Designing an Effective Course to Improve Cybersecurity Awareness for Engineering Faculties

Abstract

In the light of the expanding digitization, connectivity and interconnection of machines, products, and services in Industrie 4.0, the increasing trend of digitalization and transformation to cyber-physical production systems reveal serious cybersecurity-related issues. BSI (the federal office for information security) in Germany has compiled a list of the most cybersecurity threats faced by manufacturing and process automation systems. The results show that the top threats are social engineering and phishing. From these two threats, it is clear that use of non-technical means like human weaknesses and/or unawareness is gaining a lot of prominence. The aim is to gain unauthorized access to target information and IT systems. Furthermore, the goal is to install malware in the victim’s systems, for example, by opening infected attachments. Therefore, human factor becomes a widely discussed topic by cybersecurity incidents nowadays. Facing these threats by utilizing technical measurements alone is not sufficient. Thus, it is important to provide engineers with an adequate cybersecurity awareness like, new possible threats and risks caused by extensive using of digitization. To fill this gap of knowledge at engineering faculties, this paper presents an effective course that concentrates on cybersecurity issues. The focus is to improve the ability to understand and detect these new cybersecurity threats in the industry. By designing this innovative and effective course, a new assessment model is developed. The model is based on important aspects that are required for enhancing student’s social competences and skills. In the first step, students should work together in teams on a given problem based on best practice examples and contents learned during the course. Another aspect that the mentioned assessment model focuses on is giving a feedback review. In this phase, students have to read the paper of another group and then give a systematic feedback according to specific identified criteria. In the final step, students have to present the results and discuss them with the advisor and then get their grades. Our findings show that there is an acute lack of social competence and skill enhancement by the engineering faculties. We believe that these skills are fundamental for engineering careers and therefore are intensively considered in the introduced course and assessment model.