Cybersecurity and cyberwar: what everyone needs to know

Abstract

1. Why cyberspace is wonderfulEL and complicated What is cyberspace? Why do people talk about the difference of a networked world? How does the Internet actually work? Who owns this thing? WaitEL You mean no one runs the internet? What can governments do online? What are the limits of state power? Just how dependent are we on cyberspace? 2. Security and Insecurity Online What do we mean by a system? What is the difference between an attack on a network and an attack on a system? How does anti-virus software work? How do you defend a network? Why is anonymity a problem online? Why is it relatively easy to act without accountability? How can you authenticate some one to be sure they are who they say they are? How do we keep data secure in cyberspace? 3. Threats and Bad Actors o Differentiating threats o Value at risk What are the bad guys after? What can you really do with a computer? What's the worst you can do? Can a hacker really turn off the power grid? o Different motivations of attackers o Different types of attacks o What is Cyber Terrorism, actually? What does cyberwarfare mean? How are countries militarizing cyberspace? Why? So if we just built better systems, could we have a secure internet? 4. Case Studies / Examples of attacks o Aurora / Google {phishing, attribution} o Stuxnet {Critical infrastructure, intelligence} o Wikileaks data breach & fallout {data protection, DoS} o Israel-Syria Air Defense {Cyber-Kinetic Crossover, cyberwar} - 5. Why securing cyberspace is hard What are some mechanisms that enable us to trust systems or data? What is the difference between espionage and exploitation? Why not just write better software? Why can't network operators detect bad behavior? Why security through obscurity doesn't work How do we know what has happened after a cyber incident? How does the rise in change the dynamics of cyber security? What makes mobile computing different? If everyone's systems are vulnerable, can't defenders just interrupt the attacker's systems? Why is it so hard to know who the attackers are? Why does attribution matter? How do we measure a cyber risk? Why aren't users able to protect themselves? Don't vendors and service providers have enough incentives to provide good security? Why aren't companies investing enough to protect themselves? 6. International Dimensions What changes when cyber problems cross international borders? How do countries differ in their approach to cyberspace? Who has the biggest cyber armies? What constitutes an act of war? How does law enforcement deal with international boundaries? What are existing international organizations currently doing? What international treaties are in place? Why don't the classic models of military deterrence work for cyberspace? What are the obstacles to international cooperation to resolve cybersecurity issues? 7.The path forward to a more secure cyberspace It sounds like every aspect of modern life is vulnerable. Are things really that bad? Why can't we just re-built the technology to prevent bad behavior? Can we impose accountability through national control of cyberspace? How can private firms be incentivized to internalize their risk? If a company or government agency was willing to invest in cyber security defenses, what would stand in their way? Can internet service providers do more to identity and stop bad behavior? How can we make it harder for bad actors to profit from successful attacks What can I do to protect myself?