8.1 Law-enforcement capabilities

Assisting in the efforts to enhance law-enforcement's capabilities for preventing and prosecuting cyberspace attacks will mean reporting more incidents and filing necessary complaints to support the prosecution of perpetrators. The importance of reporting incidents to law enforcement and how to report incidents is discussed in depth in Chapter 4.

In addition to increased and improved reporting of computer-related incidents, organizations also need support of training programs for lawenforcement professionals, as well as IT security professionals to work with law enforcement. There has been considerable effort put forth to train more IT security professionals. This effort will better enable the enforcement of laws, because organizations will have more qualified staff to assist lawenforcement actions. Although there have been several national initiatives to improve training, much of the actual training takes place at the local level.

One example of how the gap between national initiatives and local resources has been bridged is the National INFOSEC Education & Training Program supported by the NSA, the National Science Foundation (NSF), and other federal agencies.

The NSF provides financial support for the Federal Cyber Service: Scholarship for Service Program designed to increase the number of qualified students entering the fields of information assurance (IA) and computer security and to increase the capacity of the U.S. higher-education enterprise to continue to produce professionals in these fields. The program has two tracks.

The scholarship track provides funding to colleges and universities to award scholarships in the IA and computer security fields. Scholarship recipients will become part of the Federal Cyber Service of IT specialists, who ensure the protection of the U.S. government information infrastructure. Upon graduation, after their two-year scholarships, the recipients are required to work for a federal agency for two years in fulfillment of their Federal Cyber Service commitment.

The capacity-building track provides funds to colleges and universities to improve the quality and increase the training of IA and computer security professionals through the professional development of IA faculty and the development of academic programs. Partnerships designed to increase participation by underrepresented groups are particularly encouraged.

The NSA certifies academic programs for participation in the Federal Cyber Service: Scholarship for Service Program as Centers of Academic Excellence in Information Assurance Education. NSA grants the designations following a rigorous review of university applications against published criteria based on training standards established by the National Security Telecommunications and Information Systems Security Committee (NSTISSC). The NSTISSC has established standards for IS security professionals that provide the minimum training and education standards for properly executing the duties and responsibilities of:

• Information systems security (INFOSEC) professionals

• Designated approving authority (DAA)

• System administration (SA) in IS security

• IS security officers (IAD)

The Information Assurance Courseware Evaluation Process takes the next step in meeting national education and training requirements in IA. The process systematically assesses the degree to which the various institutional, college, and university curriculums satisfy NSTISSI standards. The NSTISSC Education, Training, and Awareness Issue Group (ETAIG) established the Information Assurance Courseware Evaluation Working Group (IACEWG) to develop and implement this process. The process certifies institutions as meeting all of the elements of a specific standard with a designated set of courseware. The certification does not make a judgment as to the quality of the presentation of the material within the set of courseware, but only that all of the elements of a specific standard are covered.

The process assesses the curriculum of an institution, college, or university against the NSTISSI standards. The data for this evaluation is electronically submitted by the institution in a standardized format through an interactive Web site that will also maintain the privacy of the information. All submissions must be made electronically. Much of the required information was previously developed by institutions requesting designation as a Center of Academic Excellence under the Centers of Academic Excellence in Information Assurance Education (CAEIAE) program.

The IACE submission will identify specific courses of instruction and will provide a mapping of the course content against the elements of an NSTISSI standard. The mapping will be performed for all the applicable courses, and an evaluation will be made by a review board to determine the degree to which the institution meets the standards. After working with the institution to ensure all the elements of the standard are met, the institution will receive formal certification. It is important to note that this process certifies the institution, not the individual attending the institution. Certified institutions will be authorized to issue certificates to their students.

Each year, newly designated CAEIAEs are recognized in a formal presentation at the annual Conference of the Colloquium for Information Systems Security Education. The colloquium conference provides a forum for key officials in government, industry, and academia to focus on current and emerging requirements in IA education and to encourage the development and expansion of curricula at graduate and undergraduate levels. As of summer 2003, the 50 universities designated as CAEIAEs are the following:

• Air Force Institute of Technology

• Auburn University

• Capitol College

• Carnegie Mellon University

• Drexel University

• East Stroudsburg University

• Florida State University

• George Mason University

• George Washington University

• Georgia Institute of Technology

• Idaho State University

• Indiana University of Pennsylvania

• Information Resources Management College of the National Defense University

• Iowa State University

• James Madison University

• Johns Hopkins University

• Mississippi State University

• Naval Postgraduate School

• New Jersey Institute of Technology

• New Mexico Institute of Mining and Technology

• North Carolina State University

• Northeastern University

• Norwich University

• Pennsylvania State University

• Polytechnic

• Portland State University

• Purdue University

• Stanford University

• State University of New York, Buffalo

• State University of New York, Stony Brook

• Stevens Institute of Technology

• Syracuse University

• Texas A&M University

• Towson University

• University of California, Davis

• University of Dallas

• University of Idaho

• University of Illinois, Urbana-Champaign

• University of Maryland, Baltimore County

• University of Maryland, University College

• University of Massachusetts, Amherst

• University of Nebraska, Omaha

• University of North Carolina, Charlotte

• University of Pennsylvania

• University of Texas, San Antonio

• University of Tulsa

• University of Virginia

• U.S. Military Academy, West Point

• Walsh College

• West Virginia University