Course Information
  Description As the U.S. and the world become increasingly reliant on digital systems and the public Internet, the security and reliability of these complex systems becomes increasingly critical. Ensuring that our digital infrastructure can meet these escalating demands necessitates development of both the right technology and the right public policy. This interdisciplinary course will draw on speakers and research from the fields of engineering, public policy, law and economics in an effort to investigate and determine whether today’s Internet is an appropriate platform on which to operate critical infrastructure services that affect U.S. national security.

There are no technical or policy prerequisites; curiosity and interest are the only requirements. The course is particularly relevant for students interested in independent research or honors thesis work in the area of cybersecurity.
Faculty Sponsor William J. Perry
  Student Leaders Martin Casado, Keith Coleman, Dan Wendlandt
  Contact Email with questions or comments.
  Date & Time Wednesdays, 4:15 - 6:15 PM
  Location Wallenberg Hall, Rm 322 (also known as 160-322) unless otherwise noted for special lectures.
  Course Number Management Science & Engineering 91SI
  Grading and Units 2 Units, P/NC
Enrollment limited to 20 students
(Enrollment will be discussed on the first day of class. It will not be determined by Axess sign-up time, though we certainly do not discourage students from registering online in advance.)
Tentative Schedule
  March 31 Introduction
Overview of the Cybersecurity Challenge
    Lecture Slides
Click here to download lecture slides.
April 7 Technology 101: Background on Networks, the Internet, Hacking and Cyber Attacks

Lecture Slides
Click here to download lecture slides.

Suggested Readings
(Intro) "How Internet Infrastructure Works," Jeff Tyson.
(Intro) "How Does the Internet Work?" Rus Shuler.
(Moderately Technical) "The Strange Tale of the Denial of Service Attacks Against," Steve Gibson.
(Moderately Technical) "Inferring Internet Denial-of-Service Activity," Moore et al. USENIX Security 2001.
(Very Techie) CAIDA Security Analyses
(Very Techie) "Measuring ISP Topologies with Rocketfuel," Spring et al. Sigcomm 2002. (Alternate copy.)

  April 14 Policy 101: Background on U.S. Cybersecurity Policy

Lecture Slides
Click here to download lecture slides.

Required Readings
"A Cybersecurity Role for Uncle Sam?" Brian Krebs, The Washington Post, April 4, 2004.
Description: A very recent overview article on the government's role in cybersecurity.

"The National Strategy To Secure Cyberspace: A Sober Cyberassessment," Andy Oram. October 12, 2002.
Description: An opinion article generally in support of the National Strategy.

"Cybersecurity Plan Lacks Muscle," Lemos and McCullagh. Cnet, September 19, 2002.
Description: An article generally critical of the National Strategy.

Suggested Readings
"The National Strategy To Secure Cyberspace," The White House, February 2003.
Description: The actual National Strategy. We highly recommend reading at least the 6-page executive summary.

"Federal Cybersecurity: Get a Backbone," Marcus Ranum. The Internet Security Conference newsletter..
Description: A rather flaming critique of the plan.

"Defending the National Strategy to Secure Cyberspace," Seth Ross. November 18, 2002.
Description: A supportive article that rebuts arguments made by Ranum (above).

  April 21 Enforcing Cybersecurity
Guest Speaker: Mary Rundle, Stanford Law School
    Required Readings
"States and Internet Enforcement" Joel Reidenberg. Ottawa Law and Technology Journal. 2003.
Description: An overview of enforcement challenges on the Internet.

"United Nations ponders Net's future," Declan McCullagh. March 26, 2004.
Description: A news clip on the UN's interest in Internet governance.
  April 28 Shared Risk at the National Scale
Guest Speaker: Dan Geer, Verdasys (see related news article)
    Meet in Encina Hall Central, 2nd Floor Central Conference Room

Lecture Slides
Click here to download lecture slides.

Required Readings
"Cyber Insecurity: The Cost of Monopoly," Dan Geer et al. 2003.
Description: A widely read report about on the potential threat of monoculture, authored by our guest speaker.

"Warhol Worms: The Potential for Very Fast Internet Plagues," Nicholas C Weaver. 2002.
Description: A paper about the potential for hyper-virulent Internet worms.

"Multiple UNIX compromises on campus," Stanford ITSS. April 10, 2004.
Description: Report on a recent severe attack on Stanford and other institutions.

Suggested Readings
"Contagion on the Internet," Trudy M. Wassenaar and Martin J. Blaser. March 2002.
Description: A short paper that compares the spread of Internet worms to that of biological viruses.
  May 5 Information Warfare and Defense
Guest Speaker: Chris Eagle, Lieutenant Commander, U.S. Navy

Required Readings
"CIA Warns of Chinese Plans for Cyber-Attacks on U.S.," LA Times (2002)
Description: Article focusing on the potential for China to launch an Internet attack on the U.S. or its allies.

Bush Orders Guidelines for Cyber-Warfare." Washington Post (2003)
Description: Article telling of a government directive to explore rules of engagement for a U.S. cyberattack.

"Protecting out Homeland," Defense Science Board (2001)
Description: A report from the Defense Science Board Task Force on Defensive Information Operations. Required: Executive Summary (pages 10-16).

Suggested Readings
"Information Operations: The Hard Reality of Soft Power," Dr. Dan Kuehl, National Defense University
Description: This text is a handbook used to teach Information Operations. The entire text is a good reference, with Chapter 1 serving as a solid introduction to the topic.

"Army Confronts Enemies Within in Cyber War Game," Reuters. April 2004.

"DOD Kicks Up Cybersecurity Efforts," April 2004.

"NSF Scholarship for Service Awards Announced at Information Security Colloquium," National Science Foundation. May 2001.

"Cyber Corps' Failing Grades," Info Security Magazine, June 2003.

"Information Assurance Scholarship Program," Department of Defense. November 14, 2003.

  May 12 Crypto: What it Can and Can't Do
Guest Speaker: Dan Boneh, Computer Science
    Required Readings
"Why Cryptography is Harder thank it Looks," Bruce Schneier (1997)
Description: A light, marketing-oriented essay on the importance of designing security into systems from the ground up, not just tacking cryptography on as an after thought.

"Landmark Ruling On Encryption." Wired News (1999)
Description: A short news article from the days of the encryption export debate, a debate which has greatly influenced the crypto world over the years.

Suggested Readings
"Data security (invited chapter)," Matt Franklin. The Computer Engineering Handbook (2002)
Description: A technical background on crypto concepts.

"Cryptography and Liberty 2000: Overview," EPIC (2000)
Description: An overview of international crypto policy circa 2000. Describes interesting debates that are very relevant today.
  May 19 A Problem of Incentives?
Guest Speaker: Kevin Soo Hoo, Sygate
    Required Readings
"The Role of Economic Incentives in Securing Cyberspace," David Alderson and Kevin Soo Hoo. Submitted to IEEE Security. 2004.

"Why Information Security is Hard - An Economic Perspective," Ross Anderson. 2001.

"A Guide to Security Metrics," Shirley C. Payne. SANS Institute. 2001.
  May 26 What Do We Want in a Future Information Infrastructure?
Guest Speaker: David Alderson, CalTech
    Required Readings
"DARPA Takes Aim at Sacred Cows," Joab Jackson. Government Computer News.

"Robustness and the Internet: Design and Evolution," W. Willinger and J. C. Doyle. In Robust design: A Repertoire of Biological, Ecological, and Engineering Case Studies, E. Jen, Editor, Oxford University Press (to appear).

"EPRI/DoD Complex Interactive Networks/Systems Initiative: Self-Healing Infrastructures," Massoud Amin. Keynote presentation at the 2nd DARPA-JFACC Symp. on Advances in Enterprise Control, Minneapolis, July 10-11, 2000.

Suggested Readings
"Critical Foundations," Presidents Commission on Critical Infrastructure Protection. Technical report, The White House, 1997.

"Cyber Security Research & Development Agenda," Institute for Information Infrastructure Protection. January 2003.
  June 3 Cybersecurity Legislative Debate
    Final Assignment: Legislative Policy Analysis (due in class June 3)

Case Study 1: Corporate Information Security Accountability Act of 2003 (CISAA)
Text of Legislation Congressman Adam Putnam. U.S. House of Representatives. 2003.

"Cybersecurity legislation may go to Congress," Grant Gross. Computer World. September 2003.

Case Study 2: Internet Service Provider Security and Accountability Act of 2004 (ISPSAA)
Overview of Legislation The Honorable Senator Daniel Keith Martin. U.S. Senate in Exile. 2004.