H2O

This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.

This chapter introduces some basic issues and ideas that will be relevant for the entire course. We begin in 2.1 with fundamental concepts, including the important distinction between cyber-attack and cyber-exploitation, characteristics of cyber-operations, why offense beats defense in cybersecurity, and the attribution problem. Then Section 2.2 offers various perspectives on the seriousness of the cyber threat. Finally, Section 2.3 explores the idea of cyber power. EDIT PLAYLIST INFORMATION DELETE PLAYLIST

Edit playlist item notes below to have a mix of public & private notes, or:

MAKE ALL NOTES PUBLIC (3/3 playlist item notes are public) MAKE ALL NOTES PRIVATE (0/3 playlist item notes are private)
    1. 1.1 Show/Hide More 2.1.1 Cyber-Attack v. Cyber-Exploitation
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Cyber-Attack v. Cyber-Exploitation. This is a fundamental distinction throughout cybersecurity that has important legal, policy, and jurisdictional implications. A cyber-attack is an act that disrupts, denies, degrades, or destroys information on a computer network or related system. Examples include the manipulation or destruction of data or code on a computer system to control or shut down an electricity grid, or to disrupt military communications, or to render banking data unreliable. A cyber-exploitation is the act of monitoring and related espionage on computer systems, as well as the copying (and thus theft) of data on these systems. In contrast to a cyber-attack, cyber-exploitation does not seek to affect the normal functioning of the computer or network from the perspective of the user. Examples of cyber-exploitation include stolen military secrets, intellectual property, and credit card numbers.
    2. 1.2 Show/Hide More 2.1.2 Characteristics of Cyber-Operations (attack and exploitation)
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      All cyber-operations – both attacks, and exploitations – requires three things: a vulnerability, access to the vulnerability, and a payload.
    3. 1.3 Show/Hide More 2.1.3 Why Offense Beats Defense
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      The very basic reason why computer systems are vulnerable is that offense (both cyber-attack and cyber-exploitation) beats defense.
    4. 1.4 Show/Hide More 2.1.4 Economics and Metrics
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Many cybersecurity problems are at bottom problems about misaligned incentives.
      1. 1.4.3 Show/Hide More Seymour E. Goodman and Herbert S. Lin, Toward a Safer and More Secure Cyberspace, Ch. 6.4: The Economics of Cybersecurity, National Research Council, 2007, pp. 133-42
        This section provides an economic perspective on why cybersecurity is hard and on why (if at all) there is underinvestment in cybersecurity.
    5. 1.5 Show/Hide More 2.1.5 Attribution
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      A fundamental difficulty with regulating cybersecurity is the “attribution problem” of identifying the author of a cyber attack or cyber exploitation.
      1. 1.5.1 Show/Hide More David Clark and Susan Landau, Untangling Attribution, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010
        Attribution on the Internet can mean the owner of the machine, the physical location of the machine, or the individual who is actually responsible for the actions. This paper teases apart the attribution problems in order to determine under which circumstances which types of attribution would actually be useful.
  1. 2 Show/Hide More 2.2 Seriousness of the Threat
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    There is no doubt that cybersecurity is a serious problem due to the widespread dependency on computer and computer systems, and their extraordinary vulnerability. But how much of a problem? This is a difficult issue to analyze because (as we learned in 2.1) metrics are hard to come by in the cybersecurity realm, and because many actors have incentives to exaggerate the threat.
    1. 2.1 Show/Hide More Richard Clarke and Robert Knake, Cyber War: The next Threat to National Security and What to Do About It, 2010
      Cyber War goes behind the “geek talk” of hackers and computer scientists to explain clearly and convincingly what cyber war is, how cyber weapons work, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals.
    2. 2.2 Show/Hide More Joel Brenner, America the Vulnerable: Inside the New Matrix of Digital Espionage, Crime, and Warfare, 2011
      This book begins by describing how electronic data has become “ambient”— all electronic activities are aggregated as data, behavior patterns are identified, and the resulting information is used per the needs of whoever has the data. Brenner argues that the most vulnerable part of any network is the user, however particular attention is also given to operational infrastructure systems.
    1. 3.1 Show/Hide More Joseph Nye, Cyber Power, Belfer Center, Harvard Kennedy School, May 2010
      The characteristics of cyberspace reduce some of the power differentials among actors, and thus provide a good example of the diffusion of power that typifies global politics in this century.
    2. 3.2 Show/Hide More The Cyber Hub, Cyber Power Index, Booz Allen Hamilton and the Economist Intelligence Unit
      An interactive representation of the G20 countries’ cyber power. It allows users to adjust the components of the cyber power index, including: Legal and Regulatory Framework, Economic and Social Context, Technology Infrastructure, Industry Application.
Close

Playlist Information

May 21, 2013

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

SEARCH
Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large