Cybersecurity Curriculum | Jack Goldsmith and a Berkman Center Cybersecurity Team | August 03, 2012

H2O

  1. 0 Show/Hide More 2.1 Select Case Studies
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    1. 0.1 Show/Hide More 3.1.1 Estonia
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 0.1.1 Estonia Case Study - Berkman Cybersecurity Wiki
      2. 0.1.2 Show/Hide More Ian Traynor, Russia Accused of Unleashing Cyberwar to Disable Estonia, Guardian, May 16, 2007
        Actors in Russia conduct DDoS attacks against Estonia targets following the the Estonians' relocation of the Soviet WWII memorial.
    2. 0.2 Show/Hide More Ghostnet
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 0.2.1 Ghostnet Case Study - Berkman Cybersecurity Wiki
      2. 0.2.2 Show/Hide More John Markoff, Vast Spy System Loots Computers in 103 Countries, NY Times, Mar 28, 2009
        An electronic spying operation, controlled from computers in China, stole documents from hundreds of government and private offices around the world, including those of the Dalai Lama.
    3. 0.3 Show/Hide More Olympic Games
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 0.3.1 Olympic Games Case Study - Berkman Cybersecurity Wiki
      2. 0.3.2 Show/Hide More David E. Sanger, Obama Ordered Sped Up Wave of Cyberattacks Against Iran, NY Times, Jun 1, 2012
        An American program of increasingly sophisticated attacks on the computer systems that ran Iran’s main nuclear enrichment facilities, allegedly responsible for production of the Flame cyber collection platform and the Stuxnet cyber weapon.
    4. 0.4 Show/Hide More Flame
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 0.4.1 Flame Case Study - Berkman Cybersecurity Wiki
      2. 0.4.2 Show/Hide More Ellen Nakashima et al., U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say, Washington Post, Jun 19, 2012
        Flame is malware developed under Olympic Games as a US-Israeli collaboration presumably targeting Iranian nuclear facilities. It is designed to replicate across even highly secure networks, then control everyday computer functions to send data back to its creators.
    5. 0.5 Show/Hide More Economic Theft
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 0.5.1 Economic Theft Case Studies - Berkman Cybersecurity Wiki
      2. 0.5.2 Show/Hide More Office of the National Counterintelligence Executive, Foreign Spies Stealing US Economic Secrets in Cyberspace, Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011, October, 2011
        Cyberspace provides relatively small-scale actors an opportunity to become players in economic espionage. Underresourced governments or corporations could build relationships with hackers to develop customized malware or remote-access exploits to steal sensitive US economic or technology information. This report gives special attention to foreign collectors’ exploitation of cyberspace, while not excluding other established tactics and methods used in foreign economic collection and industrial espionage.
    6. 0.6 Show/Hide More Hacktivism
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 0.6.1 Hacktivism Case Studies - Berkman Cybersecurity Wiki
      2. 0.6.2 Show/Hide More Part I: Saki Knafo, Anonymous And The War Over The Internet, Huffington Post, Jan 2012.
        This article traces the development of the amorphous online community known as Anonymous, pranksters who have become a force in global affairs.
      3. 0.6.3 Show/Hide More Part II: Saki Knafo, Anonymous And The War Over The Internet, Huffington Post, Jan 2012
        This article traces the development of the amorphous online community known as Anonymous, pranksters who have become a force in global affairs.
  2. 1 Show/Hide More Chapter 1: Understanding Networks and Computers
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: This chapter is designed to provide key background information the cyber environment, including the technological infrastructure of cyberspace and the technology involved in transferring information securely. It is divided into three units: the first covers the basic architecture and vulnerability of electronic systems; the second covers the design principles and building blocks of the Internet; the third introduces some vulnerabilities inherent to the cyber environment.
    Concepts Covered: Operating systems, Applications, routers, packets, TCP/IP, DNS, dial-up and WiFi connections, undersea cables, satellites, wireless networks, encryption and authentication, critical infrastructure, cloud computing, man-in-the-middle attacks, and phishing scams.
    1. 1.1 Show/Hide More 1.1 Introduction to Computers and Computer Vulnerabilities
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: Provide a framework through which to examine issues pertaining to securing the electronic environment, such as hardware, software, and the supply chain.
      1. 1.1.1 Show/Hide More 1.1.1 Computer Architecture Overview
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 1.1.1.1 Show/Hide More William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; The Basic Technology of Cyberattack in Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, pp82-91
          A very brief review of today’s IT infrastructure, as well as scale and timing considerations.
        2. 1.1.1.2 John Savage, Computer Architecture, Lecture slides from CSCI 1800: Cybersecurity and International Relations, Feb 1, 2012
      2. 1.1.2 Show/Hide More 1.1.2 Computer Sources of Vulnerability
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 1.1.2.1 Show/Hide More William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions in Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, pp360-367
          This short overview covers vulnerabilities pertaining to hardware, software, seams between the two, communications channels, and configuration.
        2. 1.1.2.2 John Savage, Operating Systems and Applications, Lecture slides form CSCI 1800: Cybersecurity and International Relations, Feb 8, 2012
    2. 1.2 Show/Hide More 1.2 Introduction to Internet Infrastructure
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: Provide an overview of network infrastructure, elements, and architecture philosophy.
      1. 1.2.1 Show/Hide More 1.2.1 Architecture Philosophy
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Many of the current security and vulnerability concerns associated with the Internet are the product of deliberate design philosophy and choices regarding functionality that characterized the early days of the Internet.
        1. 1.2.1.1 Show/Hide More David Clark, The Design Philosophy of the DARPA Internet Protocols, ACM SIGCOMM Computer Communication Review, 1988
          Journal Article, 8pg. This paper captures some of the early reasoning which shaped the Internet protocol suite, TCP/IP, when it was first developed by DARPA.
        2. 1.2.1.2 Show/Hide More Lawrence Lessig, Code 2.0, Ch. 4: Architectures of Control, 2006
          This chapter demonstrates how the architecture of the Internet shapes the way we use it and the possibilities of regulation—code is law. The original design was not concerned with control and pushed complexity to the edges of the network. The trade-off between security, control, privacy, and connectivity is decided, to a certain extent, at the architecture level.
        3. 1.2.1.3 Show/Hide More David G. Post, In Search of Jefferson’s Moose, Ch. 1: Chaos, 2009
          This book provides a conceptual framework through which newcomers can begin investigating the cyber-frontier. Rather than providing a technical understanding of the elements of the network, it poses some critical questions for understanding how cyberspace works and who makes the rules in cyberspace. This set of questions provides a useful framework to keep in mind while diving into the more technical sections.
      2. 1.2.2 Show/Hide More 1.2.2 Elements of the Network (ISPs, Routers, Protocols and packets view)
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        This sub-section provides an overview on the network, the protocols it employs to transfer data, and the various ways computers connect to the Internet. Its purpose is to consider the different domains of cyberspace—systems, applications, and human—and provide an “under-the-hood” understanding of how they interact.
        1. 1.2.2.1 Show/Hide More David Clark, An Insider’s Guide to the Internet, 2004
          An overview of how the Internet works and why it works the way it does. It provides both a technical introduction and covers some of the design principles that guided the Internet’s initial architecture. The conclusion outlines some implications for policy makers resulting from design: different types of service providers cannot always see the parts of the information that is not relevant to them. That is, an ISP cannot always see the higher level information in the packets (for example, it may be encrypted.); the higher-level service provider (a Web server, for example) cannot see the routing information in the routers, and cannot determine what the topology and capacity of the Internet is. This article also includes a glossary with key terms.
        2. 1.2.2.2 Show/Hide More Elihu Zimet and Edward Skoudis, Cyberpower and National Security, Ch. 4: A Graphical Introduction to the Structural Elements of Cyberspace, eds. Kramer, Starr, and Wentz, 2009
          A graphical snapshot of the technological infrastructure, from routers to packets. This chapter provides a more conceptual understanding of the network and the transfer of data.
          Notes:
          Please note, there is a lot of overlap with the first section of Gralla’s <i>How the Internet Works</i>
        3. 1.2.2.3 Show/Hide More Preston Gralla, How the Internet Works, Ch. 1-10, 8th edition, 2007
          A technical, yet accessible illustrated overview of the main building blocks and connection types. The first section, Understanding the Internet’s Underlying Architecture, provides an overview of the Internet, and examines fundamental architectures, protocols, and general concepts. The second section, Connecting to the Internet, looks at the various ways computers can connect to the Internet, and has not been covered by other readings listed in this section. The main takeaway from this introduction is that connecting to the Internet will become increasingly easy—and will occur at increasingly higher speeds.
          Notes:
          For users on the Harvard network: available as an e-textbook through <a href="http://www.google.com/url?q=http%3A%2F%2Fproquest.safaribooksonline.com.ezp-prod1.hul.harvard.edu%2F0789736268%3Fuicode%3Dharvard&amp;sa=D&amp;sntz=1&amp;usg=AFQjCNF1M5MplTOw-aODoX16jxKox7Z8nQ">Hollis</a>.
      3. 1.2.3 Show/Hide More 1.2.3 Communication Channels
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 1.2.3.1 Show/Hide More 1.2.3.a Cables
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          About 99 percent of Internet traffic travels through undersea cables maintained by private providers. Securing and monitoring the cables raises questions regarding private/public cost-burden, territoriality, and international cooperation.
          1. 1.2.3.1.1 Show/Hide More Global Bandwidth Research Service, TeleGeography Submarine Cable Map, 2011
            This interactive map depicts active and planned submarine cable systems and their landing stations. It includes ownership data for each cable listed.
        2. 1.2.3.2 Show/Hide More 1.2.3.b Satellites
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          1. 1.2.3.2.1 Show/Hide More Dave Lee, Sky-high Thinking for African Internet, BBC, Aug 6, 2012
            Satellite-powered broadband could be the answer to Africa's connectivity conundrum.
          2. 1.2.3.2.2 Show/Hide More BBC, Lybia Jamming ‘exposed Vulnerability’, Jan 13, 2006
            An incident involving Libya blocking a dissident radio station late last year highlighted the potentially devastating consequences of relying too much on satellites, a British MP has warned.
        3. 1.2.3.3 Show/Hide More 1.2.3.c Wireless Networks
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          A variety of wireless technologies have been standardized and commercialized, but no single technology is considered the best because of different coverage and bandwidth limitations.
          1. 1.2.3.3.1 Shin, M., Wireless Network Security and Interworking, Proceedings of the IEEE, Vol. 94 (2), Feb 2006. pp455-466
      4. 1.2.4 Show/Hide More 1.2.4 Data Provenance
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 1.2.4.1 Show/Hide More 1.2.4.a Encryption (public and private keys, hash functions)
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          Public key cryptography enables encryption and decryption of data transferred between two parties, the authentication of data’s origin, and indication of data tampering.
          1. 1.2.4.1.1 Show/Hide More Steven Levy, Crypto Ch. 3: Public Key, 2001
            This book traces the history of modern cryptography and how it transferred from being a tool employed by governments to a public service designed and consumed by private actors. Chapter 3 describes how researchers sought to answer the following question: how can you create a system where people who have never met can speak securely? The answer is a one-way authentication system, now popularized as public and private keys.
          2. 1.2.4.1.2 Show/Hide More Introduction to Public-Key Cryptography, Mozilla Developer Network, 2005
            Public-key cryptography and related standards and techniques underlie many commonly used security features, including signed and encrypted email, form signing, object signing, single sign-on, and the Secure Sockets Layer (SSL) protocol. This document introduces the basic concepts of public-key cryptography.
          3. 1.2.4.1.3 Show/Hide More D. Richard Kuhn et al., Introduction to Public Key Technology and the Federal PKI Infrastructure, NIST, 2001
            This detailed report provides an overview of Public Key Infrastructures functions and their potential applications as authentication technologies within federal agencies.
        2. 1.2.4.2 Show/Hide More 1.2.4.b SSL Certificates
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          Many of the online authentication mechanisms that enable transactions rely on faith in the Secure Sockets Layer protocol and Certificate Authorities. Growing evidence suggests that this mechanism is highly vulnerable, and there has been much discussion surrounding alternatives.
          1. 1.2.4.2.1 Show/Hide More Introduction to SSL, Mozilla Developer Network, 2005
            The Secure Sockets Layer (SSL) protocol has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. This article introduces key concepts and also touches upon potential threats such as Man-in-the-Middle Attacks.
          2. 1.2.4.2.2 Show/Hide More 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity
            Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
            Marlinspike has released several follow-up materials which are useful for an updated view of the ongoing debate.
            1. 1.2.4.2.2.1 Show/Hide More Moxie Marlinspike, BlackHat USA 2011: SSL and the Future of Authenticity, 2011
              A talk given as a follow-up to the blog post above, recommended viewing: 0:00-23:34.
            2. 1.2.4.2.2.2 Show/Hide More Moxie Marlinspike, New Tricks For Defeating SSL In Practice, BlackHat DC, 2009
              Slides demonstrating some uncovered weaknesses of SSL.
            3. 1.2.4.2.2.3 Show/Hide More Moxie Marlinspike, SSL and the Future of Authenticity, Thoughtcrime Blog, 2011
              This brief blog post defines the core issues with the Certificate Authorities mechanism SSL relies on, primarily via the missing quality of trust agility; it also critically examines suggested alternatives such as DNSSEC.
          3. 1.2.4.2.3 Show/Hide More Gregg Keizer, Hackers Stole Google SSL Certificate, Dutch Firm Admits, Computerworld, Aug 30, 2011
            This article demonstrates some of the potential issues with exploiting SSL weaknesses.
    3. 1.3 Show/Hide More 1.3 Sources of Network Vulnerability
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: This unit provides an overview of points of vulnerability, exploring how different aspects of the cyber environment are particularly exposed to attack, and how vulnerability may be defined.
      1. 1.3.1 Show/Hide More 1.3.1 Overview
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 1.3.1.1 Show/Hide More Martin C. Libicki, Cyberdeterrence and Cyberwar: Ch. 2: A Conceptual Framework, RAND, 2009
          This chapter outlines three layers of cyberspace: physical, syntactic, and semantic, through which to consider vulnerabilities in cyberspace. It briefly addresses external and internal threats, paying particular attention to the problem of insiders and supply chain concerns.
      2. 1.3.2 Show/Hide More 1.3.2 Critical Infrastructure
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The reliance on critical infrastructure, such as the power grid, electronic information systems, and the increased interoperability of these systems makes them more susceptible to cyber threats.
        1. 1.3.2.1 Show/Hide More William D. O’Neil, Cyberpower and National Security Ch. 5: Cyberspace and Infrastructure, eds. Kramer, Starr, and Wentz, 2009
          This chapter addresses the issue of cyber attacks to electric infrastructure and any form of attack to cyber infrastructure. It provides a brief historical review of infrastructure attacks as well as an outline of threats and possible responses.
      3. 1.3.3 Show/Hide More 1.3.3 DNS and Man-in-the-Middle Attacks
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The DNS translates domain names into IP addresses. There is a whole family of vulnerabilities in which the DNS on one’s computer can be fooled in accepting different IP addresses for a given domain, allowing adversaries to extract information under the pretence of a trusted site. Such vulnerabilities including cache poisoning, packet sniffing, and session hijacking. In a similar fashion, Man-in-the-Middle attacks can cause users to disclose sensitive information without being aware of a third-party’s involvement in the transfer of data.
        1. 1.3.3.1 Show/Hide More Bruce Schneier, Lessons from the DNS Bug: Patching Isn’t Enough, Wired, Jul 23, 2008
          This article discusses a DNS bug discovered in 2008 and argues that designing systems with a security mindset would account for vulnerabilities before they surface, rather than the retroactive engineering of patches.
        2. 1.3.3.2 Show/Hide More Callegati, F., Man-in-the-Middle Attack to the HTTPS Protocol, Security & Privacy, IEEE, 2009
          The man-in-the-middle attack exploits the fact that the HTTPS server (a protocol which guarantees privacy and security in transactions) sends a certificate with its public key to the Web browser. If this certificate isn’t trustworthy, the entire communication path is vulnerable. This article demonstrates how attackers can successfully intercept the data transfer and corrupt the safety of the communication.
        3. 1.3.3.3 Show/Hide More Seth Schoen, The Message of Firesheep:”Baaaad Websites, Implement Sitewide HTTPS Now!”, EFF, Oct 29, 2010
          Firesheep, a software taking advantage of packet sniffing and cookie stealing to hijack sessions on websites such as Facebook and Paypal while using the same network as the victim’s, has caused much discussion regarding the need to implement HTTPS universally across session-based platforms.
      4. 1.3.4 Show/Hide More 1.3.4 Could Computing
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        In recent years, many computer and Internet functions have moved from users’ computers to remote servers that make up a “cloud” of data and processing power. The increasing prevalence of cloud-based services, including a federal policy to transition to the cloud, raises several concerns regarding data.
        1. 1.3.4.1 Show/Hide More Chris Clayton, Standard Cloud Taxonomies and Windows Azure, MSDN, 2011
          Cloud solutions come in three main taxonomies: infrastructure as service, platform as service, and software as service. This article reviews the strengths and weaknesses of each taxonomy, demonstrating the trade-off between control, agility, and cost-efficiency.
        2. 1.3.4.2 Show/Hide More Harvard Law National Security Research Group, Cloud Computing and National Security Law, 2010
          This report presents a definition of cloud computing, examining both its benefits and drawbacks. Second, it examines legal challenges posed by cloud computing, with particular attention to implications of cloud computing for U.S. law enforcement and national security agencies. Third, it outlines several recommendations for legislative responses to this new technology.
      5. 1.3.5 Show/Hide More 1.3.5 User-based Vulnerabilities
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Some vulnerabilities do not rely on specific technical hacks, but simply on the susceptibility of individual users.
        1. 1.3.5.1 Show/Hide More 1.3.5.a Phishing
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          Phishing is the process of enticing people into visiting fraudulent websites and persuading them to enter identity information such as usernames, passwords, addresses, social security numbers, personal identification numbers and anything else that can be made to appear to be plausible.
          1. 1.3.5.1.1 Show/Hide More David Goldman, Massive Gmail Phishing Attack Hits Top U.S. Officials, CNN Money, Jun 1, 2011
            In the summer of 2011, a major phishing scam originating from China targeted hundreds of personal Gmail accounts, including government officials.
          2. 1.3.5.1.2 Show/Hide More Tyler Moore and Richard Clayton, Examining the Impact of Website Take-down on Phishing, APWG eCrime Researchers Summit, 2007
            This article examines take-down times of phishing websites and estimates the cost of a phishing scam in face of the defenders’ efforts to eliminate the attack. It outlines a model of the mechanics of a phishing attack, concluding that by the time phishing sites are removed, damage has already been done: many responses have been received and the attackers are moving on to new sites.
        2. 1.3.5.2 Show/Hide More 1.3.5.b Insiders
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          A rogue employee presents risks similar to those of a feckless user in the periphery of an open system, as computer systems are now designed in a distributed way that would not allow an individual to cause much damage without being traced.
          1. 1.3.5.2.1 Show/Hide More US Secret Service, Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, CERT, 2004
            This report examines the threat posed by insiders, that is, individuals who were, or previously had been, authorized to use the information systems they eventually employed to perpetrate harm, with a primary focus on the banking and finance sector. This piece explores the risk from a behavioral and technological perspective.
      6. 1.3.6 Show/Hide More 1.3.6 Communication Channels
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 1.3.6.1 Show/Hide More 1.3.6.a Cables
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          1. 1.3.6.1.1 Show/Hide More Michael Sechrist, Cyberspace in Deep Water, Harvard Kennedy School, 2010
            This policy analysis argues for a public-private partnership in establishing industry best practices for the protection of undersea cables. It provides a light technical overview of how cables work and their significance as part of the ICT infrastructure.
  3. 2 Show/Hide More Chapter 2: Fundamental Issues
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    This chapter introduces some basic issues and ideas that will be relevant for the entire course. We begin in 2.1 with fundamental concepts, including the important distinction between cyber-attack and cyber-exploitation, characteristics of cyber-operations, why offense beats defense in cybersecurity, and the attribution problem. Then Section 2.2 offers various perspectives on the seriousness of the cyber threat. Finally, Section 2.3 explores the idea of cyber power.
    1. 2.1 Show/Hide More 2.1 Fundamental Concepts
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 2.1.1 Show/Hide More 2.1.1 Cyber-Attack v. Cyber-Exploitation
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Cyber-Attack v. Cyber-Exploitation. This is a fundamental distinction throughout cybersecurity that has important legal, policy, and jurisdictional implications. A cyber-attack is an act that disrupts, denies, degrades, or destroys information on a computer network or related system. Examples include the manipulation or destruction of data or code on a computer system to control or shut down an electricity grid, or to disrupt military communications, or to render banking data unreliable. A cyber-exploitation is the act of monitoring and related espionage on computer systems, as well as the copying (and thus theft) of data on these systems. In contrast to a cyber-attack, cyber-exploitation does not seek to affect the normal functioning of the computer or network from the perspective of the user. Examples of cyber-exploitation include stolen military secrets, intellectual property, and credit card numbers.
        1. 2.1.1.1 William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; The Basic Technology of Cyberattack in Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, pp.9-12,32.
      2. 2.1.2 Show/Hide More 2.1.2 Characteristics of Cyber-Operations (attack and exploitation)
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        All cyber-operations – both attacks, and exploitations – requires three things: a vulnerability, access to the vulnerability, and a payload.
        1. 2.1.2.1 William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, Chapte 2 Technical and Operational Considerations in Cyberattack and Cyberexploitation, pp.79-158
      3. 2.1.3 Show/Hide More 2.1.3 Why Offense Beats Defense
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The very basic reason why computer systems are vulnerable is that offense (both cyber-attack and cyber-exploitation) beats defense.
        1. 2.1.3.1 Ross Anderson, Why Information Security is Hard -- An Economic Perspective, 17th Annual Computer Security Applications Conference (ACSAC'01), IEEE Computer Society, December, 2001. Section 4: Information Warfare - Offense and Defense
      4. 2.1.4 Show/Hide More 2.1.4 Economics and Metrics
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Many cybersecurity problems are at bottom problems about misaligned incentives.
        1. 2.1.4.1 Ross Anderson, Why Information Security is Hard -- An Economic Perspective, 17th Annual Computer Security Applications Conference (ACSAC'01), IEEE Computer Society, December, 2001
        2. 2.1.4.2 Tyler Moore and Ross Anderson. "Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research." Harvard Computer Science Technical Report TR-03-11
        3. 2.1.4.3 Show/Hide More Seymour E. Goodman and Herbert S. Lin, Toward a Safer and More Secure Cyberspace, Ch. 6.4: The Economics of Cybersecurity, National Research Council, 2007, pp. 133-42
          This section provides an economic perspective on why cybersecurity is hard and on why (if at all) there is underinvestment in cybersecurity.
      5. 2.1.5 Show/Hide More 2.1.5 Attribution
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        A fundamental difficulty with regulating cybersecurity is the “attribution problem” of identifying the author of a cyber attack or cyber exploitation.
        1. 2.1.5.1 Show/Hide More David Clark and Susan Landau, Untangling Attribution, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010
          Attribution on the Internet can mean the owner of the machine, the physical location of the machine, or the individual who is actually responsible for the actions. This paper teases apart the attribution problems in order to determine under which circumstances which types of attribution would actually be useful.
    2. 2.2 Show/Hide More 2.2 Seriousness of the Threat
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      There is no doubt that cybersecurity is a serious problem due to the widespread dependency on computer and computer systems, and their extraordinary vulnerability. But how much of a problem? This is a difficult issue to analyze because (as we learned in 2.1) metrics are hard to come by in the cybersecurity realm, and because many actors have incentives to exaggerate the threat.
      1. 2.2.1 Show/Hide More Richard Clarke and Robert Knake, Cyber War: The next Threat to National Security and What to Do About It, 2010
        Cyber War goes behind the “geek talk” of hackers and computer scientists to explain clearly and convincingly what cyber war is, how cyber weapons work, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals.
      2. 2.2.2 Show/Hide More Joel Brenner, America the Vulnerable: Inside the New Matrix of Digital Espionage, Crime, and Warfare, 2011
        This book begins by describing how electronic data has become “ambient”— all electronic activities are aggregated as data, behavior patterns are identified, and the resulting information is used per the needs of whoever has the data. Brenner argues that the most vulnerable part of any network is the user, however particular attention is also given to operational infrastructure systems.
      3. 2.2.3 Thomas Rid, Cyber War Will Not Take Place. The Journal of Strategic Studies Vol. 35, No. 1, 5–32, February 2012
      4. 2.2.4 Evgeny Morozov, Cyber-Scare: The Exaggerated Fears Over Digital Warfare, Boston Review, July/August 2009
    3. 2.3 Show/Hide More 2.3 Cyber Power
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 2.3.1 Show/Hide More Joseph Nye, Cyber Power, Belfer Center, Harvard Kennedy School, May 2010
        The characteristics of cyberspace reduce some of the power differentials among actors, and thus provide a good example of the diffusion of power that typifies global politics in this century.
      2. 2.3.2 Show/Hide More The Cyber Hub, Cyber Power Index, Booz Allen Hamilton and the Economist Intelligence Unit
        An interactive representation of the G20 countries’ cyber power. It allows users to adjust the components of the cyber power index, including: Legal and Regulatory Framework, Economic and Social Context, Technology Infrastructure, Industry Application.
  4. 3 Show/Hide More Chapter 3: Governance Overview: Main Governing and Regulatory Mechanisms
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: This chapter is designed to provide an overview of the main governing and regulatory mechanisms, both internationally and domestically, that cover cybersecurity considerations. Readings on select bodies in each domain are also presented. It is divided into three units: in addition to an introduction to Internet Governance Frameworks, the first unit provides an overview of the relevant international cybersecurity bodies, both public and private. The second presents domestic bodies and units. The final unit provides an introduction to some law-enforcement frameworks as they have been applied to the digital domain are presented.
    Concepts Covered: Globally-Relevant Bodies and Treaties (ICANN, IETF, ITU, Convention on Cybercrime (Council of Europe), Organization of American States (OAS), Shanghai Cooperation Organization); Relevant Domestic Organizations, Policies, and Strategies (White House (WH), Congress, The Department of Defense (DoD) (CYBERCOM, National Security Agency), the Department of Homeland Security (DHS), FBI, NIST, and the FCC; Law-enforcement frameworks (Jurisdiction and Territoriality in Cyberspace, Anonymity and Attribution, Application of the Laws of War, Issues with digital law enforcement (wiretapping and VoIP, digital search and seizure, private sector cooperation w/ law enforcement))
    1. 3.1 Show/Hide More 3.1 Overview of Relevant International Cybersecurity Bodies and Mechanisms (public and private)
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: To provide the reader an understanding of the theory behind Internet governance and the multi-stakeholder nature of the Internet. It will also outlines a number of globally relevant bodies and treaties, including ICANN, IETF, ITU, SCO, and the COE Convention on Cybercrime.
      1. 3.1.1 Show/Hide More 3.1.1 Introduction to Internet Governance Frameworks
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Presents an overarching framework for Internet governance and discusses the difficulties that arise with coordinating regulation across the globe in a rapidly changing cyber-environment.
        1. 3.1.1.1 Show/Hide More Lawrence B. Solum, Models of Internet Governance, Illinois Public Law Research Paper No. 07-25, U Illinois Law & Economics Research Paper No. LE08-027, September 3, 2008
          This article takes a broad view of Internet governance, presenting three central ideas regarding Internet governance and five different models to Internet governance.
        2. 3.1.1.2 Show/Hide More Robert Knake, Internet Governance in an Age of Cyber Insecurity, Council on Foreign Relations, September 2010
          This article examines the technological decisions enabling the Internet’s success and vulnerabilities, then outlines an agenda that the United States can pursue with allies on the international stage
        3. 3.1.1.3 Show/Hide More Jeremy Ferwerda, Nazli Choucri, and Stuart Madnick, Institutional Foundations for Cyber Security: Current Responses and New Challenges, Working Paper CISL# 2011-05, May 2011
          This article examines the institutions responsible for addressing the security of cyberspace and international relations in the cyber-domain. It highlights emerging challenges while evaluating the strengths and weaknesses of the current institutional framework.
        4. 3.1.1.4 Show/Hide More Jack Goldsmith, Cybersecurity Treaties: A Skeptical View, Future Challenges in National Security and Law, February 2011
          This article explains why international cooperation is considered central to the cybersecurity problem and examines three major hurdles to a global cybersecurity treaty. It then considers the feasibility of narrower and softer forms of cooperation.
        5. 3.1.1.5 Show/Hide More Abraham D. Sofaer, David Clark, and Whitfield Diffie, Cyber Security and International Agreements, Proceedings of a Workshop on Deterring Cyberattacks, pp. 179-206, 2010
          This piece discusses how the threats to cybersecurity are currently being approached at the private, national, and international level, then demonstrates the potential for increased international cooperation. It also covers how to fashion effective international initiatives and the difficulties in such negotiations.
      2. 3.1.2 Show/Hide More 3.1.2 Select Globally-Relevant Bodies and Treaties
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Provides an understanding of the major bodies and treaties that impact cybersecurity on a global-level, to include ICANN, ITU, SCO, and various international treaties.
        1. 3.1.2.1 Show/Hide More Internet Corporation for Assigned Names and Numbers (ICANN)
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          Provides an understanding of the major bodies and treaties that impact cybersecurity on a global-level, to include ICANN, ITU, SCO, and various international treaties.
          1. 3.1.2.1.1 Show/Hide More International Corporation for Assigned Names and Numbers, Memorandum of Understanding, November 1998
            This MOU between the Department of Commerce (DOC) and ICANN sets out that ICANN will provide expertise and advice regarding DNS, such as the allocation of IP number blocks and coordination of the assignment of other technical parameters to maintain internet connectivity.
          2. 3.1.2.1.2 Show/Hide More International Corporation for Assigned Names and Numbers, Affirmation of Commitments, September 2009
            This document affirms commitments by the DOC and ICANN, including: (a) the global technical coordination of the DNS is accountable, transparent, and in the public interest; (b) the security, stability and resiliency of the DNS is preserved; © competition, trust, and choice in the DNS marketplace continues; and (d) international participation in DNS coordination is facilitated.
          3. 3.1.2.1.3 Show/Hide More Jose MA. Emmanuel A. Caral, "Lessons from ICANN: Is self-regulation of the Internet fundamentally flawed?", International Journal of Law and Information Technology, vol. 12, no. 1, pp. 1-31. 2004
            The paper discusses the overall benefits and negatives of self-regulation, using ICANN as the center of the discussion and comparing it to the IETF and W3C.
        2. 3.1.2.2 Show/Hide More The Internet Engineering Task Force (IETF)
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The Internet Engineering Task Force is a loosely coordinated and self-organized body that contributes to the engineering and evolution of Internet technologies. It is the principal body engaged in the development of new Internet standard specifications.
          1. 3.1.2.2.1 Show/Hide More The Internet Engineering Task Force, The Tao of IETF: A Novice's Guide to the Internet Engineering Task Force, 15 October, 2011
            This document describes the inner workings of IETF meetings and Working Groups, discusses organizations related to the IETF, and introduces the standards process. It is not a formal IETF process document but instead an informational overview.
        3. 3.1.2.3 Show/Hide More Shanghai Cooperation Organization
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The Shanghai Cooperation Organisation (SCO) is a permanent intergovernmental international organization created on 15 June 2001 in Shanghai (China) by the Republic of Kazakhstan, the People’s Republic of China, the Kyrgyz Republic, the Russian Federation, the Republic of Tajikistan and the Republic of Uzbekistan.
          1. 3.1.2.3.1 Show/Hide More Yekaterinburg Declaration of June 16, 2009
            The Yekaterinburg Declaration calls for leaders to build a more just world order, to cement international stability and economic development. Regarding cyber security, the SCO member states stress the significance of the issue of ensuring international information security as one of the key elements of the common system of international security.
        4. 3.1.2.4 Show/Hide More International Telecommunication Union (ITU)
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          An agency of the United Nations focused on telecommunication networks and radio frequency allocations. In recent years, a number of UN members have sought to provide the ITU more regulatory power of the Internet, an ongoing, and contentious debate.
          1. 3.1.2.4.1 Show/Hide More Jeremy Ferwerda, Nazli Choucri, and Stuart Madnick, Institutional Foundations for Cyber Security: Current Responses and New Challenges, Working Paper CISL# 2011-05, May 2011
            This article examines the institutions responsible for addressing the security of cyberspace and international relations in the cyber-domain. It highlights emerging challenges while evaluating the strengths and weaknesses of the current institutional framework.
          2. 3.1.2.4.2 Show/Hide More International Telecommunication Union, ITU’s Global Cybersecurity Agenda
            This site provides ITU’s framework for international cooperation aimed to enhance confidence and security in the cyber domain.
          3. 3.1.2.4.3 Show/Hide More Mcdowell, Robert M., The U.N. Threat to Internet Freedom, The Wall Street Journal, February 21, 2012
            This article provides a critical reaction to the treaty talks focused on potentially giving the United Nations unprecedented powers over the Internet through the International Telecommunication Union.
          4. 3.1.2.4.4 Show/Hide More Maclean, Don. “Sovereign Right and Dynamics of Power in the ITU: Lessons in the Quest for Inclusive Global Governance” in Drake, William J and Ernest J. Wilson III, eds. Governing Global Electronic Networks. Cambridge: The MIT Press. pp. 84-126, 2008
            This book offers the reader perspectives on the governance of global information and communication networks and uncovers the politics that lie beneath global rules and regulations that may seem at first glance to be mainly technical. It shows how the ITU is beset by new challenges from changing technologies and business models, as well as suggesting reforms.
        5. 3.1.2.5 Show/Hide More Council of Europe Convention on Cybercrime
          This Convention was the first international treaty on cybercrime, and deals particularly with copyright, computer fraud, child pornography and network security. Its main objective is to pursue a criminal policy aimed to protect society against cybercrime by adopting appropriate legislation and fostering international cooperation.
        6. 3.1.2.6 Show/Hide More Organization of American States
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The OAS brings together all 35 independent states of the Americas and constitutes a political, juridical, and social governmental forum of the entire Hemisphere. In addition, it has granted permanent observer status to 67 states, as well as to the European Union (EU).
          1. 3.1.2.6.1 Show/Hide More A Comprehensive Inter-American Cybersecurity Strategy
            The OAS Cybersecurity Strategy recognizes that protecting networks and information systems is dependent upon: giving operators information to help them secure their networks and respond to incidents; fostering public-private partnerships to increase education of the private sector to secure their infrastructures; stimulating the adoption of standards and practices for information security; and fostering the adoption of cyber-crime policies and legislation to protect users and prevent and deter criminal misuse of computer networks, while respecting users’ privacy. On June 10, 2003, the OAS General Assembly passed Resolution: AG/RES. 1939 (XXXIII-O/03), on the Development of an Inter-American Strategy to Combat Threats to Cybersecurity.
    2. 3.2 Show/Hide More 3.2 Introduction to Domestic Governing and Regulatory Bodies
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: To provide an overview of U.S. regulatory bodies that influence and shape the cyber-domain both domestically and throughout the world.
      1. 3.2.1 Show/Hide More 3.2.1 Overview
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Provide an understanding of the overall structure of the U.S. response to the cybersecurity issues.
        1. 3.2.1.1 Show/Hide More Lawrence B. Solum, Models of Internet Governance, Illinois Public Law Research Paper No. 07-25, U Illinois Law & Economics Research Paper No. LE08-027, September 3, 2008
          This article takes a broad view of Internet governance, presenting three central ideas regarding Internet governance and five different models to Internet governance.
        2. 3.2.1.2 Show/Hide More Jeremy Ferwerda, Nazli Choucri, and Stuart Madnick, Institutional Foundations for Cyber Security: Current Responses and New Challenges, Working Paper CISL# 2011-05, May 2011
          This article examines the institutions responsible for addressing the security of cyberspace and international relations in the cyber-domain. It highlights emerging challenges while evaluating the strengths and weaknesses of the current institutional framework.
        3. 3.2.1.3 Show/Hide More Paul Rosenzweig, The Organization of the United States Government and Private Sector for Achieving Cyber Deterrence, Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, pp. 245-270, 2010
          This discusses the general taxonomy of deterrence structures and U.S. efforts to develop organizations to provide capabilities amongst the different aspects of deterrence. It also discusses difficulties in cyberspace that give rise to the organizational challenges and provides recommendation for the U.S. government on how to approach these issues in the future.
        4. 3.2.1.4 Show/Hide More Abraham D. Sofaer, David Clark, and Whitfield Diffie, Cyber Security and International Agreements, Proceedings of a Workshop on Deterring Cyberattacks, pp. 179-206, 2010
          This piece discusses how the threats to cybersecurity are currently being approached at the private, national, and international level, then demonstrates the potential for increased international cooperation. It also covers how to fashion effective international initiatives and the difficulties in such negotiations.
      2. 3.2.2 Show/Hide More 3.2.2 Relevant Domestic Organizations, Policies, and Strategies
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Provides an introduction and broad overview of the major organizations, policies, and strategies involved in domestic cybersecurity policy-making and approaches, including: The White House (WH), Congress, The Department of Defense (including CYBERCOM and National Security Agency), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI).
        1. 3.2.2.1 Show/Hide More The White House
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The White House’s interest and involvement in cybersecurity has grown and evolved since President Clinton issued Presidential Decision Directive 63 (PDD-63) in 1998.
          1. 3.2.2.1.1 Show/Hide More The White House, International Strategy for Cyberspace, May 2011
            This document outlines how the United States will work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure to support international trade and commerce, strengthen international security, and foster free expression and innovation.
          2. 3.2.2.1.2 Show/Hide More Eric Chabrow, The Cybersecurity Czar Who Wasn't, GovInfo Security, 2 June 2012
            This piece provides a retrospective on the tenure of Howard Schmidt (White House's first cybersecurity coordinator). It also provides insight into the cybersecurity coordinator’s role in the administration, as well as challenges inherent to the position.
        2. 3.2.2.2 Show/Hide More Department of Defense
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The DoD encompasses much of the U.S. government’s technical expertise to both respond to cyber-incidents, as well as conduct and defend against cyberattacks; it includes both the NSA and CYBERCOM.
          1. 3.2.2.2.1 Show/Hide More Department of Defense, Strategy for Operating in Cyberspace, July 2011
            This is an overview of the DOD’s five strategic initiatives regarding cyberspace: to treat cyberspace as an operational domain; to employ new defense operating concepts; to partner to enable a whole-of-government cybersecurity strategy; to build robust relationships allies and international partners; and to leverage ingenuity through an exceptional cyber workforce.
          2. 3.2.2.2.2 Show/Hide More Department of Defense Cyberspace Policy Report, November 2011
            This document identifies five distinct, but interrelated strategic initiatives to support DoD’s cyberspace operations and its national security mission: Treating cyberspace as an operational domain; employing new defense operating concepts to protect DoD networks and systems; partnering closely with other U.S. Government departments and agencies and the private sector; building robust relationships with U.S. Allies and international partners to enable information sharing; leveraging the Nation’s ingenuity by recruiting and retaining an exceptional cyber workforce and enabling rapid technological innovation.
          3. 3.2.2.2.3 Show/Hide More The Secretary of Defense, Establishment of a Subordinate Unified U.S. Cyber Command Under U.S. Strategic Command for Military Cyberspace Operations, 23 June 2009
            This document from the Secretary of Defense directed the Commander of U.S. Strategic Command to establish the subordinate unified command, U.S. Cyber Command.
          4. 3.2.2.2.4 Show/Hide More Statement of General Keith B. Alexander, Commander, United States Cyber Command, before the House Committee on Armed Services, 23 September 2010
            This testimony describes what is happening at US Cyber Command by providing an overview of the current status of the command and by describing the plan for moving forward in accomplishing the assigned mission.
          5. 3.2.2.2.5 Show/Hide More William A. Owens, Kenneth W. Dam, and Herbert S. Lin, editors, Committee on Offensive Information Warfare, National Research Council; Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities; Pages 161-187, 2009
            This document discusses cyberattacks in the context of U.S. military doctrine, the DoD’s organization, rules of engagement, operational planning, human capital, and weapons systems acquisition. It also provides both historical perspective (1999 and on) and hypothetical examples to support its arguments.
        3. 3.2.2.3 Show/Hide More Department of Homeland Security
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The DHS is responsible for responding to domestic cybersecurity incidents and has made cybersecurity one of its five most important mission areas. Most versions of cybersecurity reform envision greatly expanding DHS’s cyber responsibilities.
          1. 3.2.2.3.1 Show/Hide More National Cyber Incident Response Plan, Interim Version, September 2010
            This document delineates the responsibilities among U.S. agencies in the event of a domestic cyber-incident. It demonstrates the number of agencies involved and the detailed interplay between them.
          2. 3.2.2.3.2 Show/Hide More Homeland Security Presidential Directive 5 , 28 February 2003
            This directive establishes the DHS as the lead agency to respond to domestic incidents, including acts of terrorism and disasters.
          3. 3.2.2.3.3 Show/Hide More Blueprint for a Secure Cyber Future, DHS, “How We Will Protect Critical Information Infrastructure” and “How We Will Strengthen the Cyber Ecosystem”2, December 2011
            This document provides a path to create a safer, more resilient cyber environment, and describes two areas for action: protecting critical information infrastructure and building a stronger cyber ecosystem. The goals for protecting critical information infrastructure are reducing exposure to cyber risk, ensuring priority response and recovery, maintaining shared situational awareness, and increasing cyber-resilience. The goals for strengthening the cyber ecosystem are empowering users to operate securely, implementing trustworthy protocols, building collaborative communities, and establishing transparent processes.
          4. 3.2.2.3.4 Show/Hide More Memorandum of Understanding Between the Department of Homeland Security and the National Security Administration Regarding Cyberspace, October 2010
            This MoU sets forth terms for the sharing of resources between DHS and NSA to support the U.S. Cybersecurity effort, including the co-locating of both NSA and CYBERCOM units within DHS’s National Cybersecurity and Communications Integration Center.
        4. 3.2.2.4 Show/Hide More Federal Bureau of Investigation
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The FBI maintains cyber squads at its field offices and leads the National Cyber Investigative Joint Task Force (NCIJTF), an interagency focal point for such cyber threat investigations and analysis.
          1. 3.2.2.4.1 Show/Hide More The Federal Bureau of Investigation's Ability to Address the National Security Cyber Intrusion Threat, U.S. Department of Justice, Office of the Inspector General, Audit Division., April 2011
            This report provides an review of the FBI’s cyber capabilities, to include the National Cyber Investigative Joint Task Force (NCIJTF), field office cyber squads, and cyber training policies.
        5. 3.2.2.5 Show/Hide More National Institute of Standards and Technology
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          NIST is a non-regulatory federal agency within the Department of Commerce and promotes innovation and industrial competitiveness by advancing measurement science, standards, and technology. The NIST Laboratories conduct research in collaboration with industry to advances the nation's technology infrastructure.
          1. 3.2.2.5.1 Show/Hide More NIST Computer Security Division
            One of six divisions in the NIST Information Technology Lab, CSD’s mission is to provide standards and technology to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology (IT) systems.
          2. 3.2.2.5.2 Show/Hide More NIST Establishes National Cybersecurity Center of Excellence, 21 February 2012
            On 21 February 2012, NIST announced a new partnership to establish the National Cybersecurity Center of Excellence, a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies.
        6. 3.2.2.6 Show/Hide More Federal Communications Commission
          Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
          The FCC regulates interstate and international communications by radio, television, wire, satellite and cable in all 50 states, the District of Columbia and U.S. territories.
          1. 3.2.2.6.1 Show/Hide More Communications Security, Reliability and Interoperability Council (CSRIC) III
            The CSRIC’s mission is to provide recommendations to the FCC to ensure, among other things, optimal security and reliability of communications systems, including telecommunications, media, and public safety.
    3. 3.3 Show/Hide More 3.3 Introduction to Law-Enforcement Frameworks as Applied to the Digital Domain
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: To orient the reader to the law-enforcement frameworks that apply in the digital domain, and the inherent difficulties with enforcing rules in cyberspace.
      1. 3.3.1 Show/Hide More Application of the Laws of War
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        With the revolutionary nature of the cyber-domain for international conflict, the current laws of war must be carefully considered to determine if they are sufficient to dictate proper conduct during cyberwars.
        1. 3.3.1.1 Show/Hide More Oona A. Hathaway, et al., The Law Of Cyber-Attack, forthcoming in the California Law Review, 2012
          This article examines how existing law may be applied, adapted, and amended to meet the challenges posed by cyber-attacks. It demonstrates how cyber-attacks relate to existing bodies of law and explains how existing law is deficient but can be improved.
        2. 3.3.1.2 Show/Hide More Maj. Gen. Charles C. Dunlap, Jr., Perspectives for Cyber Strategists on Law for Cyberwar, Strategic Studies Quarterly, Spring 2011.
          Against the argument that existing law in inadequate or lacking entirely within the cybersecurity context, this piece argues that the application of the basic tenets of the existing Law of Armed Conflict (LoAC) to cyber issues are sufficient to address important issues of cyberwar.
  5. 4 Show/Hide More Chapter 4: Cybercrime
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team

    Purpose: This chapter is designed to provide an understanding of cybercrime, i.e. crime that involves a computer network. Basically anything that can be a “real-space” crime can also be done in some way using a computer network. Examples include fraudulent misrepresentation via email or the network distribution of child pornography. In addition, some crimes (such as data theft, or disruption of network) necessarily involve computers, computer software, or computer networks . In this chapter we discuss both types of cybercrime. We limit our focus to the international dimension – i.e. to crimes committed be people in one jurisdiction (or in an unknown jurisdiction) involving computers or networks in another jurisdiction. Finally, both national governments and non-state actors can commit international cybercrimes. For example, the Chinese hack of Google violated U.S. criminal law. Because national governments are not even in theory subject to domestic criminal process, we will focus on crimes committed by non-state actors.

    Concepts Covered: This chapter divides into three parts. Part 4.1 explores examples of cybercrime and how cyber-criminals operate. Part 4.2 examines the limitations of domestic criminal law to address cybercrime. Part 4.3 looks at international efforts to regulate cybercrime, and the limits of those efforts.

    1. 4.1 Show/Hide More 4.1 How Cybercrime Works
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 4.1.1 Show/Hide More 4.1.1 Case Studies
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 4.1.1.1 How the RSA SecurID Hack Worked
        2. 4.1.1.2 Hackers Release Symantec Source Code After Failed $50K Extortion Attempt
      2. 4.1.2 Show/Hide More Tyler Moore, et al., The Economics of Online Crime, Journal of Economic Perspectives, Vol 23, No 3, 2009
        This article explains black markets for cyber vulnerabilities, cyber-criminals, cyber-attack tools, money-laundering in the cyber realm, numerous cybercrimes, and the economic incentives of the actors who commit those crimes.
      3. 4.1.3 Show/Hide More Group IB, State and Trends of the Russian Digital Crime Market, 2011
        This report contains the results of the study of the state of the Russian cybercrime market in 2011. It examines the main risks associated with various types of hacker activities, analyzes the main trends in the development of the Russian cybercrime market, estimates the shares and the financial performance of the Russian segment of the global cybercrime market, and forecasts market trends for this year.
      4. 4.1.4 Show/Hide More Knafo, Anonymous And The War Over The Internet, Part I, 30 January 2012
        A profile of the hacktivist conglomerate “Anonymous”
      5. 4.1.5 Show/Hide More Knafo, Anonymous And The War Over The Internet, Part II, 31 January 2012
        A profile of the hacktivist conglomerate “Anonymous”
    2. 4.2 Show/Hide More 4.2 The Limitations of Domestic Criminal Law
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 4.2.1 Show/Hide More 4.2.1 Jurisdiction and Sovereignty
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 4.2.1.1 J.R. Reidenberg, "Technology and internet jurisdiction." University of Pennsylvania Law Review, vol. 153, p. 1951. 2005
        2. 4.2.1.2 Jonathan L. Zittrain, Jurisdiction. Internet Law Series, Foundation Press, 2005
        3. 4.2.1.3 Johnson, David R. and David G. Post, 1996, "Law and borders: The rise of law in cyberspace." Stanford Law Review, vol. 48, pp. 1367‐1402, May 1996
        4. 4.2.1.4 Uta Kohl, Jurisdiction and the Internet, Ch. 1, 2007
      2. 4.2.2 Show/Hide More National Research Council, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, Chapter 5, 2009
        Introduction to law enforcement community and private sector community perspectives on cybercrime.
      3. 4.2.3 Gordon M. Snow, Assistant Director, Cyber Division, Federal Bureau of Investigation, Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism, 12 April 2011
      4. 4.2.4 Show/Hide More Computer Fraud and Abuse Act, 18 USC 1830
        The main anti-cybercrime law in United States
      5. 4.2.5 EFF Wiki on Computer Fraud and Abuse Act
      6. 4.2.6 Show/Hide More U.S.-Canada Extradition Treaty
        Arts. 1-4 and Schedule at end
    3. 4.3 Show/Hide More 4.3 International Efforts To Regulate Cybercrime
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      1. 4.3.1 Show/Hide More The Council of Europe Convention on Cybercrime
        This Convention was the first international treaty on cybercrime, and deals particularly with copyright, computer fraud, child pornography and network security. Its main objective is to pursue a criminal policy aimed to protect society against cybercrime by adopting appropriate legislation and fostering international cooperation.
      2. 4.3.2 Show/Hide More Ratifications of Council on Europe Convention on Cybercrime
        Note how few countries have ratified the treaty.
      3. 4.3.3 Show/Hide More Michael Vatis, The Council of Europe Convention on Cybercrime, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010
        An introduction to Cybercrime Convention, but more than a little optimistic about its efficacy compared to the scale of the problem.
      4. 4.3.4 Show/Hide More Jack Goldsmith, Cybersecurity Treaties: A Skeptical View, Future Challenges in National Security and Law, February 2011
        This article explains why international cooperation is considered central to the cybersecurity problem and examines three major hurdles to a global cybersecurity treaty. It then considers the feasibility of narrower and softer forms of cooperation.
        Read pages 3-4 for a more skeptical view about the success of the Cybercrime Convention.
  6. 5 Show/Hide More Chapter 5: Laws of War
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: This chapter is designed to provide an understanding of the challenging issues raised by cyber attacks and cyber exploitations under the international laws of war. These laws are premised on the assumption of kinetic action that does not translate easily into the cyber realm.
    Concepts Covered: Jus ad Bellum, Jus in Bello, Espionage
    1. 5.1 Show/Hide More Curtis A. Bradley and Jack L. Goldsmith, Overview of International Law and Institutions in , Foreign Relations Law: Cases and Materials (4th ed. 2011)
      Students may find it useful to acquaint themselves at the outset of this course with the basic sources of international law and some of the most important international institutions. The following is a brief overview.
    2. 5.2 Show/Hide More 5.1 Jus ad Bellum
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: To provide an understanding of the international law that governs when it is legitimate to begin war, what counts as war for those purposes, and what counts as neutrality (and breaches of neutrality). The jus ad bellum is governed primarily by the United Nations Charter and customary international law.
      1. 5.2.1 Show/Hide More United Nations Charter
        Art. 2 & Chs. 6-7
      2. 5.2.2 Show/Hide More National Research Council, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
        Ch 7: pp. 239-292
        § 7.2.1.1: pp. 242-246
        § 7.2.2.1: pp. 251-259
      3. 5.2.3 Show/Hide More Department of Defense, An Assessment of International Legal Issues in Information Operations, 1999
        An early and influential DOD analysis that is one of the most comprehensive public documents on DOD thinking about these issues.
      4. 5.2.4 Show/Hide More Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, Columbia Journal of Transnational Law 37:885-937, 1999
        This journal article is an important and influential early conceptual analysis on the acceptability under the jus ad bellum of computer network attack.
      5. 5.2.5 Show/Hide More Matthew C. Waxman, Cyber Attacks and the Use of Force, Back to the Future of Article 2(4), The Yale Journal of International Law 36, 2011
        This article provides an analysis of the conceptual puzzles of applying jus ad bellum to the cyber domain, as well as an analysis of strategic issues raised by legal considerations.
      6. 5.2.6 Show/Hide More Michael N. Schmitt, Cyber Operations and the Jus ad Bellum Revisited, Villanova Law Review 56, 2011
        In this piece the author revisits his prominent analysis of jus ad bellum twelve years later.
      7. 5.2.7 Show/Hide More Department of Defense Cyberspace Policy Report, 2011
        A report from the DoD on its attitude toward foreign cyber threats, including the circumstances under which a cyber attack will warrant a military response.
    3. 5.3 Show/Hide More 5.2 Jus in Bello
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: To provide an understanding of the international law that govern conduct during war. The jus in bello are governed by treaties like the Geneva Conventions, and by customary international law.
      1. 5.3.1 Show/Hide More National Research Council, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
        Ch 7: pp. 239-292
        § 7.2.1.2: pp. 246-250
        § 7.2.2.2: pp. 262-272
      2. 5.3.2 Show/Hide More Department of Defense, An Assessment of International Legal Issues in Information Operations, 1999
        An early and influential DOD analysis that is one of the most comprehensive public documents on DOD thinking about these issues.
      3. 5.3.3 Show/Hide More Michael N. Schmitt, Cyber Operations and Jus in Bello: Key Issues, Naval War College International Law Studies, 2011
        The article examines the jus in bello governing cyber operations during an armed conflict.
    4. 5.4 Show/Hide More 5.3 Espionage
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: To provide an understanding on the practice of secretly gathering information about a foreign government or industry. Espionage is not generally regulated by international law. This is important because it means that a great deal of threatening cyber behavior – basically, everything that comes under the heading of “cyber-exploitation – is not regulated by international law.
      1. 5.4.1 Show/Hide More 5.3.1 Relevant Case Studies
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        1. 5.4.1.1 Estonia
        2. 5.4.1.2 Olympic Games
        3. 5.4.1.3 Flame
      2. 5.4.2 Show/Hide More National Research Council, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
        Ch 7: pp. 239-292
        § 7.2.2.1.5: pp. 259-261, 263
      3. 5.4.3 Show/Hide More Department of Defense, An Assessment of International Legal Issues in Information Operations, 1999
        An early and influential DOD analysis that is one of the most comprehensive public documents on DOD thinking about these issues.
      4. 5.4.4 Show/Hide More Simon Chesterman, The Spy Who Came In from the Cold War: Intelligence and International Law, 27 Mich. J. Int’l L. 1071, 2006
        An overview of international law as applied to the subject of intelligence.
      5. 5.4.5 Show/Hide More Jeffrey H. Smith, Keynote Address: State Intelligence Gathering and International Law, 28 Mich. J. Int’l L. 543, 544, 2006
        An introduction with application to related national security issues.
      6. 5.4.6 Show/Hide More Roger D. Scott, Territorially Intrusive Intelligence Collection and International Law, 46 Air Force L. Rev. 217, 1999
        An older, but still relevant, analysis on the laws regarding intelligence collection.
  7. 6 Show/Hide More Chapter 6: Deterrence and International Agreements
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: This Chapter explores what nations can do in the face of cyberthreats in light of the fact that (as we learned in chapters 3-5) traditional law enforcement strategies are not terribly effective, and war is not a realistic tool except in the face of all but the most extreme cyberthreats. In particular, we discuss two strategies: deterrence and international agreements. (This chapter assumes a thorough understanding of chapters 3-5.)
    Concepts Covered: Deterrence, International Agreements
    1. 6.1 Show/Hide More 6.1 Deterrence
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: In this context, deterrence means unilateral threats and actions that one nation can take to dissuade another from engaging in undesirable cyber operations. (The concept is much more complex than this. For a flavor, see this Wikipedia entry.) Deterrence can take many forms. For example, the threat of unilateral criminal sanctions can be a form of deterrence; but for reasons discussed in chapter 4, it is not a terribly effective one. Threatened military responses can also be a form of deterrence. Indeed, it was in the context of nuclear weapons that the concept of deterrence has received its most thorough analysis in the international realm. This chapter examines several types of deterrence and studies the general challenges that the cyber realm presents to any form of deterrence.
      1. 6.1.1 Show/Hide More Joseph S. Nye Jr., Nuclear Lessons for Cybersecurity, Strategic Studies Quarterly, Winter 2011
        This article summarizes general lessons for cybersecurity from the experience with nuclear weapons. Nye focuses here on more issues than just deterrence, but the whole piece should be read. Make sure you read and understand Nye’s point in the end about softer forms of deterrence.
      2. 6.1.2 Show/Hide More Patrick Morgan, Applicability of Traditional Deterrence Concepts and Theory to the Cyber Realm, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010
        This article is a similar effort to Nye’s that is more focused on the deterrence lessons for cyber from nuclear.
      3. 6.1.3 Show/Hide More Stephen Lukasik, A Framework for Thinking About Cyber Conflict and Cyber Deterrence with Possible Declaratory Policies for These Domains, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010
        This article is more of the same, with a special emphasis on declaratory policy, which is a nation’s unilateral statement of intent (i.e. of threatened action) as a basis for deterrence.
    2. 6.2 Show/Hide More 6.2 International Agreements
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Purpose: This section further explains international agreements, as many scholars believe that all unilateral legal and deterrence strategies are doomed to failure in the cyber realm, and that only through mutual restraint fostered by international agreements can cyberthreats be contained.
      1. 6.2.1 Show/Hide More Abraham D. Sofaer, David Clark, and Whitfield Diffie, Cyber Security and International Agreements, Proceedings of a Workshop on Deterring Cyberattacks, pp. 179-206, 2010
        This piece discusses how the threats to cybersecurity are currently being approached at the private, national, and international level, then demonstrates the potential for increased international cooperation. It explains the demand for cyber international agreements and their feasibility and usefulness. It also covers how to fashion effective international initiatives and the difficulties in such negotiations.
      2. 6.2.2 Show/Hide More Clark and Knake, Cyber War: The Next Threat to National Security and What to Do About It, Chapter 7, 2010, ISBN: 978-0061962233
        This chapter proposes a concrete international agreements for the cyber domain.
      3. 6.2.3 Show/Hide More Agreement of the Governments of the Member States of the Shanghai Cooperation Organization [China, Kazakhstan,Kyrgyzstan, Russia, Tajikistan, and Uzbekistan] on Cooperation in the Field of International Information Security, 2008
        This agreement shows how differently the Chinese view the cybersecurity issue than the way that the west conceives it.
      4. 6.2.4 Show/Hide More Russian Proposal, Convention on International Information Security, November 2011
        This Convention shows how differently the Russians view the cybersecurity issue than the way the west conceives it.
      5. 6.2.5 Show/Hide More Jack Goldsmith, Cybersecurity Treaties: A Skeptical View, Future Challenges in National Security and Law, February 2011
        This article explains why international cooperation is considered central to the cybersecurity problem and examines three major hurdles to a global cybersecurity treaty. It explains why a cybersecurity agreement of the type Clark and Knake propose might not be feasible, and considers the feasibility of narrower and softer forms of cooperation.
      6. 6.2.6 Show/Hide More James Andrew Lewis, Confidence-building and International Agreement in Cybersecurity, United Nations Institute for Disarmament Research, 2011
        This article is skeptical about international agreements but somewhat more hopeful than Goldsmith.
Close

Playlist Information

May 28, 2018

cybersecurity

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

SEARCH
Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large