Cybersecurity and Incident Response Laboratory (CIRL) Proposal

The following is an example of a proposal I wrote to bring enhanced information assurance and security education to the College of Technology. Though the proposal never went forward I thought it might be interesting for others to read. There are a couple edits to protect the guilty and innocent, but otherwise it is a short concise curriculum proposal. It is written in the form of a letter (in fact was on my letter head originally). If you are looking at creating a curriculum like this or need more details feel free to ask. 


This proposal for a Cybersecurity and Incident Response curriculum is submitted by the faculty from the College of Technology and the Cyberforensics Laboratory at Purdue. The proposal is in three parts defining the requirements, impacts, and resources of this opportunity. This represents an executive summary of each area and is not expected to be the totality of the solution for this opportunity. This proposal represents an overview of the curricula changes and synthetic efforts of meeting a growing need with the widest appeal and the most flexibility for the undergraduate student body. Though not addressed within this proposal the undergraduate curriculum would represent a significant increase in matriculation to the graduate program already in place.

The Cyberforensics Laboratory at Purdue University directly impacts the security of Tippecanoe County, the State of Indiana, and the United States. The laboratory is actively involved in local, state and national cyber investigations as support for law enforcement through the High Technology Cyber Unit. The faculty are sought after subject matter experts internationally. The research productivity of the laboratory is unparalleled in any other program nationally. The faculty have hosted international cyberforensics and security conferences. Though the emphasis has always been on cyberforensics at Purdue the faculty are experts at information security.

Requirements and Options

There are numerous accrediting agencies that place curriculum and staffing requirements on a program of the type suggested. Though not an exhaustive list the government programs are the Centers of Academic Excellence supported by the National Security Agency, Department of Homeland Security and Defense Cyber Crime Center. There is also the government National Initiative for Cybersecurity Education which has numerous requirements and incentives. Organizational accreditations required for students who wish to work in the field include the American Academy of Forensics Sciences ‘’Forensics Science Education Programs Accreditation Commission’’. The curriculum as suggested for undergraduate education would meet all Purdue core curriculum requirements. Currently at Purdue University there is no degree or program in the system at an undergraduate level similar to the type being suggested.

Where possible this proposal suggests and follows a guiding principle of use what works and what already exists. Core courses and specialty courses already in existence are used through out the suggested curriculum. As such, requirements for faculty and facilities are streamlined to what is perceived to be the leanest possible solution. The program as defined closely aligns with alliterated and suggested industry needs. It is stated that the primary goal of this degree option is to provide an applied and innovation oriented curriculum for solving the most vexing issues of cybersecurity, investigation, and response. Tenet one of this proposal is that there are operators, innovators, and creators within the information technology community. This proposal is scoped to produce the operational and innovation professionals of the future through tool development and customization within the domain. Tenet two of this proposal is that cyberforensics and incident response techniques are the ultimate test of the security of systems. If you can do forensics on something it is in fact not secure. Tenet three is that hands on experience with cutting edge technologies and organic developed tools (student built) will build a better practitioner and professional for the future.

Impacts and Metrics

These are the metrics and how they are represented without discussing specific budget items that might be negotiated. The curriculum of Cybersecurity and Incident Response at the undergraduate level is a 120 hour, or four year degree program. As proposed it is an excellent candidate for compression into a 3 year program of study with a plus 2 masters degree option. The program as suggested has several components that can be moved into a distance learning environment but at this time the software and hardware tools are highly specialized and are constraints on distance learning. Approximately 20 courses from the core curriculum of Purdue University and the College of Technology are used to increase the speed of implementation.

There currently are only a limited number of courses that are discipline specific approved at Purdue University that could be used on a program of this type. At least 18 new courses in the information assurance and security discipline and cyberforensics and incident response discipline. Three new applied programming courses in the specified language C++ would be created. Seven courses in the forensics field would be created. 6 courses in the information assurance and security field would be created. The entire curriculum would be capped by a year long internship or project representing 2 courses.

All of the created courses would be “hands on” and involve significant laboratory activities. The technology solution within the laboratory is mature, but the space and support mechanisms are not. The current calendar for creation of a new curriculum before the start of 2015 would be nearly impossible to meet. The process for curriculum advancement through the university with an associated degree could be accomplished for the 2015 school year given the correct resources were applied.

Resources and Constraints

The Cyberforensics Laboratory at Purdue is currently a converted classroom in much the same configuration as when it was turned over to the program in 2004-05. Long ignored and resourced at the bare minimum necessary for immediate needs, recent media events have drawn criticism that it does not reflect cutting edge technology, at a top-tier research university. Currently 4 courses are taught in the laboratory on a normal day. Since the resources are also used by approximately 25 graduate students nearly around the clock, the converted classroom is a constraint.

A set of classrooms that were purpose constructed to focus on the forensics aspect in one classroom and the security aspect in another classroom makes sense. The classrooms would be constructed with knowledge walls and stations that maintain the open collaborative feel while supporting the secondary and tertiary uses the current labs is subject to.

As structured the proposed curriculum will suggest a program could support approximately 100 students (25 per academic year) and be scaled to approximately 500 students within 5 years (125 per academic year), if maximum efficiency was realized.. It is expected that students using the change of degree option might create a faster time to scale. The curriculum as structured only has 6 courses that might be required for leveling and those courses would be shared with other Purdue campuses and Ivy Technical College for ease of transition into Purdue.

This proposal requires additional resources be applied to College of Technology and directly to the organization of the Cyberforensics Laboratory to be effective. Three additional faculty are required. Approximately 20 courses not currently taught will be added with 9 fall offerings and 9 spring offerings. At 3 courses per semester the faculty involved would primarily be teaching and evaluated as two-thirds teaching and one-sixth each on service and research. The current laboratory space will not support this kind of growth as the physical plant would be exhausted just adding 3 more courses to the environment and it would negatively impact current graduate student research traumatically. Accreditation is a necessity within a program that is going to provide services to law enforcement and the courts. This makes hiring of appropriate faculty at program inception a necessity.

The question of distance learning and growth beyond the constraints of the physical space require very specific solutions. Current courses within the core curriculum of Purdue University as required are not all given as distance learning options. If this should be alleviated in some way other resource strategies and very specific targeted hires would open a substantial opportunity for growth. How substantial? A similar program at the University of Maryland was started and growth in a few years was from 0 to over 25 thousand students. It is considered a very high quality program as well.

In conclusion I will discuss a timeline. If this proposal was given administration support and approved to move forward in the next four weeks (by March 1), the program could be functionally prepared with curriculum approved and the degree option to the Indiana Commission for Higher Education (ICHE) for student enrolments Fall 2015. Dr. Liles moved the Purdue Calumet Computer Information Technology curriculum (whole sale change) in 16 weeks only to wait months on the ICHE. This aligns with a targeted hiring cycle for faculty in Fall 2014 and allows for efforts over summer 2014 on completion of the course work and degree option. A media campaign in fall 2014 and construction cycle of facilities would follow in spring 2015. Industry partners of Northrop Grumman, Lockhead Martin, Raytheon, Boeing, and others might support such an initiative generously.

Cybersecurity and Incident Response Curriculum

Sem Course Name Designator/Number Credits
F1 English Composition* ENGL 10600 3
F1 Introductory Analysis I* MA 22300 3
F1 Technology and Society* TECH 12000 3
F1 Introduction to applied C++ programming NEW 3
F1 Fundamentals of Information Assurance NEW 3
S1 Intermediate applied C++ programming NEW 3
S1 Introduction to Cyber Forensics and Incident Response NEW 3
S1 Communications Selective* COM 11400 3
S1 Introductory Analysis 2* MA 22400 3
S1 Info Tech Architectures CNIT 17600 3
F2 Economics Selective* AGEC 21700 3
F2 Cyber Forensics of File Systems NEW 3
F2 LAN Security NEW 3
F2 Data Communications and Networking CNIT 24000 3
F2 Communications* COM 11400 3
S2 Statistics Selective   3
S2 Forensics Science BIO 1* PENDING 3
S2 System Administration CNIT 24200 3
S2 Data structures in applied C++ Programming NEW 3
F3 Advanced System and Network Admin CNIT 34200 3
F3 Wireless Networks CNIT 3460 3
F3 Criminology SOC 32400 3
F3 Forensic Science BIO 2* PENDING 3
F3 Operating Systems Security NEW 3
S3 Advanced System and Network Admin CNIT 34200 3
S3 Unix Admin CNIT 34000 3
S3 Social Conflict and Criminal Justice SOC 32600 3
S3 Memory and Dynamic Storage Forensics NEW 3
S3 Applied Cryptography NEW 3
F4 Network Security CNIT 45500 3
F4 Security as Architecture NEW 3
F4 Forensics Tool Development 2 NEW 3
F4 Embedded and Mobile Forensics NEW 3
F4 CSDFIR Internship or Project 1 NEW 3
S4 Sociology of Criminal Law SOC 42000 3
S4 Intelligence collection and analysis NEW 3
S4 Forensic Reverse Engineering of Malware NEW 3
S4 Advanced Forensics Topics NEW 3
S4 CSDFIR Internship or Project 2 NEW 3

 120 Total Credit Hours and comprehensive of Purdue Core Curriculum Requirements

1 comment for “Cybersecurity and Incident Response Laboratory (CIRL) Proposal

  1. amosd
    February 28, 2014 at 1:18 pm

    This is great!! What happened to it? Did it meet the “usual” resistance?

Leave a Reply