Reading Schedule
Contents
- 1 Reading schedule
- 1.1 August 31: The Logic of Terrorism
- 1.2 September 7: Terrorism as Warfare
- 1.3 September 13 (Tuesday): The Al Qaida Threat
- 1.4 September 21: Technology Policy and the War on Terror
- 1.5 September 28: Profiling the Terrorist Adversary
- 1.6 October 5: Computer Security Primer
- 1.7 October 12: Cyber Security In-The-Large
- 1.8 October 19: Nuclear, Radiological & Chemical Weapons
- 1.9 October 26: Biological Weapons; Remediation and Recovery Technologies
- 1.10 November 2: WMD Defenses
- 1.11 November 9: Large-Scale Internet Criminal Activity
- 1.12 November 16: Incentives to Exploit and Protect
- 1.13 November 23: Cyber-defenses
- 1.14 November 30: Intelligence and Interrogation
- 1.15 December 7: Cyberforensics
Reading schedule
August 31: The Logic of Terrorism
Modern terrorism has been with us since the 1870s. What can history teach us about the strategy, tactics, and limits of terrorism?
- Steve Maurer, UC Berkeley: What Can History Teach Us?
Readings:
- Walter Laqueur, No End to War: Terrorism in the Twenty-First Century (2004) (text; Amazon.com). Please read this text in three segments, concluding 9/21.
September 7: Terrorism as Warfare
Historically, nation states were the only entities that could credibly make war. Have new technologies and the vulnerabilities of modern life changed the rules?
- Steve Maurer, UC Berkeley: Can Terrorism Challenge the Nation State?
Readings:
- Walter Laqueur, No End to War: Terrorism in the Twenty-First Century (2004) (text; Amazon.com). Please read this text in three segments, concluding 9/21.
September 13 (Tuesday): The Al Qaida Threat
Can US foreign policy discourage rogue nations from putting WMD into the hands of terrorists?
- Michael Nacht, UC Berkeley: Post 9/11 Diplomacy: The Bush Doctrine, Rogue Nations, and US Non-Proliferation Policy
Readings:
September 21: Technology Policy and the War on Terror
Can new technologies improve current trade-offs between civil liberties and security? How do homeland security experts use Threat, Vulnerability, and Consequence (TVC) models to identify and protect society’s most critical assets?
- Don Prosnitz, LLNL: Security and Civil Liberties: Can Technology Improve the Balance?
- Steve Maurer, UC Berkeley: The Bioshield Dilemma: Developing New Technologies at an Affordable Price
- Eric Norman, LLNL: Cargo screening technologies
Readings:
- Walter Laqueur, No End to War: Terrorism in the Twenty-First Century (2004) (text; Amazon.com). Please read this text in three segments, concluding 9/21.
- Steve Maurer, “When Patents Fail: Finding New Drugs for the Developing World,” (pdf) May 2005.
September 28: Profiling the Terrorist Adversary
What are the motives and capabilities of current terrorist groups? How likely are they to use WMD or attack the nation’s cyber-infrastructure?
- Gary Ackerman & Jeffrey Bale, Monterey Institute: Profiling the Terrorist Adversary
Readings:
- Jeffrey M. Bale and Gary Ackerman. Recommendations on the Development of Methodologies and Attributes for Assessing Terrorist Threats of WMD Terrorism. (pdf). Center for Nonproliferation Studies, Monterey Institute of International Studies.
October 5: Computer Security Primer
Comprehensive introduction to basic computer security principles, mechanisms, and approaches. Essentially, the highlights of an undergraduate computer security course, reduced to 3 hours.
- Geoff Voelker, UCSD
Readings:
- Ken Thompson, “Reflections on Trusting Trust,” Communications of the ACM 27(8), August 1984.
- Alma Whitten and J.D. Tygar, “Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0,” Proc. USENIX Security Symposium, August 1999.
- Ross Anderson, “Why Cryptosystems Fail,” Communications of the ACM 37(11), November 1994.
October 12: Cyber Security In-The-Large
Using information technology to attack – or to amplify attacks on – various elements of the nation’s critical infrastructure.
- Ed Lazowska, UW: Assessing Cyber-Vulnerabilities: PITAC and Beyond
- Phil Venables, CISO, Goldman Sachs: The Resilient Enterprise: Convergence of Security, Compliance, Redundancy and Risky
- Kirk Bailey, ex-CISO, City of Seattle: Cyber-attacks and cyber-defense in the City of Seattle
Readings:
- Information Technology for Counterterrorism. Computer Science & Telecommunications Board, National Research Council, 2003. . Read the Executive Summary, Chapter 1, Chapter 2, and Chapter 4.
- Cyber Security: A Crisis of Prioritization. President’s Information Technology Advisory Committee, 2005. (pdf).
- Washington Post Washington Post articles on cyber terrorism, August 2005.
- New York Times article, “The Rise of the Digital Thugs,” August 2005.
- Time article, “The Invasion of the Chinese Cyberspies,” September 2005.
October 19: Nuclear, Radiological & Chemical Weapons
The physics and technology of WMD.
- Richard A. Muller, UC Berkeley and LBNL: The Physics of WMD
- Christine Hartmann-Siantar, LLNL: Radiation and Human Health
- Steve Maurer, UC Berkeley: Nuclear Fear
Readings:
R. Muller, "Chain Reactions, Nuclear Reactors, and Atomic Bombs," http://muller.lbl.gov/teaching/Physics10/chapters_Jan_2005/Chapter05.pdf
R. Muller, "The Dirty Bomb Distraction," http://muller.lbl.gov/TRessays/29-Dirty_Bombs.htm
R. Muller, "Crop Duster Terrorism," http://muller.lbl.gov/TRessays/02_Cropduster_Terrorism.htm
R. Muller, "Al Qaeda's Anthrax, http://muller.lbl.gov/TRessays/03_Al_Qaeda_Anthrax.htm
October 26: Biological Weapons; Remediation and Recovery Technologies
The biological weapons threat: today and tomorrow. Recovering from WMD attacks.
- J. Patrick Fitch, LLNL: Biological Weapons and Detection Technologies
- J. Keasling, UC Berkeley: Synthetic Biology and Tomorrow’s Bioweapons
- Tina Carlson, LLNL: Remediation
- Christine Hartmann-Siantar, LLNL: Recovery Technologies
Readings:
November 2: WMD Defenses
Technology and Policy Options for Early Detection of WMD.
- Michael Nacht & B. Perez, UC Berkeley: Port Security.
Readings:
- Online Paper
November 9: Large-Scale Internet Criminal Activity
Internet crime. Denial of service, extortion, phishing, botnet reselling, spam, spyware, etc.
- Dave Aucsmith, Senior Director, Institute for Advanced Technology in Governments, Microsoft Corp.
- Steve Gribble, UW: Spyware
Readings:
- David Moore, Geoffrey Voelker, and Stefan Savage, “Inferring Internet Denial of Service Activity.” Proc. 2001 USENIX Security Symposium, August 2001.
- Stefan Saroiu, Steven D. Gribble, and Henry M. Levy, “Measurement and Analysis of Spyware in a University Environment,” Proc. NSDI 2004, March 2004.
- The Honeynet Project & Research Alliance, “Know your Enemy: Tracking Botnets,” March 2005.
November 16: Incentives to Exploit and Protect
What do we know about the Internet’s vulnerabilities? History of past exploits, worms, viruses. What could a determined, well-funded adversary accomplish?
- Hal Varian, Berkeley: incentive-based strategies for enhancing cyber security
- Stefan Savage, UCSD: Internet outbreaks: Epidemiology and Defenses
- Vern Paxson, ICIR and LBNL: Network intrusion detection systems
Readings:
- Carey Nachenberg, “Computer Virus-Antivirus Coevolution,” Communications of the ACM 40(1), January 1997.
- David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford and Nicholas Weaver, “Inside the Slammer Worm,” IEEE Security and Privacy 1(4):33-39, July 2003.
- Vern Paxson, “Bro: A System for Detecting Network Intruders in Real-Time,” Computer Networks 31(23-24), December 1999.
November 23: Cyber-defenses
Host-based, network-based, software engineering with security goals
- Mark Pustilnik, Microsoft, Eliminating security vulnerabilities from commercial software.
- Josh Lackey, Microsoft (ex-IBM), Ethical hacking: Using white-hat cyber-attacks to improve security.
- Eric Rescorla, consultant, Does it make sense to discover/publicize vulnerabilities?
Readings:
- Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage, “Automated Worm Fingerprinting," Proc. OSDI 2004, December 2004.
- Eric Rescorla, “Is finding security holes a good idea?”, Workshop on Economics and Information Security 2004, May 2004.
- Eric Rescorla, “Security holes... Who cares?”, Proceedings of the 12th USENIX Security Conference, August 2003.
November 30: Intelligence and Interrogation
How can IT improve US intelligence capabilities?
- (TBD)
- Steve Maurer: Databases and Intelligence
- S. Scotchmer: Do Terrorism Futures Make Sense?
Readings:
December 7: Cyberforensics
What constitutes evidence for computer exploitation crimes, how is it gathered, etc.
- Possible: Butler Lampson
- Possible: FBI
Readings: