Class Organization. Class participation is required and will be taken into account in final grading.



Similar documents
Information Security Law: Control of Digital Assets.

Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015

Please see Section IX. for Additional Information:

In an age where so many businesses and systems are reliant on computer systems,

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Retaliatory Hacking: Risky Business or Legitimate Corporate Security?

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

U. S. Attorney Office Northern District of Texas March 2013

PRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS

FINAL // FOR OFFICIAL USE ONLY. William Noonan

The Problems With SEC s Cybersecurity Approach

An Overview of Cybersecurity and Cybercrime in Taiwan

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Technology, Security, and Conflict in the Cyber Age IGA-236M, Harvard Kennedy School January 2015 Faculty: Professor James Waldo

Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills

Case 3:09-cr JAP Document 84 Filed 11/30/11 Page 1 of 7 PageID: 376

PUBLIC HEALTH LAW AND ETHICS

SYLLABUS TAX FRAUD AND TAX CRIMES LAWG

Cybercrime: A Sketch of 18 U.S.C and Related Federal Criminal Laws

Cybercrime in Canadian Criminal Law

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

DEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Legislative Language

October 24, Mitigating Legal and Business Risks of Cyber Breaches

TITLE I FORMER VICE PRESIDENT PROTECTION ACT

Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime (3d ed.)

Big Data As a Threat? An Alternative Approach to Cybersecurity

Corporate Perspectives On Cybersecurity: A Survey Of Execs

Statement National Strategy for Trusted Identities in Cybersecurity Creating Options for Enhanced Online Security and Privacy

Case 8:13-cv VMC-TBM Document 36 Filed 03/17/14 Page 1 of 11 PageID 134 UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA TAMPA DIVISION

Cyber-insurance: Understanding Your Risks

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Cybersecurity y Managing g the Risks

UNIVERSITY OF WISCONSIN-EAU CLAIRE COLLEGE OF ARTS AND SCIENCES Department of Political Science Criminal Justice Program

Advanced Eye Care & Optical 499 E Winchester Blvd., Suite 101 Collierville, TN Phone: Fax:

Data Breach Response Planning: Laying the Right Foundation

Cyber Security Strategy

FACT SHEET: PROJECT SAFE CHILDHOOD

S. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybercrime CCJS 418B Spring 2014

UN Emergency Summit on Cyber Security Topic Abstract

Legal and Ethical Issues Facing Computer & Network Security Researchers

Pulmonary Associates of Richmond, Inc. Notice of Privacy Practices Page 1 of 6

UAB MY HEALTH REWARDS BIOMETRIC SCREENING PROGRAM NOTICE OF HEALTH INFORMATION PRACTICES

S. ll IN THE SENATE OF THE UNITED STATES

DIVISION N CYBERSECURITY ACT OF 2015

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS

BSA GLOBAL CYBERSECURITY FRAMEWORK

Cyber Risks in the Boardroom

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

CYBERSECURITY RISK MANAGEMENT

Transcription:

Cybersecurity: The Challenges of Securing Cyberspace Leonard Bailey and Kimberley Raleigh, Adjunct Professors Georgetown University Law Center Spring 2015 (Edited 3/21/15) Class meets for two hours on Wednesdays at 5:45 p.m. Overview. The course will explore why securing the Nation s computer systems, which has been a goal of multiple successive administrations and has broad bipartisan and public support has proven to be so difficult to realize. The topics presented will include the legal and policy framework for cybersecurity, roles and responsibilities of government agencies, private sector cybersecurity risk management, information sharing, and international issues including internet governance, law enforcement cooperation, and nation state activity in cyberspace. Office Hours and Availability. Professors Bailey and Raleigh are available for telephone conferences or meetings by appointment. To schedule, please contact Professor Bailey or Professor Raleigh at Class Organization. Class participation is required and will be taken into account in final grading. Laptops will be allowed in the classroom, but use of the Internet for any activity other than accessing course materials is not allowed. No audio or visual recording devices are permitted in the classroom. Readings. There is no assigned textbook for this class. The reading will consist of academic and general media articles, judicial decisions, statutes, regulations, and executive branch documents listed below. Documents listed below without a link will be posted on Courseware. Additional readings on topical issues will be added to Courseware after the start of the semester. The professors will endeavor to inform the class when materials are added, but students are responsible for checking the website before class each week. The class password is. Writing Assignment. There will be a short, pass/fail writing assignment to prepare students for participation in the exercise that we will be conducting in class 9. The assignment will be due at the beginning of that class and counts toward the class participation grade. To receive credit for its completion, students must turn it in on time. Class Presentation. Students will select a topic and a partner and prepare a ten minute class presentation. An additional five minutes will be reserved for each pair to engage the class in a question and answer session. Active class participation is expected. Exam. There will be a four- hour take- home exam that will cover concepts from class and the readings. The exam questions will be available from the beginning of the exam period; answers must be turned in by Monday, May 4, 2015 at 9 a.m. Grading. Class Participation: 20%

Class Presentation: 30% Exam: 50% Course Syllabus and Reading Assignments. 1. January 14, 2015: Course Overview and Cyber Threats (Prof. Bailey and Prof. Raleigh) Steven G. Bradbury, The Developing Legal Framework for Defensive and Offensive Cyber Operations, 2 Harv. Nat'l Sec. J. 591 (2011), available at http://harvardnsj.org/2011/04/the- developing- legal- framework- for- defensive- and- offensive- cyber- operations/ Gregory T. Nojeim, Cybersecurity: An Idea Whose Time Has Not Come And Shouldn t, 8 I/S: J. L. & Pol'y for Info. Soc'y 413 (Fall 2012), available at http://moritzlaw.osu.edu/students/groups/is/files/2012/02/8.nojeim.pdf Amanda Vicinanzo, U.S. Cybersecurity Practices Fail to Keep Pace with Cyber Adversaries, available at http://www.hstoday.us/briefings/industry- news/single- article/us- cybersecurity- practices- fail- to- keep- pace- with- cyber- adversaries/170a083812f4f52eb11575675d8739a0.html a. What is cybersecurity? b. Who are the stakeholders? c. Who conducts cybersecurity activities and uses cybersecurity authorities? d. What are the cyber threats that pose the greatest risk to information systems? 2. January 21, 2015: Internet Technology and Its Impact on Legal Frameworks (Prof. Bailey) Barry M. Leiner, Vinton G. Cerf, David D. Clark, Robert E. Kahn, Leonard Kleinrock, Daniel C. Lynch, Jon Postel, Lawrence G. Roberts, Stephen S. Wolff, The Past and Future of the Internet, available at ttp://groups.csail.mit.edu/ana/publications/pubpdfs/the%20past%20and%20future%20history%20of% 20the%20internet.pdf [Available on Courseware] Kyllo v. United States, 533 U.S. 27 (2001) [Excerpt on Courseware] United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2007) [Excerpt On Courseware] United States v. Knotts, 460 U.S.276 (1983) [Excerpt On Courseware] a. Why was the Internet created and what purposes was it intended to serve? b. How did this vision of the Internet influence its subsequent development and use? c. How have courts approached interpreting the law in cases in which technology is central to the disposition of the case? 3. January 28, 2015: Corporate Cybersecurity Risk Management Part 1 (Prof. Raleigh) Michael Riley, Ben Elgin, Duen Lawrence, and Carol Matlack, Missed Alarms and 40 Million Stolen Credit Cards: How Target Blew It, in Bloomberg Businessweek, available at http://www.businessweek.com/articles/2014-03- 13/target- missed- alarms- in- epic- hack- of- credit- card- data

In re Target Corporation Customer Data Security Breach Litigation - Consumer Cases, available at http://www.courthousenews.com/2014/12/19/target.pdf McDonald Hopkins, Data Privacy Class Action Puts Bulls Eye On Target s Directors and Officers, available at http://www.mcdonaldhopkins.com/alerts/data- privacy- class- action- puts- bulls- eye- on- targets- directors- and- officers Division of Corporation Finance, SEC, CF Disclosure Guidance: Topic No.2, Cybersecurity, October 13, 2011, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance- topic2.htm Community Health Systems, Inc., SEC Form 8- K, available at http://www.sec.gov/archives/edgar/data/1108109/000119312514312504/d776541d8k.htm a. Who manages cyber risk in an organization? b. How do we incentivize adoption of good cyber hygiene? c. Who should bear the cost of a breach? 4. February 4, 2015: Corporate Cybersecurity Risk Management Part 2 (Prof. Raleigh) Julie Brill, Comm r, FTC, On the Front Lines: the FTC s Role in Data Security (Sept. 17, 2014), available at http://www.ftc.gov/system/files/documents/public_statements/582841/140917csisspeech.pdf FTC v. Wyndham Worldwide Corporation et al., Opinion Denying Motion to Dismiss, available at http://www.ftc.gov/system/files/documents/cases/140407wyndhamopinion.pdf Federal Trade Commission, In the Matter of TRENDnet, Inc., complaint, available at http://www.ftc.gov/sites/default/files/documents/cases/2013/09/130903trendnetcmpt.pdf and consent decree, available at http://www.ftc.gov/system/files/documents/cases/140207trendnetdo.pdf Dissenting Statement of Comm r Michael O Rielly, FCC, TerraCom, Inc. and YourTel America, Inc., Apparent Liability for Forfeiture, File No.: EB- TCD- 13-00009175, available at http://www.fcc.gov/article/fcc- 14-173a5. a. What is FTC s authority to regulate data security? b. Are regulatory agencies required to provide notice through rule- making? 5. February 11, 2015: Legal Framework for Monitoring Electronic Communications (Prof. Bailey) Smith v. Maryland, 442 U.S. 735 (1979) [Excerpt on Courseware] California v. Riley, 134 S.Ct. 2473 (2014) [Excerpt on Courseware] United States v. Cotterman, 709 F.3d 952 (9 th Cir. 2013) [Excerpt on Courseware] United States v. New York Telephone, 434 U.S. 159 (1977) 18 U.S.C. 2510 and 2511 [Excerpt on Courseware] 18 U.S.C. 2702 [Excerpt on Courseware] 18 U.S.C. 3121 [Excerpt on Courseware] a. How does cybersecurity monitoring implicate the Fourth Amendment and electronic surveillance statutes? b. What different types of electronic communications do the Wiretap Act, Pen Register/Trap and Trace Statute, and Stored Communications Act regulate?

c. How are cybersecurity activities conducted without violating these constitutional and statutory provisions? 6. February 25, 2013: Computer Crimes (Prof. Bailey) 18 U.S.C. 1030 [Excerpt on Courseware] Ciphertrust White Paper, What Email Hackers Know that You Don t, available at http://archives.scovetta.com/pub/infosec/ciphertrust- %20What%20Email%20Hackers%20Know%20That%20You%20Do%20Not.pdf [Available on Courseware] United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc) [Excerpt on Courseware] Orin Kerr, Vagueness Challenges to the Computer Fraud and Abuse Act, 94 Minn. Law Rev. 1561 (2010) available at http://www.minnesotalawreview.org/wp- content/uploads/2012/03/kerr MLR.pdf [Available on Courseware] Criminal Complaint in United States v. Auernheimer, available at http://www.dmlp.org/sites/dmlp.org/files/2011-01- 13- Govt%20Criminal%20Complaint.pdf [Available on Courseware] a. How should a computer intrusion be defined by law? b. What should determine whether unauthorized access has occurred and how do they potentially affect cybersecurity activities conducted for non- malicious purposes (e.g., computer security research)? c. What challenges are raised in pursuing these offenses? 7. March 4, 2015: Cybersecurity Standards, Threat Information Sharing, and Law Enforcement Cooperation (Prof. Raleigh) Rosenzweig, Paul, Cybersecurity, the Public/Private 'Partnership,' and Public Goods (September 7, 2011), Hoover National Security and Law Task Force, 2011, pp 8-29, available at SSRN: http://ssrn.com/abstract=1923869 Executive Order 13636, Improving Critical Infrastructure Cybersecurity, available at http://www.whitehouse.gov/the- press- office/2013/02/12/executive- order- improving- critical- infrastructure- cybersecurity Executive Order [], Promoting Private Sector Cybersecurity Information Sharing, available at http://www.whitehouse.gov/the- press- office/2015/02/13/executive- order- promoting- private- sector- cybersecurity- information- shari Department of Justice Response to CyberPoint International Request for Business Review Letter, available at http://www.justice.gov/atr/public/busreview/309071.htmhttp://www.justice.gov/atr/public/busrevie w/309071.htm Skim: NIST, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014, available at http://www.nist.gov/cyberframework/upload/cybersecurity- framework- 021214.pdf Council of Europe Convention on Cybercrime, Chapter III- - International Co- operation, available at http://www.conventions.coe.int/treaty/en/treaties/html/185.htm

a. What are the goals of information sharing? b. What legal and policy issues may impede information sharing? c. Should the government have a role in mandating that critical infrastructure entities maintain a certain standard of network defense? d. Should the government be expected to defend the private sector from network attacks perpetrated by nation states? e. How does the US share information with international partners, and what mechanism is there for cross- border investigative assistance? 8. March 18, 2015: Cybersecurity Incident Response (Prof. Bailey) Solar Sunrise Video [Available at https://www.youtube.com/watch?v=bor5ctqynsa&noredirect=1] Lysa Myers, Active Defense: Good Protection Doesn t Need to be Offensive, [Available at http://www.welivesecurity.com/2013/11/19/active- defense- good- protection- doesnt- need- to- be- offensive/] Stewart Baker, Steptoe and Johnson Blog, available at http://www.steptoecyberblog.com/2012/11/02/the- hackback- debate/ [Available on Courseware] Mark Young, U.S. Government Cybersecurity Relationships, 8 I/S: J. L. & Pol'y for Info. Soc'y 281 (Fall 2012) [Excerpt online available at http://moritzlaw.osu.edu/students/groups/is/files/2012/02/3.young_.pdf] a. Who in the government is in charge of cybersecurity? b. How are cyber incidents handled by the private sector and the government? What factors determine how a cyber incident is handled? c. Can a victim hack back to secure its stolen data? 9. March 25, 2015: Table Top Exercise (Prof. Bailey and Prof. Raleigh) Exercise Scenario to be provided to students. 10. April 1, 2015: International Law and Nation State Conduct in Cyberspace (Prof. Raleigh) Michael N. Schmitt, International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed, 54 HARV. INT L L.J. ONLINE 13 (2012), available at http://www.harvardilj.org/2012/12/online- articles- online 54 schmitt/ Eichensehr, Kristen, The Cyber- Law of Nations (January 8, 2014). 103 Geo. L.J. 317 (2015), available at SSRN: http://ssrn.com/abstract=2447683 Review: Section III, Offensive Cyber Operations in Steven G. Bradbury, The Developing Legal Framework for Defensive and Offensive Cyber Operations, 2 Harv. Nat'l Sec. J. 591 (2011), available at http://harvardnsj.org/2011/04/the- developing- legal- framework- for- defensive- and- offensive- cyber- operations/ a. Do the laws of war provide an adequate framework for nation state activity on the Internet? b. What constitutes a use of force in cyberspace? c. When does a cyber attack amount to an armed attack?

d. How does uncertain attribution impact a state s response to a cyber attack? e. What non- military action might the US Government take in response to a network attack by a nation state? f. How is the Internet governed? 11. April 8, 2015: The Future of Cybersecurity and STUDENT PRESENTATIONS (Prof. Bailey and Prof. Raleigh) Paul Rosensweig, The Organization of the United States Government and Private Sector for Achieving Cyber Deterrence, available at sites.nationalacademies.org/cs/groups/cstbsite/documents/webpage/cstb_059443.pdf [Available on Courseware]. Vivek Wadhwa, Laws and Ethics Can't Keep Pace with Technology, MIT Technology Review (2014) available at http://www.technologyreview.com/view/526401/laws- and- ethics- cant- keep- pace- with- technology/ 12. April 15, 2015: STUDENT PRESENTATIONS (Prof. Bailey and Prof. Raleigh) 13. April 22, 2013: Course Wrap- Up (review, Q&A, exam overview, class evaluations) (Prof. Bailey and Prof. Raleigh)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information