COMP50/PS188:CyberSecurityandCyberWarfareTuftsInnovatesGrant2016

JeffTaliaferro,AssociateProfessor,PoliticalScienceMingChow,SeniorLecturer,ComputerScienceTheCourse’sMission:TodevelopintellectualbridgesamongstudentsandfacultymembersintheComputerScience,PoliticalScience,andInternationalRelations.Weareconvincedthatthelackofprogressincybersecurityisdueto

knowledgegapsbetweenthetechnicalcommunityand policymakers/non-technicalcommunity.

CourseGoals1. ToengagePoliticalScience(PS)andInternationalRelations

(IR)undergraduatesinasustaineddiscussionofthetechnicalaspectsofcybersecurityandcyberwar,whichhaveemergedasmajoraspectsofinternationalrelationsandUnitedStatesnationalsecurity.

2. ToexposeComputerScience(CS)undergraduatestotherealmofpolicymakingandtohelpthemunderstandkeyissuesinstrategicmanagementofcybersecurityintheprivatesectorandingovernment.

3. Toencouragestudentstobeengagedcitizens;toinformanddiscussthepolitical,legal,andethicalaspectsofcyberspacewiththepublic.

4. Toengageinconstructiveandhealthydebates,astheissuesincyberspacearepolitical,complex,controversial,andhavetradeoffs.

Assignments• CaptureTheFlag(CTF) - Ateam-basedexercise tofindand

exploitvulnerabilitiesinasystem(unpatchedWindowsServer2008)togainaccesstoinformationoneshouldnothaveaccessto.

• PolicyMemorandum - Apolicymemorandumonapressingissueincybersecuritydirectedtoainformationtechnology(IT)company,anintelligenceagency,acongressionalcommittee,orseniorexecutivebranchpolicymakers.

• PersonalEngagementProject - Anopen-ended projectforstudentstoactivelyengage withthecybersecurityandpolicycommunityoutsideoftheclassroomasthefieldisverybroad.

Topics• BasicNetworking• Securitytoolsincludingnmap,SHODAN,whois,Metasploit,KaliLinux• VulnerabilitiesandVulnerabilityDisclosure• CommonVulnerabilitiesandExposures(CVE)andCommonWeaknessEnumeration

(CWE)• Exploitation• MalwareandZeroDays• PrivacyandSurveillance• USIntelligenceCommunity• CyberCrime• Espionage• CounterintelligenceandLawEnforcement• DenialandDeception• CovertOperations• CyberWar

SpecialGuestsandAcknowledgements

• MattWeinberg,TeachingAssistant• Kade Crockford,DirectorofTechnologyforLibertyProgramat

ACLUofMassachusetts.GuestlectureonTuesday,March7th.Topic:SurveillanceandPrivacy(socialmediasurveillancebylocal,state,andfederallawenforcementagencies)

• ElyKahn,Co-Founder/VPBusinessDevelopmentandMarketingatSqrrl.GuestlectureonThursday,March16th.Topic:CyberDefense:Past,Present,andFuture

• SethMilstein,VicePresidentatJPMorganChase&Co.GuestlectureonTuesday,April4th.Topic:CyberSecurityinPublicvsPrivateSectors

WhatWeLearned• Theideaofcyberwarfareisnotthatspecial.Whilethe

techniquesareunique,manyideasaresimilartotraditionalwarfare.Theword“cyber”shouldbedropped.

• Verydifficulttokeepupwithcurrenteventsandnewreadingseveryday.

• Thereisaproblemwithvocabularyinthisfield.Manywordshavedifferentcontexttodifferentgroupsinthisfield.

ImprovementsToBeMade1. Needmoreassignments,perhapssmalllabs.2. IncorporateaneventsimilartotheAtlanticCouncilCyber

9/12StudentPolicyCompetitionintotheclass.3. Addasecondteambasedproject(inadditiontoCTF),with

eachteamcomprisedofIR/PSandCSstudents.4. Havemorein-classdebatesontopicssuchasvulnerability

disclosure.

FutureWorks1. Developadditionalundergraduatecoursesdealingwithspecific

aspectsofcybersecurityandpolicy.2. Makethisarequiredcourseinfuturegraduatedegreeprogram

incybersecurityandpolicyatTufts.3. PublicationsandtalksonourworktoInternationalRelationsand

PoliticalScienceforumsandjournals.

Outcomes47studentstotalininauguralclass.Weaskedstudentstocompleteasurveyattheendofthecourse.40totalresponses.