)NEW YORK (AP) — If you’re still using Microsoft’s Windows 7, your computer might soon be at risk.
Microsoft will stop providing free security updates for the system on Tuesday, meaning computers using it will be more vulnerable to malware and hacking.
Users who want to protect their computers need to upgrade to Windows 10. They may also need to buy new computers because older machines might not be compatible with Windows 10.
Tech companies typically phase out older systems after a number of years and focus efforts on updating current versions of software. Windows 7 came out in 2009. Windows 8, which came out in 2012, will have free support end in 2023.
Windows 10 starts at $139 for a basic, “Home” version. Microsoft charges $200 for a “Pro” version meant for businesses and individuals who need its advance features. Windows 10 comes with regular free updates for security and additional features. Although Windows 10 isn’t likely to be phased out anytime soon, older versions will require those updates to keep working.
Microsoft is also ending support Tuesday for Windows Server 2008 or 2008 R2 operating systems.
Those who run Windows 7 Professional or Windows 7 Enterprise can buy extended protection for up to three years. But it might be worthwhile to just to buy new PCs or get Windows 10.
Microsoft will also be ending support on Oct. 13 for Office 2010 a package that includes word processing and spreadsheet software. Owners need to explore newer versions of Office, including a subscription offering called Office 365.
The Telegraph
GCHQ warns not to use Windows 7 computers for banking or email after Tuesday
Microsoft is stopping support for Windows 7 from Tuesday – Getty Images North America
GCHQ has warned people not to do internet banking or use emails from computers with Windows 7 from Tuesday, when Microsoft will end support for the software.
The National Cyber Security Centre (NCSC), the public-facing arm of the cyber spy agency, said that devices still using the operating system after next week will become increasingly vulnerable to cyber attacks as the tech giant stops patching weaknesses in its product.
Microsoft announced last year that it would be ceasing technical support for Windows 7 and urged users to upgrade to its Windows 10 system, which costs £120.
It is estimated that there are still more than 440 million people using Windows 7 worldwide, which was first released in 2009.
A spokesperson for the NCSC said: “The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices.
“We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts.
“They should also consider accessing email from a different device.”
The national security agency warned that after Microsoft stopped supporting Windows XP in 2014 that hackers soon started exploiting weaknesses in the system.
Among the risks users run are having their computers infected with malware, which can steal sensitive details such as financial and banking information from their device.
The NCSC spokesman added: “As a result, it’s crucial to move away from them as quickly as possible.”
The Windows 7 operating system has previously been caught up in security lapses. In 2017, most of the NHS computers infected by the WannaCry ransomware attack, which caused almost 19,500 hospital appointments – including cancer referrals – to be cancelled, were found to be using the operating system.
However, report into the hacking, which affected 81 trusts in England and Wales, found that many of the systems had not been updated by NHS groups leaving them more vulnerable to cyber attack.
Microsoft said it will be providing security support for three more years to businesses using Windows 7 and for customers who are willing to pay for an upgraded package of updates.
However, the company itself warned users they would be at greater risk of hacking malware if they continued to use Windows 7 after Tuesday.
A Microsoft spokesman said: If you continue to use an unsupported version of Windows, your PC will still work, but it will become more vulnerable to security risks and viruses.
“Your PC will continue to start and run, but you will no longer receive software updates, including security updates, from Microsoft.”
Anybody who has a computer and access to the internet can technically produce a “deepfake” video, says John Villasenor, professor of electrical engineering at the University of California, Los Angeles.
“The technology can be used to make people believe something is real when it is not,” said Peter Singer, cybersecurity and defense focused strategist and senior fellow at New America.
A comparison of an original and deepfake video of Facebook CEO Mark Zuckerberg.
Elyse Samuels | The Washington Post | Getty Images
Camera apps have become increasingly sophisticated. Users can elongate legs, remove pimples, add on animal ears and now, some can even create false videos that look very real. The technology used to create such digital content has quickly become accessible to the masses, and they are called “deepfakes.”
Deepfakes refer to manipulated videos, or other digital representations produced by sophisticated artificial intelligence, that yield fabricated images and sounds that appear to be real.
Such videos are “becoming increasingly sophisticated and accessible,” wrote John Villasenor, nonresident senior fellow of governance studies at the Center for Technology Innovation at Washington-based public policy organization, the Brookings Institution. “Deepfakes are raising a set of challenging policy, technology, and legal issues.”
The rise of deepfakes and how Facebook, Twitter and Google work to stop them
In fact, anybody who has a computer and access to the internet can technically produce deepfake content, said Villasenor, who is also a professor of electrical engineering at the University of California, Los Angeles.
What are deepfakes?
The word deepfake combines the terms “deep learning” and “fake,” and is a form of artificial intelligence.
In simplistic terms, deepfakes are falsified videos made by means of deep learning, said Paul Barrett, adjunct professor of law at New York University.
Deep learning is “a subset of AI,” and refers to arrangements of algorithms that can learn and make intelligent decisions on their own.
But the danger of that is “the technology can be used to make people believe something is real when it is not,” said Peter Singer, cybersecurity and defense-focused strategist and senior fellow at New America think tank.
Singer is not the only one who’s warned of the dangers of deepfakes.
Villasenor told CNBC the technology “can be used to undermine the reputation of a political candidate by making the candidate appear to say or do things that never actually occurred.”
“They are a powerful new tool for those who might want to (use) misinformation to influence an election,” said Villasenor.
How do deepfakes work?
A deep-learning system can produce a persuasive counterfeit by studying photographs and videos of a target person from multiple angles, and then mimicking its behavior and speech patterns.
Barrett explained that “once a preliminary fake has been produced, a method known as GANs, or generative adversarial networks, makes it more believable. The GANs process seeks to detect flaws in the forgery, leading to improvements addressing the flaws.”
And after multiple rounds of detection and improvement, the deepfake video is completed, said the professor.
According to a MIT technology report, a device that enables deepfakescan be “a perfect weapon for purveyors of fake news who want to influence everything from stock prices to elections.”
In fact, “AI tools are already being used to put pictures of other people’s faces on the bodies of porn stars and put words in the mouths of politicians,” wrote Martin Giles, San Francisco bureau chief of MIT Technology Review in a report.
He said GANs didn’t create this problem, but they’ll make it worse.
How to detect manipulated videos?
While AI can be used to make deepfakes, it can also be used to detect them, Brookings’ Villasenor wrote in February. With the technology becoming accessible to any computer user, more and more researchers are focusing on deepfake detection and looking for a way of regulating it.
“Presently, there are slight visual aspects that are off if you look closer, anything from the ears or eyes not matching to fuzzy borders of the face or too smooth skin to lighting and shadows,” said Singer from New America.
But he said that detecting the “tells” is getting harder and harder as the deepfake technology becomes more advanced and videos look more realistic.
