Academia Menus

Skip Search Box

Academic Requirements for Designation as a Center of Academic Excellence in Cyber Operations

Academic Content Requirements:

Mandatory Program Content: (Knowledge Units)

  1. Low Level Programming Languages (must include programming assignments to demonstrate that students are capable of the desired outcomes)
  2. Low level programming allows programmers to construct programs that interact with a system without the layers of abstraction that are provided by many high level languages. Proficiency in low-level programming languages is required to perform key roles in the cyber operations field (e.g., forensics, malware analysis, exploit development). Specific languages necessary to satisfy this knowledge unit are:

    *Specific languages required to satisfy this knowledge unit are:

    • C programming
    • Assembly Language programming (for x86, ARM, MIPS or PowerPC)

    Outcome: **After completing the course content mapped to this knowledge unit, students will be able to develop programs that can be embedded into an OS kernel, such as a device driver, with the required complexity and sophistication to implement exploits for discovered vulnerabilities.

    C Language programming

    Outcome: Students will be able to write a program that implements a network stack to manage network communications.

    Assembly Language programming

    Outcome: Students will be able to write a functional, stand-alone assembly language program implementing a basic telnet client with no help from external libraries.

    * In addition to course syllabi, applications must include examples of hands-on low level programming assignments in both C and assembly language to demonstrate that students have achieved mastery of this KU.

    ** This KU can be satisfied with programming courses or via other courses that require significant programming to demonstrate the students have the requisite skill described in the outcomes.

  3. Software Reverse Engineering   (must include hands-on lab exercises)
  4. The discipline of reverse engineering provides the ability to deduce the design of a software component, to determine how something works (i.e., recover the software specification), discover data used by software, and to aid in the analysis of software via disassembly and/or decompilation. The ability to understand software of unknown origin or software for which source code is unavailable is a critical skill within the cyber operations field. Use cases include malware analysis and auditing of closed source software.

    *Specific topics to be covered in this knowledge unit include:

    • Reverse engineering techniques
    • Reverse engineering for software specification recovery
    • Reverse engineering for malware analysis
    • Reverse engineering communications (to uncover communications protocols)
    • Deobfuscation of obfuscated code
    • Common tools for reverse engineering including but not limited to:
      • Disassemblers (e.g., IdaPro)
      • Debuggers (e.g., gdb, OllyDbg, WinDbg)
      • Virtualization-based sandbox environments (e.g., VMware, Xen)
      • Process and file activity monitors (e.g., ProcMon)
      • Network activity monitors (e.g., Wireshark, tcpdump, TcpView)

    Outcome: Students will be able to use the tools mentioned above to safely perform static and dynamic analysis of software (or malware) of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality.

    * In addition to course syllabi, applications must include examples of hands-on lab exercises to demonstrate that students have achieved mastery of this KU.

  5. Operating System Theory
  6. Operating systems (OS) provide the platform on which running software acquires and uses computing resources. Operating systems are responsible for working with the underlying hardware to provide the baseline security capabilities of a system. Understanding the underlying theory of operating system design is critical to cyber operations as operating systems control the operation of a computer and the allocation of associated resources.

    Specific topics to be covered to satisfy this knowledge unit must minimally include:

    • Privileged vs. non-privileged states; and transitions between them (domain switching)
    • Concurrency and synchronization (e.g., semaphores and locks)
    • Processes and threads, process/thread management, synchronization, inter-process communications
    • Memory management, virtual memory, hierarchical memory schemes
    • Uni-processor and multi-processor interface and support
    • CPU Scheduling
    • File Systems
    • IO issues (e.g., buffering, queuing, sharing, management)
    • Distributed OS issues (client/server, message passing, remote procedure calls, clustering)

    Outcome: Students will have a thorough understanding of operating systems theory and implementation. They will be able to understand operating system internals to the level that they could design and implement significant architectural changes to an existing OS.

  7. Networking
  8. Computer and communications networks are the very environment in which cyber operations are conducted. An understanding of these networks is essential to any discussion of cyber operations activities.

    Specific topics to be covered to satisfy this knowledge unit must minimally include:

    • Routing, network, and application protocols including:
      • TCP/IP (versions 4 and 6)
      • ARP, BGP, SSL/TLS
      • DNS
      • SMTP
      • HTTP
    • Network architectures
    • Network security
    • Wireless network technologies
    • Network traffic analysis
    • Protocol analysis (examining component-to-component communication to determine the protocol being used and what it is doing)
    • Network mapping techniques (active and passive)

    Outcome: Students will have a thorough understanding of how networks work at the infrastructure, network and applications layers; how they transfer data; how network protocols work to enable communication; and how the lower-level network layers support the upper ones. They will have a thorough knowledge of the major network protocols that enable communications and data transfer.

  9. Cellular and Mobile Technologies
  10. As more communications are conducted via mobile and cellular technologies, these technologies have become critical (and continue to become more critical) to cyber operations. It is important for those involved in cyber operations to understand how data is processed and transmitted using these ubiquitous devices.

    Specific topics to be covered to satisfy this knowledge unit must minimally include:

    • Overview of smart phone technologies
    • Overview of embedded operating systems (e.g., iOS, Android)
    • Wireless technologies (mobile: GSM, WCDMA, CDMA2000, LTE; and Internet: 802.11b/g/n)
    • Infrastructure components (e.g., fiber optic network, evolved packet core, PLMN)
    • Mobile protocols (SS7, RR, MM, CC)
    • Mobile logical channel descriptions (BCCH, SDCCH, RACH, AGCH, etc.)
    • Mobile registration procedures
    • Mobile encryptions standards
    • Mobile identifiers (IMSI, IMEI, MSISDN, ESN, Global Title, E.164)
    • Mobile and Location-based Services

    Outcome: Students will be able to describe user associations and routing in a cellular/mobile network, interaction of elements within the cellular/mobile core, and end-to-end delivery of a packet and/or signal and what happens with the hand-off at each step along the communications path. They will be able to explain differences in core architecture between different generations of cellular and mobile network technologies.

  11. Discrete Math
  12. In order for cyber operators to make educated choices when provided with an array of algorithms and approaches to solving a particular problem, there are essential underlying concepts drawn from discrete mathematics, algorithms analysis, and finite automaton with which they should be familiar.

    Specific topics to be covered to satisfy this knowledge unit must minimally include:

    • Searching and sorting algorithms
    • Complexity theory
    • Regular expressions
    • Computability
    • Mathematical foundations for cryptography
    • Entropy

    Outcome: Given an algorithm, a student will be able to determine the complexity of the algorithm and cases in which the algorithm would/would not provide a reasonable approach for solving a problem.

    Outcome: Students will understand how variability affects outcomes, how to identify anomalous events, and how to identify the meaning of anomalous events. They will be able to integrate and differentiate continuous functions of multiple variables.

    Outcome: Students will understand how automata are used to describe computing machines and computation, and the notion that some things are computable and some are not. They will understand the connection between automata and computer languages and describe the hierarchy of language from regular expression to context file.

  13. Overview of Cyber Defense  (must include hands-on lab exercises)
  14. Cyber operations encompass both offensive and defensive operations. Defensive operations are essential in protecting our systems and associated digital assets. Understanding how defense compliments offense is essential in a well-rounded cyber operations program.

    **Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

    • Identification of reconnaissance operations
    • Anomaly/intrusion detection
    • Anomaly identification
    • Identification of command and control operations
    • Identification of data exfiltration activities
    • Identifying malicious code based on signatures, behavior and artifacts
    • Network security techniques and components (e.g., firewalls, IDS, etc.)
    • Cryptography (include PKI cryptography) and its uses in cybersecurity
    • Malicious activity detection
    • System security architectures and concepts
    • Defense in depth
    • Trust relationships
    • Distributed/Cloud
    • Virtualization

    Outcome: Students will have a sound understanding of the technologies and methods utilized to defend systems and networks. They will be able to describe, evaluate, and operate a defensive network architecture employing multiple layers of protection using technologies appropriate to meet mission security goals.

    ** In addition to course syllabi, applications must include examples of hands-on lab exercises to demonstrate that students have achieved mastery of this KU.

  15. Security Fundamental Principles  (i.e., “First Principles”)
  16. The first fundamental security design principles are the foundation upon which security mechanisms (e.g., access control) can be reliably built. They are also the foundation upon which security policies can be reliably implemented. When followed, the first principles enable the implementation of sound security mechanisms and systems. When not completely followed, the risk that an exploitable vulnerability may exist is increased. A solid understanding of these principles is critical to successful performance in the cyber operations domain.

    Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

    • General Fundamental design principles including:
      • Simplicity
      • Open Design
      • Design for Iteration
      • Least Astonishment
    • Security Design Principles including:
      • Minimize Secrets
      • Complete Mediation
      • Fail-safe Defaults
      • Least Privilege
      • Economy of Mechanism
      • Minimize Common Mechanism
      • Isolation, Separation and Encapsulation
    • Methods for Reducing Complexity including:
      • Abstraction
      • Modularity
      • Layering
      • Hierarchy

    Outcome: Students will possess a thorough understanding of the fundamental principles underlying cyber security, how these principles interrelate and are typically employed to achieve assured solutions, the mechanisms that may be built from—or due to—these principles.

    Outcome: Given a particular scenario, students will be able to identify which fundamental security design principles are in play, how they interrelate and methods in which they should be applied to develop systems worthy of trust.

    Outcome: Students will understand how failures in fundamental security design principles can lead to system vulnerabilities that can be exploited as part of an offensive cyber operation.

  17. Vulnerabilities
  18. Vulnerabilities are not random events, but follow a pattern. Understanding the pattern of vulnerabilities and attacks can allow one to better understand protection, risk mitigation, and identify vulnerabilities in new contexts. Vulnerability analysis and it's relation to exploit development are core skills for one involved in cyber operations.

    Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

    • Vulnerability taxonomies such as CVE, CWE, OSVDB, and CAPEC
    • Buffer overflows
    • Privilege escalation attacks
    • Input validation issues
    • Password weaknesses
    • Trust relationships
    • Race conditions
    • Numeric over/underflows
    • User-space vs. kernel-space vulnerabilities
    • Local vs. remote access

    Outcome: Students will possess a thorough understanding of the various types of vulnerabilities (design and/or implementation weaknesses), their underlying causes, their identifying characteristics, the ways in which they are exploited, and potential mitigation strategies. They will also know how to apply fundamental security design principles during system design, development and implementation to minimize vulnerabilities.

    Outcome: Students will understand how a vulnerability in a given context may be applied to alternative contexts and to adapt vulnerabilities so that lessons from them can be applied to alternative contexts.

  19. Legal
  20. People working in cyber operations must comply with many laws, regulations, directives and policies. Cyber operations professionals should fully understand the extent and limitations of their authorities to ensure operations in cyberspace are in compliance with U.S. law.

    Specific topics to be covered in this knowledge unit must minimally include:

    • International Law
      1. Jus ad bellum
        1. United Nations Charter
      2. Jus in bello
        1. Hague Conventions
        2. Geneva Conventions
    • U.S. Laws
      1. Constitution
        1. Article I (Legislative Branch)
        2. Article II (Presidency)
        3. Article III (Judiciary)
        4. Amendment 4 (Search and Seizure)
        5. Article 14 (Due Process)
      2. Statutory Laws
        1. Title 10 (Armed Forces)
        2. Title 50 (Espionage and Covert Action)
        3. Title 18 (Crimes)
          1. 18 USC 1030 (Computer Fraud and Abuse Act)
          2. 18 USC 2510-22 Electronic Communications Privacy Act
          3. 18 USC 2701-12 Stored Communications Act
          4. 18 USC 1831-32 Economic Espionage Acts

    Outcome: Given a cyber operations scenario, students will be able to explain the authorities applicable to the scenario.

    Outcome: Students will be able to provide a high-level explanation of the legal issues governing the authorized conduct of cyber operations and the use of related tools, techniques, technology and data.

Optional Program Content   (at least 10 of the following 18 optional knowledge units must be available)

  1. Programmable Logic Languages
  2. Hardware Design Languages
    Hardware Programming Languages

    Outcome:  Students will be able to specify digital device behavior using a programmable logic language. 

  3. FPGA Design
  4. Outcome: The student will be able to synthesize, simulate, and implement a programmable logic program on a programmable logic device. 

  5. Wireless Security (e.g., 2G/3G/4G/WiFi/Bluetooth/RFID)
  6. Outcome: Students will be able to describe the unique security and operational attributes in the wireless environment and their effects on network communications. They will be able to identify the unique security implications of these effects and how to mitigate security issues associated with them. 

  7. Virtualization
  8. Virtualization technology has rapidly spread to encompass workstations, servers, infrastructure devices, storage, and networks, and as such has become critical to cyber operations.

    Specific topics to be covered in this knowledge unit must minimally include, but are not limited to:

      Virtualization techniques
      Type 1 and Type 2 virtual machine architectures
      Uses of virtualization for:

        Resource savings (space, admin overhead)

    Outcome: Students will be able to discuss the advantages and disadvantages of virtualization, identify the different approaches for virtualizing computer systems, and list the security implications of each of the different approaches.

  9. Large Scale Distributed Systems
    • Cloud Computing/Cloud Security

    Outcome: Students will be able to describe different kinds of Cloud architecture models, services, security issues, and components (logical and physical). They will be able to identify all associated data paths within a given cloud design.

  10.  Risk Management of Information Systems
    • Models

    Outcome: Students will be able to identify classes of possible threats, what are the consequences associated with each threat, and what actions can be taken to mitigate the threat.

  11. Computer Architecture (includes Logic Design)
  12. Outcome:  Students will be able to define devices of electronic digital circuits and describe how these components are interconnected. They will be able to integrate individual components into a more complex digital system and understand the data path through a CPU.

  13. Microcontroller Design
  14. Outcome: Students will be able to integrate discrete components into a single processor element and describe ways of achieving performance efficiencies through combining components. They will be able to identify trade-offs associated with microcontroller optimization.

  15. Software Security Analysis
  16. This knowledge unit ensures that students will possess the ability to analyze software for the presence of weaknesses that may lead to exploitable vulnerabilities in operational systems.

      Source code analysis
      Binary code analysis
      Static code analysis techniques 
      Dynamic code analysis techniques
      Testing methodologies (Black Box/White Box/Fuzz)

    Outcome: Students will be able to perform analysis of existing source code for functional correctness. They will be able to apply industry standard tools that analyze software for security vulnerabilities. Through the application of testing methodologies, students should be able to build test cases that demonstrate the existence of vulnerabilities.

  17. Secure Software Development (Building Secure Software)
  18. This knowledge unit ensures that students are knowledgeable in the methods that lead to the development of robust, secure software.

      Secure programming principles and practices
      Constructive techniques (What process might provide for “good code.”)

    Outcome: Students should be able to demonstrate that they understand the techniques specifying program behavior, the classes of well known defects, how they manifest themselves in various languages, and show that they are capable of authoring programs that are free from defects.

  19. Embedded Systems
  20. Outcome: Students will be able to define requirements which lead to the design and fabrication of an embedded system. They will be able to program the microcontrollers to achieve an application-specific design and identify the security concerns associated with resource constrained devices.

  21. Forensics and Incident Response or Media Exploitation (not focusing on the legal aspect)
    • Operating system forensics
      Media forensics
      Network forensics
      Component forensics (cell phones, hard drives, etc.)

    Outcome: Students will be able to develop a profile of an individual user’s activity, determine the manner in which an operating system or application has been subverted, recover “deleted” and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of components.

  22. Systems Programming
  23. This knowledge unit ensures that students will be proficient in programming systems software (i.e., software that interacts with the system hardware and/or other low-level system components that interact with the hardware). Systems programming usually uses a low-level programming language (e.g., C, assembly) that allows efficient use of core resources. Systems programming is sufficiently different from applications programming such that programmers tend to specialize in one or the other.

      Kernel internals
      Device drivers
      Use of alternate processors (e.g., graphics card processors)

    Outcome: Students will be able to build and integrate kernel modules, understand the system call mechanism and how malicious software subverts system calls. They should demonstrate sufficient knowledge of the networking stack to be able to construct network filter components. They will also be able to discuss strengths and weaknesses of alternative processors and demonstrate familiarity of tool sets for making use of alternative processors (e.g., GPUs).

  24. Applied Cryptography
  25. Outcome: Students will be able to identify the appropriate uses of symmetric and asymmetric encryption. They will be able to assign some measure of strength to cryptographic algorithms and the associated keys. They will also be able to identify what level of algorithm strength is needed for particular applications and the implementation factors related to its suitability for use. Students will understand the common pitfalls associated with the implementation of cryptography, and will understand the challenges and limitations of various key management systems.

  26. SCADA Systems
  27. Outcome: Students will be able to describe how embedded systems are employed in industrial infrastructures and control systems. They will be able to identify means for capturing instrument telemetry and identifying feedback controls. They should be able to describe methods for managing distributed nodes and identify potential security vulnerabilities associated with the use of such systems and means for mitigating these vulnerabilities.

  28. HCI/Usable Security
  29. Outcome:  Students will understand user interface issues that will affect the implementation of and perception of security mechanisms and the behavioral impacts of various security “policies.”  They will also understand the tension between user security and convenience. 

    The following knowledge units may be credited towards meeting the optional academic content requirements of the Cyber Operations CAE Program (currently 10 out of the 16 identified option knowledge units). The addition of the below-identified optional knowledge units will not affect the minimum requirement which, for 2013, will remain at 10. These additional knowledge units may be incorporated into the formula for determining compliance in 2014 (e.g., 60 percent of the optional knowledge units), which will raise the minimum number of optional knowledge units to 11 of 18.

  30. Offensive Cyber Operations
  31. This knowledge unit provides a high-level overview of the phases of a cyber operation, from target identification through development of operational plans, execution, and assessment.

    Outcome: Students will understand the phases of a cyber operation, what each phase entails, who has authorities to conduct each phase, and how operations are assessed after completion.

  32. Hardware Reverse Engineering
  33. This knowledge unit provides students with an introduction to the basic procedures necessary to perform reverse engineering of hardware components to determine their functionality, inputs, outputs, and stored data.

    Outcome: Students will understand basic fundamental procedures such as probing, measuring, and data collection to identify functionality and to affect modifications to the hardware functionality.


Date Posted: Jan 10, 2012 | Last Modified: Nov 14, 2014 | Last Reviewed: Nov 14, 2014