Program objectives

The proposed Master of Science in Cybersecurity is an extension of the existing cybersecurity graduate certificate in the computer engineering program. The curriculum is composed of core cybersecurity courses plus electives from computer engineering, computer science, and mathematics. The program will cover the major security areas related to our interdependent network of information technology infrastructures, which includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. The degree will be offered in both on-campus and distance learning modes.

Justification in terms of University mission and academic strategic plan

Cybersecurity is basically computer security in the context of the internet. As the internet has grown into a globally pervasive presence, accessible anywhere through computers and personal handheld devices, the security of one's personal information and data is increasingly threatened by malicious entities which may be located anywhere in the world. The storage of our data in the "cloud" (such as on gmail and facebook) exposes us further to risks of exploitation, sometimes even by the companies providing the free services we have come to take for granted. The infrastructure of our societies, such as the electric grid and other utilities, are increasingly exposed and accessible through the internet, and monitoring and control systems may be subject to cyber-terrorist attacks.

There is a clear need for engineering professionals trained in cybersecurity to design and build secure systems and software, to monitor and respond to unknown and sophisticated attacks, and to participate in the evolution of cyber technology to domains we have not yet dreamed of.

The MS in Cybersecurity will enrich and expand the engineering graduate program in an area of vital importance to individuals, corporations, governments, and society.

Analysis of the new program's position in the market relative to competing programs and an analysis of the likely student demand

In recent years the US federal government has made cybersecurity a priority in the areas of Identity Management, Real Time Monitoring, Situational Awareness, Intrusion Detection, Vulnerability Scanning, Application Security, and Education and Training. Through federal agencies such as NIST, NSA, and NSF, cybersecurity research funding has increased and security standards have proliferated. Corporations with federal contracts are required to follow the federal security standards, and all companies, large or small, must dedicate resources to cybersecurity if they are to survive in cyberspace. The result is an increasing demand for engineers with cybersecurity training.

Many universities have master degree programs in cybersecurity, for example:

Penn State Intercollege Master of Professional Studies in Homeland Security

Carnegie Mellon, Master of Science in Information Security Technology and Management

University of Maryland University College Cybersecurity Master of Science

Stevens Institute of Technology, M.S. in Cybersecurity

Virginia College, Cybersecurity Master of Science

Northeastern University, Master of Science in Information Assurance

Drexel University, Master of Science in Cybersecurity (planned)

There are also many centers associated with universities and dedicated to cybersecurity, for example:

US-CERT (United States Computer Emergency Readiness Team)

CERT (at Carnegie Mellon University's Software Engineering Institute)

CyLab (Carnegie Mellon Cybersecurity Education and Research Center)

NSRC (Penn State Networking and Security Research Center)

CERIAS (Purdue Center for Education and Research in Information Assurance and Security)

CSAIL (MIT Computer Science and Artificial Intelligence Laboratory)

CSAIL CIS Group (Cryptography and Information Security Group)

There is a broad range of cybersecurity programs available to students, and with the increasing use of online/distance education, physical location of facilities hardly matters. Villanova engineering is poised to become a choice for students seeking education in cybersecurity, together with the Villanova experience, its diverse community of scholars, and dedication to the highest academic standards.

Quoting Dean Gabriele [1]:

At Villanova, engineers learn that engineering is more than just working with technology, it is working with people. The College of Engineering at Villanova sees the education of engineers in this larger context. We emphasize a culture of collaboration and community, a devotion to developing future scholars and leaders, and the development of a complete engineer.

The college of engineering statement on distance education states, in part [2]:

The traditional classroom is transforming. Villanova University's College of Engineering is at the forefront of this trend in its award winning e-learning program. With this evolving mode of delivering higher education, professors and students who are separated by physical distance are able to bridge the instructional gap through the use of technology. The College has three world-class e-learning classrooms that have allowed it to offer master's degrees fully online with the latest technology.

Using video teleconferencing, tablet PC's, and the latest rich-media web broadcast, classes can be delivered anytime, anywhere, to anyone, without compromising the quality of education. Everything in the program is broadcast live and then archived and made available to all students in the class 24 hours a day, seven days a week. In this way, the online program not only creates the online experience, but also enhances the regular in-class environment. This method of instruction provides the opportunity for students to pursue their engineering education with the flexibility that is essential in today's business world.

It is expected that most of the new part-time enrollment will consist of distance learning students.

[1] http://www1.villanova.edu/villanova/engineering/about/welcome.html
[2] http://www1.villanova.edu/villanova/engineering/academics/distance.html

The admission requirements are the same as those for the Master of Science in Computer Engineering [3]. In addition to the general requirements for admission to the College of Engineering, the program requires applicants to hold a bachelor's degree in Engineering, Computer Science, Mathematics, or applied sciences, from an accredited and/or reputable institution. The Graduate Record Examination is required for all students receiving their bachelor's degree outside of the United States. The TOEFL (Test of English as a Foreign Language) Examination is required of all students whose native language is not English.

[3] http://www1.villanova.edu/villanova/engineering/departments/electrical/graduate/masters/cpe.html

Completion of the degree requires 10 courses total, including the 2 required core courses, 2 courses from one of the specialization areas, an additional 2 courses from any of the specialization areas, and 4 electives. For the thesis option, electives must include the Independent Study and Research I & II courses.

Core Courses

ECE 8476 - Cryptography & Network Security
ECE 8484 - Cybersecurity Threats and Defense

Systems Specialization

ECE 8410 - Trusted Computing
ECE 8474 - Security in System Engineering
ECE 8485 - Critical Infrastructure Control Systems Security
ECE XXXc - Secure Software Development

Policy Specialization

ECE 8488 - Security Risk Assessment and Management
ECE XXXb - Legal Aspects of Computer Security and Information Privacy

Operations Specialization

ECE 8486 - Ethical Hacking
ECE 8489 - Malicious Software Analysis and Defense
ECE XXXa - Computer Forensics and Incident Handling

Elective Courses

In addition to the following courses, any of the specialization area courses may be used as electives.

ECE 7428 - Computer Communication Networks
ECE 8405 - Computer Organization & Design
ECE 8408 - Mobile Computing & Wireless Networking
ECE 8480 - Introduction to Cloud Computing
ECE 8482 - Semantic Web
ECE 9030 - Independent Study
ECE 9031 - Research I (thesis option)
ECE 9032 - Research II (thesis option)
ECE 9090 - ECE Project
CSC 8301 - Design & Analysis of Algorithms
CSC 8490 - Database Systems
CSC 8530 - Distributed Systems
MAT 7770 - Number Theory
MAT 8650 - Abstract Algebra

The existing computer engineering graduate curriculum already includes all of the listed elective courses, the two cybersecurity core courses, and three of the specialization courses.

For the master degree program, three initial new courses are proposed:

ECE 8474 - Security in System Engineering
ECE 8485 - Critical Infrastructure Control Systems Security
ECE 8489 - Malicious Software Analysis and Defense

ECE XXXa - Computer Forensics and Incident Handling
ECE XXXb - Legal Aspects of Computer Security and Information Privacy
ECE XXXc - Secure Software Development

The following three courses:

ECE 8476 - Cryptography & Network Security (R. Perry, FT)
ECE 8484 - Cybersecurity Threats and Defense (J. Solderitsch, PT)
ECE 8486 - Ethical Hacking (S. Streit, PT)

are currently taught by the full-time (FT) and part-time/adjunct (PT) faculty as noted above.

ECE 8484 was previously given in the computer science department; it has been renamed and assigned an ECE course number as part of the overall computer engineering graduate curriculum and cybersecurity certificate program.

The two courses recently added to the computer engineering curriculum in Fall 2012:

ECE 8410 - Trusted Computing (D. Chasaki, FT)
ECE 8488 - Security Risk Assessment and Management (C. Pak, PT)

ECE 8488 represents an increase of 1 PT in faculty.

The initial proposed new courses, to be added now for the cybersecurity master degree program:

ECE 8474 - Security in System Engineering (D. Chasaki, FT)
ECE 8485 - Critical Infrastructure Control Systems Security (J. Solderitsch, PT)
ECE 8489 - Malicious Software Analysis and Defense (C. Pak, PT)

The future proposed new courses, to be added later for the cybersecurity curriculum:

ECE XXXa - Computer Forensics and Incident Handling (PT)
ECE XXXb - Legal Aspects of Computer Security and Information Privacy (PT)
ECE XXXc - Secure Software Development (PT)

Overall, the increase in faculty associated with the cybersecurity degree program is 6 PT, which represents an addition of 2 part-time faculty each teaching two courses per year, not including the summer.

It is expected that the enrollment of part-time distance learning students (discussed at the end of section 3) will be sufficient to cover the expense of additional part-time faculty, so overall the proposed program is revenue neutral.

There are no implications for computing technology and library for the program.

One of the proposed new courses, ECE 8485 - Critical Infrastructure Control Systems Security, will have a significant laboratory component. The existing ECE laboratories are adequate for hosting this component, however Industrial Control Systems training kits will be required. These kits cost approximately $5,000 each commercially, and the program would require 10 kits. The estimated $50,000 total cost may be reduced significantly, perhaps to zero, by a combination of educational pricing and grants. Lockheed Martin corporation has expressed an interest in helping Villanova expand our cybersecurity program, and the NIST National Initiative for Cybersecurity Education is another potential source for grants.

The program will be available starting Fall 2013. The three initial proposed new courses will be introduced starting in Fall 2014. Assuming sufficient enrollment in the program, three additional new courses will be introduced starting in Fall 2015.

A sample sequence of 10 courses satisfying the degree requirements is:

ECE 8476 - Cryptography & Network Security
ECE 8484 - Cybersecurity Threats and Defense

ECE 8410 - Trusted Computing
ECE 8474 - Security in System Engineering

ECE 8486 - Ethical Hacking
ECE 8488 - Security Risk Assessment and Management
ECE 8489 - Malicious Software Analysis and Defense

ECE 7428 - Computer Communication Networks
ECE 8408 - Mobile Computing & Wireless Networking
ECE 8480 - Introduction to Cloud Computing

The addition of this new degree program is expected to increase enrollments in the elective course areas of computer engineering, computing sciences, and mathematics.

There are no institutional accreditation implications with this new graduate program.

Students who obtain the Master of Science in Cybersecurity degree will have the fundamental background necessary to pursue research and a career in that area. Students from industry will have the ability to apply their knowledge in the design of secure systems and development of the next generation of devices and software which will operate safely in cyberspace.

Every student who completes the program will have expertise in at least six of the core cybersecurity areas. Additionally, through the elective courses, every student will have additional expertise in one or more application areas where cybersecurity is implemented.

No formal assessment of the program will be required for accreditation reasons. The course instruction and content will be assessed using the existing course evaluation procedures.

The proposed program has no special needs in terms of classroom, lab, or office space and/or renovations, library resources, or computing and other technology.