Chapter 2: A Conceptual Overview: Fundamental Characteristics of Cybersecurity | Jack Goldsmith and a Berkman Center Cybersecurity Team | July 27, 2012

H2O

This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.

Chapter 2: A Conceptual Overview: Fundamental Characteristics of Cybersecurity

by Jack Goldsmith and a Berkman Center Cybersecurity Team Show/Hide
Purpose: This chapter is designed to provide an introduction and conceptual overview to fundamental characteristics of Cybersecurity. It begins by providing an overview of a series of case studies that demonstrate different forms of attack and response, and select national security concerns that arise from the cyber domain. The chapter also introduces several analytical frameworks through which case studies can be analyzed (economic, diplomatic etc.) and provides on overview of the concept of Cyber Power.
Concepts Covered: Select Case Studies (Estonia, Ghostnet, Olympic Games, Flame, Economic Theft, Hactivism); Characteristics of the Cyber Problem (The Threat and Skeptics, Cyber-Asymmetries, Difficulties Inherent to Cyber Domain (Attribution, Deterrence, Metrics, Ability to Predict/Control Effects); Blurring of Distinctions (Public/Private, Domestic/International, Attack/Exploitation); Cyber Power (International Relations in Cyberspace, Jurisdiction and Territoriality) EDIT PLAYLIST INFORMATION DELETE PLAYLIST

Edit playlist item notes below to have a mix of public & private notes, or:

MAKE ALL NOTES PUBLIC (3/3 playlist item notes are public) MAKE ALL NOTES PRIVATE (0/3 playlist item notes are private)
      1. 1.1.2 Show/Hide More Ian Traynor, Russia Accused of Unleashing Cyberwar to Disable Estonia, Guardian, May 16, 2007
        Actors in Russia conduct DDoS attacks against Estonia targets following the the Estonians' relocation of the Soviet WWII memorial.
      1. 1.2.2 Show/Hide More John Markoff, Vast Spy System Loots Computers in 103 Countries, NY Times, Mar 28, 2009
        An electronic spying operation, controlled from computers in China, stole documents from hundreds of government and private offices around the world, including those of the Dalai Lama.
      1. 1.3.2 Show/Hide More David E. Sanger, Obama Ordered Sped Up Wave of Cyberattacks Against Iran, NY Times, Jun 1, 2012
        An American program of increasingly sophisticated attacks on the computer systems that ran Iran’s main nuclear enrichment facilities, allegedly responsible for production of the Flame cyber collection platform and the Stuxnet cyber weapon.
      1. 1.4.2 Show/Hide More Ellen Nakashima et al., U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say, Washington Post, Jun 19, 2012
        Flame is malware developed under Olympic Games as a US-Israeli collaboration presumably targeting Iranian nuclear facilities. It is designed to replicate across even highly secure networks, then control everyday computer functions to send data back to its creators.
      1. 1.5.2 Show/Hide More Office of the National Counterintelligence Executive, Foreign Spies Stealing US Economic Secrets in Cyberspace, Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011, October, 2011
        Cyberspace provides relatively small-scale actors an opportunity to become players in economic espionage. Underresourced governments or corporations could build relationships with hackers to develop customized malware or remote-access exploits to steal sensitive US economic or technology information. This report gives special attention to foreign collectors’ exploitation of cyberspace, while not excluding other established tactics and methods used in foreign economic collection and industrial espionage.
      1. 1.6.2 Show/Hide More Part I: Saki Knafo, Anonymous And The War Over The Internet, Huffington Post, Jan 2012.
        This article traces the development of the amorphous online community known as Anonymous, pranksters who have become a force in global affairs.
      2. 1.6.3 Show/Hide More Part II: Saki Knafo, Anonymous And The War Over The Internet, Huffington Post, Jan 2012
        This article traces the development of the amorphous online community known as Anonymous, pranksters who have become a force in global affairs.
      1. 2.1.1 Show/Hide More Richard Clarke and Robert Knake, Cyber War: The next Threat to National Security and What to Do About It, 2010
        Cyber War goes behind the “geek talk” of hackers and computer scientists to explain clearly and convincingly what cyber war is, how cyber weapons work, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals.
      2. 2.1.2 Show/Hide More Jack Goldsmith, The New Vulnerability, The New Republic, Jun 7, 2010
        A review of Richard Clarke’s book, provides some counter-balance to the threat Clarke outlines and the underlying assumption of his book, that US activities are abroad are legitimate, while adversaries are acting illegally.
      3. 2.1.3 Show/Hide More Joel Brenner, America the Vulnerable: Inside the New Matrix of Digital Espionage, Crime, and Warfare, 2011
        This book begins by describing how electronic data has become “ambient”— all electronic activities are aggregated as data, behavior patterns are identified, and the resulting information is used per the needs of whoever has the data. Brenner argues that the most vulnerable part of any network is the user, however particular attention is also given to operational infrastructure systems.
      4. 2.1.6 Show/Hide More Peter Maass and Megha Rajagopalan, Does Cybercrime Really Cost $1Trillion?, Mother Jones, Aug 2, 2012
        Security software companies Symantec and McAfee are touting inflated cybercrime numbers—no doubt good for business.
      5. 2.1.7 Show/Hide More Julie J.C.H. Ryan and Theresa I. Jefferson, The Use, Misuse, and Abuse of Statistics in Information Security Research, Management National Conference, ASEM 2003.
        Survey data on information security trends and concerns are used to justify increased expenditures on security tools and technologies.
      1. 2.2.1 Show/Hide More Jack Goldsmith, The New Vulnerability, The New Republic, Jun 7, 2010
        A review of Richard Clarke’s book, provides some counter-balance to the threat Clarke outlines and the underlying assumption of his book, that US activities are abroad are legitimate, while adversaries are acting illegally.
        1. 2.2.2.1 Show/Hide More Seymour E. Goodman and Herbert S. Lin, Toward a Safer and More Secure Cyberspace, Ch. 6.4: The Economics of Cybersecurity, National Research Council, 2007, pp. 142-165
          This section provides an economic perspective on why cybersecurity is hard and on why (if at all) there is underinvestment in cybersecurity.
        2. 2.2.2.2 Show/Hide More Tyler Moore, Introducing the Economics of Cybersecurity: Principles and Policy Options, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010
          This paper outlines the various economic challenges plaguing cybersecurity: misaligned incentives, information asymmetries, and externalities.
        1. 2.3.1.1 Show/Hide More David Clark and Susan Landau, Untangling Attribution, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010.
          Attribution on the Internet can mean the owner of the machine, the physical location of the machine, or the individual who is actually responsible for the actions. This paper teases apart the attribution problems in order to determine under which circumstances which types of attribution would actually be useful.
        1. 2.3.2.1 Show/Hide More Martin C. Libicki, Cyberdeterrence and Cyberwar: Ch. 3: Why Cyberdeterrence is Different , RAND, 2009
          This chapter discusses cyberdeterrence and explains its profound difference from nuclear deterrence. It argues that because cyberspace is so different a medium, the concepts of deterrence and war may simply lack the logical foundations that they have in the nuclear and conventional realms.
        2. 2.3.2.2 Show/Hide More Kugler, Richard L., Cyberpower and National Security, Ch. 13: Deterrence of Cyber Attacks, eds. Kramer, Starr, and Wentz, 2009
          This chapter rejects the view that the “attribution problem” paralyzes any attempt to develop a cyber deterrence strategy. It focuses on cases in which an adversary will make itself known because a cyber threat is posed to advance a different political goal.
      1. 2.3.3 Show/Hide More 2.2.3.c Metrics
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        In the absence of good cybersecurity metrics, it is largely impossible to quantify cost-benefit trade-offs in implementing security features. Even worse, it is very difficult if not impossible to determine if System A is more secure than System B.
        1. 2.3.3.1 Show/Hide More Seymour E. Goodman and Herbert S. Lin, Toward a Safer and More Secure Cyberspace, Ch. 6.3: Cybersecurity Metrics, National Research Council, 2007, pp. 133-142
          This section reviews various approaches to develop a cybersecurity metrics and concludes by calling for further research in the field.
        1. 2.3.4.1 Show/Hide More Misha Glenny, A Weapon We Can’t Control, NYTimes, Jun 25, 2012
          In this brief op-ed Glenny argues that the decision to deploy Stuxnet marked a dangerous turn in teh militarization of the Internet.
        1. 2.4.1.1 Show/Hide More Business Software Alliance, Center for Democracy & Technology, U.S. Chamber of Commerce, Internet Security Alliance, Tech America, Improving our Nation’s Cybersecurity through the Public-Private Partnership: a White Paper, Mar 8, 2011
          This paper considers public-private partnerships related to the protection of critical infrastructure. It recommends expanding on existing partnerships in the following areas: risk management, incident management, information sharing and privacy, international engagement, supply chain security, innovation and research and development, and education and awareness.
        2. 2.4.1.2 Show/Hide More Paul Rosenzweig, Cyber Security and Public Goods: The Public/Private “Partnership”, Hoover Institution, 2011
          This article reviews the partnership between Google and the NSA. It argues that the national government cannot be exclusively responsible for providing national cybersecurity. By establishing first economic principles it argues that the main domain in which government action is effective and desirable is that of fostering the sharing of cybersecurity information.
      1. 3.1.1 Show/Hide More Joseph Nye, Cyber Power, Belfer Center, Harvard Kennedy School, May 2010
        The characteristics of cyberspace reduce some of the power differentials among actors, and thus provide a good example of the diffusion of power that typifies global politics in this century.
      2. 3.1.2 Show/Hide More The Cyber Hub, Cyber Power Index, Booz Allen Hamilton and the Economist Intelligence Unit
        An interactive representation of the G20 countries’ cyber power. It allows users to adjust the components of the cyber power index, including: Legal and Regulatory Framework, Economic and Social Context, Technology Infrastructure, Industry Application.
      1. 3.2.1 Show/Hide More Chitan Vaishnav, Nazli Choucri and David Clarke, Cyber International Relations as an Integrated System, Third International Engineering Symposium, Jun 2012
        International Relations have been traditionally predicated upon the dominance of the State and the effectiveness of geographical boundaries. The Internet has shattered these assumptions. This paper conceptualizes the hitherto separate domains of Cyberspace and International Relations into an integrated socio-technical system.
      2. 3.2.2 Show/Hide More Hillary Clinton, Remarks on Internet Freedom, U.S. Department of State, Jan 21, 2010
        Secretary of State Hillary Rodham Clinton argued that countries and businesses should fight increasing efforts to restrict access to the Internet by repressive governments.
        In an additional speech February 15, 2011, Clinton addressed China, Iran, and Egypt in particular.
Close

Playlist Information

May 21, 2013

cybersecurity

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

SEARCH
Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large