Technology, Security, and Conflict in the Cyber Age IGA-236M, Harvard Kennedy School January 2015 Faculty: Professor James Waldo



Similar documents
Class Organization. Class participation is required and will be taken into account in final grading.

Cybersecurity and Privacy. Boston University, CS591/IR. Instructor: Timothy H. Edgar

Cyber Security Strategy of Georgia

Train Like You Will Fight

Cyber-Intelligence and Cyber-Espionage

Cyber Conflict. Professor Robert Axelrod SPP , Winter 2014 TuTh 8:30-10, 1220 Weill Hall Office Hours Tu 2-4

Political Science PRO-SEMINAR IN INTERNATIONAL RELATIONS THEORY Fall 2007 Tuesday 6:15-9:00 pm OLC 1131

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

The main object of my research is :

National Security in Today s World July 7-11, 2003

NATIONAL DEFENSE AND SECURITY ECONOMICS

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

CYBERSECURITY: DIVISION OF RESPONSIBILITY IN THE U.S. GOVERNMENT

Values 291 ETHICS IN SCIENCE University of Washington, Seattle Winter 2013: MWF 2:30 3:20, Savery 130 Course website: canvas.uw.

Academic Calendars. Term I (20081) Term II (20082) Term III (20083) Weekend College. International Student Admission Deadlines

Brief Biographical Sketch

INTRODUCTION TO URBAN & ENVIRONMENTAL PLANNING UP 423 / ARCH 423 / NRE 370 / ENVIRON 370 Fall 2003

Survey of Cyber Security Frameworks

Cybersecurity. Canisius College

POS 598 Reflexivity in Science and Governance

Obama s Cybersecurity Plan

How To Understand And Understand Cyber Security

Bellevue University Cybersecurity Programs & Courses

v. 03/03/2015 Page ii

Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

Cybersecurity: Authoritative Reports and Resources

BEN 600 ETHICAL ISSUES IN ENGINEERING AND RESEARCH. Fall MW 12:45 2:05 Bowne 414

CSE598k / CSE545 Advanced Network Security

The Stuxnet Worm The Nexus of Cyber Security and International Policy. By George Aquila Mentor: Ming Chow

Society s Dependence on Information Systems

International University of Monaco 12/04/ :50 - Page 1. Monday 30/01 Tuesday 31/01 Wednesday 01/02 Thursday 02/02 Friday 03/02 Saturday 04/02

GAO HOMELAND DEFENSE. U.S. Northern Command Has a Strong Exercise Program, but Involvement of Interagency Partners and States Can Be Improved

University-Wide Academic Calendar

Cybersecurity: Authoritative Reports and Resources

How To Become A Computer Scientist

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

MASTER OF PROFESSIONAL STUDIES

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

University-Wide Academic Calendar

Thank you for your very kind introduction.

Graduate Student Leadership Certificate Program Pilot

How To Protect Yourself From Cyber Crime

Security is Not a Commodity: The Road Forward for Cybersecurity Research

U.S. National Cybersecurity

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations

NATO & Cyber Conflict: Background & Challenges

September 10, Dear Administrator Scott:

Course Description: 1) Health insurance

CYBER SECURITY FOUNDATION - OUTLINE

University-Wide Academic Calendar

The Honorable Boyce F. Martin, JR., Circuit Judge United States Court of Appeals, Sixth Circuit Law Clerk (Sept Sept. 1984)

Symantec Cyber Security Services: A Recipe for Disaster

The Case for Support: The Center for Cyber Security Studies at the U. S. Naval Academy

NASDAQ DUBAI TRADING AND SETTLEMENT CALENDAR On US Federal Reserve Holidays, no settlements will take place for USD.

( 4EC C11392)

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

Confrontation or Collaboration?

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

Understanding Cyber Defense A Systems Architecture Approach

Politics of Environmental, Health, and Safety Regulation Professor Brendon Swedlow Northern Illinois University

Georgia Tech Cybersecurity Leadership Certificate Program July 25 29, 2016

Economic Bases of Power: The Study of Political Economy of National Security

Worm Was Perfect for Sabotaging Centrifuges By WILLIAM J. BROAD and DAVID E. SANGER

CTE Teacher Preparation Class Schedule Career and Technical Education Business and Industry Route Teacher Preparation Program

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Introduction to Security

Hybrid Warfare & Cyber Defence

GEORGIA STATE UNIVERSITY (SCHOOL OF PUBLIC ADMINISTRATION)

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

An Overview of Large US Military Cybersecurity Organizations

How To Teach Cyber Security

Disaster and Crisis Management in the Public, Private and Nonprofit Sectors RPAD 572/472 Instructor: Terry Hastings

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Capacity Building in Cyber Security Literacy: An Inter-disciplinary Approach

College of Architecture & Urban Planning The University of Michigan. Arch Hospital Design + Health Fall 2015

Collateral Effects of Cyberwar

UN Emergency Summit on Cyber Security Topic Abstract

The Importance of Knowing Your Case Study

Public Policy - A Review of the Program

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Cyber Terrorism and Australia s Terrorism Insurance Scheme. Physically Destructive Cyber Terrorism as a Gap in Current Insurance Coverage

The George Washington University Graduate School of Political Management Summer 2013

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

Eighth International Forum «State, Civil Society and Business Partnership on International Information Security» and

Legal Issues / Estonia Cyber Incident

COURSE SYLLABUS Employee Selection and Succession Management Human Resources Design 351 SUMMER, 2006 Module II

International Relations: Theory and Practice IGA-101

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

University of Maryland Cybersecurity Center (MC 2 )

Department of Political Science

The Homeland Security and Preparedness College of The NJ-OHSP

Contemporary Security Studies

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

Intelligence Analysis for Homeland Security RPAD 557

Transcription:

Course Description: Technology, Security, and Conflict in the Cyber Age IGA-236M, Harvard Kennedy School January 2015 Faculty: Professor James Waldo In our information age security policy, strategy, and management face exceptional challenges. The increasing reliance of modern society on networked computer systems creates unprecedented vulnerabilities coupled with open and simple pathways to exploit those vulnerabilities. Powerful nations are forced to adapt to a shrinking margin of safety. Today no nation, agency, industry, or firm is isolated from the new methods of harm: cyberwar, cyberespionage, cyberterrorism, and cybercrime. Traditional strategies and approaches to security need revision to apply to a world where threats can propagate instantaneously and where the identity or location of an adversary may not be known. Despite the magnitude of the problem, the field of cybersecurity strategy, policy, and management remains incipient. This course seeks to equip students with the tools necessary to conceptualize the cyber issue, develop policies appropriate for its resolution, and frame strategy and action to address the emerging threats. To that end, the course has four principal objectives: develop students understanding of the technical rudiments of cyberspace explore the nature of emergent and future cyber threats evaluate strategies and policy responses to these threats build professional skills in group work, scenario assessment, and memo writing No computer science background is required: a core aim of the course is to make the related technology comprehensible to a layperson. Students with technical expertise may find the course useful in developing an understanding of key issues in the strategic management of cybersecurity for the organizations of industry and government. Requirements and Grading: 1. Class Participation: Every student is expected to be prepared for and attend every class. Participation is important; it will count for 30% of your overall grade 2. Individual Policy Papers and Briefs: There will be daily writing assignments, some of which are produced by each student. These papers will count for 20% of your overall grade 3. Group Policy Papers and Briefs: Some of the daily writing assignments will be given to groups of students, organized by the instructors. These papers will count for 20% of your overall grade 1

4. Final Group Project: On the last day of class, we will have a table-top simulation that will require a number of policy and position papers and briefings, all done as part of a group. This will count for 30% of the grade. Course Schedule (Note: Guest Speakers are Tentative and Subject to Change): Monday : Code as a Weapon 1.) United States. Executive Office of the President. Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communication Infrastructure. May 2009. http://www.whitehouse.gov/assets/documents/cyberspace_policy_review_final.pdf 2.) Committee on Offensive Information Warfare, National Research Council. Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. Washington, DC: National Academies Press, 2009. Preface and Synopsis. Available Online: http://www.nap.edu/catalog.php?record_id=12651 3.) Symantec. Symantec Internet Security Threat Report: Trends for 2010. Vol. 16 (April 2011). https://www4.symantec.com/mktginfo/downloads/21182883_ga_report_istr_main- Report_04-11_HI-RES.pdf 4.) Ken Thompson. Reflections on Trusting Trust. Communication of the ACM. 27.8 (Aug. 1984): 761-763. http://cm.bell-labs.com/who/ken/trust.html 5.) Janet Abbate. Inventing the Internet. Cambridge: MIT Press, 2000. Chapter 1: White Heat and Coldwar: The Origins and Meanings of Packet Switching, Chapter 2: Building the ARPANET: Challenges and Strategies, and Chapter 4: From ARPANET to Internet. 6.) Nicolas Falliere, Liam O Murchu, and Eric Chien. W32.Stuxnet Dossier, Version 1.4. February 2011. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_s tuxnet_dossier.pdf 1.) Center for Strategic and International Studies. Securing Cyberspace for the 44 th Presidency. Dec. 2008. http://csis.org/files/media/csis/pubs/081208_securingcyberspace_44.pdf 2

2.) W. Brian Arthur. Increasing Returns and Path Dependence in the Economy. Ann Arbor, MI: University of Michigan Press, 1994. 3.) Susan Leigh Star. The Ethnography of Infrastructure. American Behavioral Scientist (1999) 43: 377-391. 4.) Paul A. David. Clio and the Economics of QWERTY. The American Economic Review 75.2 (1985): 332-337. Tuesday : A Networked World 1.) Steven M. Bellovin, Scott O. Bradner, Whitfield Diffie, Susan Landau, and Jennifer Rexford. Can It Really Work? Problems with Extending EINSTEIN 3 to Critical Infrastructure. Harvard National Security Journal. 3.1 (2011): 1-38. http://harvardnsj.org/wp-content/uploads/2012/01/vol.- 3_Bellovin_Bradner_Diffie_Landau_Rexford1.pdf 2.) Fred Schneider and Deirdre Mulligan. Doctrine for Cybersecurity. Daedalus. Fall 2011, 70-92. http://www.cs.cornell.edu/fbs/publications/publiccybersecdaed.pdf 3.) Vivek Kundra. Federal Cloud Computing Strategy. Feb. 2011. 1-6; 26-28. http://ctovision.com/wp-content/uploads/2011/02/federal-cloud-computing-strategy1.pdf 4.) United States. Government Accountability Office (GAO). Information Security: Additional Guidance Needed to Address Cloud Computing Concerns. Oct. 2011. http://www.gao.gov/assets/590/585638.pdf 5.) Tyler Moore, Richard Clayton, and Ross Anderson. The Economics of Online Crime. Journal of Economic Perspectives. 23.3 (2009): 3-20. http://people.seas.harvard.edu/~tmoore/jep09.pdf 6.) J.H. Saltzer, D.P.Reed, and D.D. Clark. End-to-End Arguments in System Design. ACM Transactions in Computer Systems. 2.4 (Nov. 1984): 277-288. http://web.mit.edu/saltzer/www/publications/endtoend/endtoend.pdf 3

7.) David D. Clark and Marjory S. Blumenthal. Rethinking the Design of the Internet: The End to End Arguments vs. the Brave New World. (2000). http://dspace.mit.edu/bitstream/handle/1721.1/1519/tprc_clark_blumenthal.pdf 1.) Scott D. Sagan. The Limits of Safety: Organizations, Accidents, and Nuclear Weapons. Princeton, NJ: Princeton UP, 1993. 2.) Charles Perrow. Normal Accidents: Living with High-Risk Technologies. Princeton, NJ: Princeton UP, 1984/1999. Introduction, and Chapter 3: Complexity, Coupling, and Catastrophe. 3.) Charles Perrow. The Next Catastrophe: Reducing Our Vulnerability to Natural, Industrial, and Terrorist Disasters. Princeton, NJ: Princeton UP, 2007/2011. 4.) Philip Auerswald, et al. Seeds of Disaster, Roots of Response. Oxford UP: 2006. 5.) Langdon Winner. Complexity, Trust and Terror. NetFuture #137, October 22, 2002. Wednesday: Asymmetry and Authentication 1.) David D. Clark and Susan Landau. Untangling Attribution. National Security Journal. 2.2. (2011). http://harvardnsj.org/wp-content/uploads/2011/03/vol.-2_clark-landau_final-version.pdf 2.) Committee on Offensive Information Warfare, National Research Council. Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. Washington, DC: National Academies Press, 2009. Chapter 5: Perspectives on Cyberattack Outside National Security. http://www.nap.edu/catalog.php?record_id=12651 3.) Orin S. Kerr. Cybercrime's Scope: Interpreting 'Access' and 'Authorization' in Computer Misuse Statutes. New York University Law Review. 78.5 (2003). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=399740 4.) Steptoe Cyberblog. The Hackback Debate. Nov. 2, 2012. http://www.steptoecyberblog.com/2012/11/02/the-hackback-debate/ 4

5.) An Introduction to Cryptography. (1999). ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/introtocrypto.pdf 6.) Tor. Wikipedia. http://en.wikipedia.org/wiki/tor 1.) Butler Lampson, Martin Abadi, Michael Burrows, and Edward Wobber. Authentication in Distributed Systems: Theory and Practice. ACM Transactions in Computer Systems. 10.4 (Nov. 1992): 265-310. http://research.microsoft.com/enus/um/people/blampson/45-authenticationtheoryandpractice/acrobat.pdf Thursday : Cyberwar 1.) Richard Clarke and Robert Knake. Cyber War: The Next Threat to National Security and What to Do About It. Ecco, 2010. 2.) John Arquilla. Cyberwar Is Already Upon Us. Foreign Policy. March/April, 2012. http://www.foreignpolicy.com/articles/2012/02/27/cyberwar_is_already_upon_us 3.) United States. Department of Defense. Department of Defense Strategy for Operating in Cyberspace. July 2011. http://www.defense.gov/news/d20110714cyber.pdf 4.) Joseph Nye. Nuclear Lessons for Cyber Security. Strategic Studies Quarterly Winter 2011. http://www.au.af.mil/au/ssq/2011/winter/nye.pdf 5.) Thomas Rid. Cyber War Will Not Take Place. Journal of Strategic Studies. 35:1 (2012): 5-32. 6.) David Sanger. Confront and Conceal: Obama s Secret Wars and Surprising Use of American Power. New York: Crown, 2012. Prologue and Chapter 8. 7.) Harold Koh. International Law in Cyberspace. USCYBERCOM Inter-Agency Legal Conference. Sept. 18, 2012. http://opiniojuris.org/2012/09/19/harold-koh-on-international-law-in-cyberspace/ 5

1.) United States. Department of Defense. Department of Defense Cyberspace Policy Report. Nov. 2011. http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/ndaa%20section%2093 4%20Report_For%20webpage.pdf 2.) Bill Gertz. Computer-Based Attacks Emerge as Threat of Future, General Says. Washington Times. Sept. 3, 2011. http://www.washingtontimes.com/news/2011/sep/13/computer-based-attacks-emerge-as-threatof-future-/?page=all 3.) Jack Goldsmith. Cybersecurity Treaties: A Skeptical View. Hoover Institution. 2011. http://media.hoover.org/sites/default/files/documents/futurechallenges_goldsmith.pdf 4.) Thomas Mahnken. Why Cyberwar Isn t the Warfare You Should Worry About. Foreign Policy. July 2012. http://shadow.foreignpolicy.com/posts/2012/07/23/avoiding_cyber_hysteria 5.) Committee on Deterring Cyberattacks, National Research Council. Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy. Washington, DC: National Academies Press, 2010. http://www.nap.edu/catalog.php?record_id=12997 6.) Thomas Rid. Think Again: Cyberwar. Foreign Policy. March/April, 2012. Available Online: http://www.foreignpolicy.com/articles/2012/02/27/cyberwar 7.) Michael N. Schmitt. Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework. Columbia Journal of Transportation Law. (1999). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1603800 8.) Kenneth Anderson. Readings: Harold Koh Lays Out US Government Position on Cyberspace and International Law. Lawfare. Sept. 19, 2012. http://www.lawfareblog.com/2012/09/readings-harold-koh-lays-out-us-government-position-oncyberspace-and-international-law/ 9.) Paul Rosenzweig. The Organization of the United States Government and Private Sector for Achieving Cyber Deterrence. 2010. Draft. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1651905 No assigned readings Friday : Table-Top Activity 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information