|
March 31 |
Introduction
Overview of the Cybersecurity Challenge |
|
|
Lecture Slides
Click here to download lecture slides. |
|
April 7 |
Technology 101: Background on Networks,
the Internet, Hacking and Cyber Attacks |
|
|
Lecture
Slides
Click here to download lecture slides.
Suggested
Readings
(Intro) "How Internet
Infrastructure Works," Jeff Tyson.
(Intro) "How
Does the Internet Work?" Rus Shuler.
(Moderately Technical) "The
Strange Tale of the Denial of Service Attacks Against GRC.com,"
Steve Gibson.
(Moderately Technical) "Inferring
Internet Denial-of-Service Activity," Moore et al. USENIX
Security 2001.
(Very Techie) CAIDA
Security Analyses
(Very Techie) "Measuring
ISP Topologies with Rocketfuel," Spring et al. Sigcomm
2002. (Alternate
copy.) |
|
April 14 |
Policy 101: Background on U.S. Cybersecurity Policy |
|
|
Lecture
Slides
Click here to download lecture slides.
Required
Readings
"A Cybersecurity Role
for Uncle Sam?" Brian Krebs, The Washington Post, April
4, 2004.
Description: A very recent overview article on the government's
role in cybersecurity.
"The National
Strategy To Secure Cyberspace: A Sober Cyberassessment,"
Andy Oram. October 12, 2002.
Description: An opinion article generally in support of the National
Strategy.
"Cybersecurity
Plan Lacks Muscle," Lemos and McCullagh. Cnet News.com,
September 19, 2002.
Description: An article generally critical of the National Strategy.
Suggested Readings
"The
National Strategy To Secure Cyberspace," The White House,
February 2003.
Description: The actual National Strategy. We highly
recommend reading at least the 6-page executive summary.
"Federal Cybersecurity:
Get a Backbone," Marcus Ranum. The Internet Security
Conference newsletter..
Description: A rather flaming critique of the plan.
"Defending
the National Strategy to Secure Cyberspace," Seth Ross.
November 18, 2002.
Description: A supportive article that rebuts arguments made by
Ranum (above).
|
|
April 21 |
Enforcing Cybersecurity Guest
Speaker: Mary Rundle, Stanford Law School |
|
|
Required
Readings
"States and Internet
Enforcement" Joel Reidenberg. Ottawa Law and Technology
Journal. 2003.
Description: An overview of enforcement challenges on the Internet.
"United Nations
ponders Net's future," Declan McCullagh. March 26, 2004.
Description: A news clip on the UN's interest in Internet governance. |
|
April 28 |
Shared Risk at the National Scale
Guest Speaker: Dan Geer, Verdasys (see
related CNN.com
news article) |
|
|
Meet in Encina Hall
Central, 2nd Floor Central Conference Room
Lecture
Slides
Click here to download lecture slides.
Required
Readings
"Cyber Insecurity:
The Cost of Monopoly," Dan Geer et al. 2003.
Description: A widely read report about on the potential threat
of monoculture, authored by our guest speaker.
"Warhol
Worms: The Potential for Very Fast Internet Plagues," Nicholas
C Weaver. 2002.
Description: A paper about the potential for hyper-virulent Internet
worms.
"Multiple UNIX compromises
on campus," Stanford ITSS. April 10, 2004.
Description: Report on a recent severe attack on Stanford and other
institutions.
Suggested Readings
"Contagion
on the Internet," Trudy M. Wassenaar and Martin J. Blaser.
March 2002.
Description: A short paper that compares the spread of Internet
worms to that of biological viruses. |
|
May 5 |
Information Warfare and Defense Guest
Speaker: Chris Eagle, Lieutenant Commander, U.S. Navy |
|
|
Required Readings
"CIA Warns
of Chinese Plans for Cyber-Attacks on U.S.," LA Times
(2002)
Description: Article focusing on the potential for China to launch
an Internet attack on the U.S. or its allies.
Bush Orders Guidelines
for Cyber-Warfare." Washington Post (2003)
Description: Article telling of a government directive to explore
rules of engagement for a U.S. cyberattack.
"Protecting out Homeland,"
Defense Science Board (2001)
Description: A report from the Defense Science Board Task Force
on Defensive Information Operations. Required: Executive Summary
(pages 10-16).
Suggested Readings
"Information Operations:
The Hard Reality of Soft Power," Dr. Dan Kuehl, National
Defense University
Description: This text is a handbook used to teach Information
Operations. The entire text is a good reference, with Chapter
1 serving as a solid introduction to the topic.
"Army Confronts
Enemies Within in Cyber War Game," Reuters. April 2004.
"DOD
Kicks Up Cybersecurity Efforts," Slashdot.org. April
2004.
"NSF Scholarship for Service
Awards Announced at Information Security Colloquium,"
National Science Foundation. May 2001.
"Cyber Corps' Failing
Grades," Info Security Magazine, June 2003.
"Information
Assurance Scholarship Program," Department of Defense.
November 14, 2003.
|
|
May 12 |
Crypto: What it Can and Can't Do Guest
Speaker: Dan Boneh, Computer Science |
|
|
Required
Readings
"Why Cryptography
is Harder thank it Looks," Bruce Schneier (1997)
Description: A light, marketing-oriented essay on the importance
of designing security into systems from the ground up, not just
tacking cryptography on as an after thought.
"Landmark Ruling On Encryption."
Wired News (1999)
Description: A short news article from the days of the encryption
export debate, a debate which has greatly influenced the crypto
world over the years.
Suggested Readings
"Data security (invited
chapter)," Matt Franklin. The
Computer Engineering Handbook (2002)
Description: A technical background on crypto concepts.
"Cryptography and Liberty
2000: Overview," EPIC (2000)
Description: An overview of international crypto policy circa 2000.
Describes interesting debates that are very relevant today. |
|
May 19 |
A Problem of Incentives? Guest
Speaker: Kevin Soo Hoo, Sygate |
|
|
Required
Readings
"The Role of Economic Incentives in Securing Cyberspace,"
David Alderson and Kevin Soo Hoo. Submitted to IEEE Security. 2004.
"Why Information Security is Hard - An Economic Perspective,"
Ross Anderson. 2001.
"A Guide to Security Metrics," Shirley C. Payne. SANS
Institute. 2001. |
|
May 26 |
What Do We Want in a Future Information
Infrastructure? Guest Speaker: David Alderson,
CalTech |
|
|
Required
Readings
"DARPA Takes Aim at
Sacred Cows," Joab Jackson. Government Computer News.
"Robustness
and the Internet: Design and Evolution," W. Willinger and J.
C. Doyle. In Robust design: A Repertoire of Biological, Ecological,
and Engineering Case Studies, E. Jen, Editor, Oxford University
Press (to appear).
"EPRI/DoD Complex
Interactive Networks/Systems Initiative: Self-Healing Infrastructures,"
Massoud Amin. Keynote presentation at the 2nd DARPA-JFACC Symp.
on Advances in Enterprise Control, Minneapolis, July 10-11, 2000.
Suggested
Readings
"Critical
Foundations," Presidents Commission on Critical Infrastructure
Protection. Technical report, The White House, 1997.
"Cyber
Security Research & Development Agenda," Institute
for Information Infrastructure Protection. January 2003. |
|
June 3 |
Cybersecurity Legislative Debate |
|
|
Final Assignment: Legislative
Policy Analysis (due in class June 3)
Case Study 1: Corporate Information Security
Accountability Act of 2003 (CISAA)
Text of Legislation
Congressman Adam Putnam. U.S. House of Representatives. 2003.
"Cybersecurity
legislation may go to Congress," Grant Gross. Computer
World. September 2003.
Case Study 2: Internet Service Provider
Security and Accountability Act of 2004 (ISPSAA)
Overview of
Legislation The Honorable Senator Daniel Keith Martin. U.S.
Senate in Exile. 2004. |