“Intro to the Challenge of Cybersecurity – Unit 2”

Unit 2 – “Risk, Adversity, and Trust” 

17 Days

Unit 2 picks up with the question of the value of information. Students identify what information assets need to be protected, and how they need to be protected. The unit then introduces the idea of threat sources, and students identify the vulnerabilities in conjunction with the impacts (i.e., disclosure, deception, disruption, destruction, and/or usurpation).  The unit shifts focus to countering threats, vulnerabilities, and attacks with security services or controls.  Security controls are introduced in two ways. First a few controls are introduced, e.g., authentication, cryptography, access control, firewalls, intrusion detection.  Here students are engaged in learning about the control and its role in prevention, detection, and response.  This unit then considers these same controls but this time through the lens of establishing trust.  In order to do that, the unit addresses the question of “what is trust”?  It is pointed out that while trust cannot be quantified precisely, trust is essential in everyday life and cyberspace. After exploring attacks, vulnerabilities, threats, control measures, and trust, students will develop an understanding of cyber risk.

“Intro to the Challenge of Cybersecurity – Unit 7”

Unit 7 – “Threats, Vulnerabilities, and Attacks: A Closer Look”

15 Days

Unit 7 begins with threat modeling, which is challenging and uncertain. The unit picks up on attacks covered earlier and identifies the threat source. The unit goes further by teaching students how to think about the threat source in terms of resources, capabilities, motivations and aversion to risk. The unit then pivots to the attack kill chain and students explore a few historic threat sources using the kill chain. The exploits will be looked at carefully to realize how features that were designed to help administrators and users can be the same tools that enable exploitation of targets for nefarious goals. This is a perfect time to reemphasize the role of ethics and the fact that the same policy approach that allows something to happen that might be “good,” also affords the fissure that allows the “bad.” The unit carefully considers right and wrong and the many shades of gray of white-gray-black hat hacking. Now that we are deeper into the anatomy of attacks, the unit changes perspective from that of the offender, to that of the defender and looks carefully at how to conduct vulnerability assessment (aka penetration testing). In digging deeper into threats, attacks and vulnerabilities, students are doing risk assessment, so the unit revisits controls. Not every vulnerability can/should be remediated. There is no such thing as perfect security. Therefore, decisions need to be made regarding what needs to be remediated, why, how, etc.

“Intro to the Challenge of Cybersecurity – Unit 6”

Unit 6 – “Security is Not Free”

8 Days

The sixth unit looks at how economics shapes cybersecurity decisions in the United States of designers (hardware, software, network technology and service providers), businesses and entities that rely on cyberspace for some-most-all of their operation (manufacturing, energy, food and agriculture, emergency services, financial services, transportation, etc.), and consumers (the end user who is the cyberspace citizen). Students identify key stakeholders and understand their motivations and interests in cybersecurity decisions. The consequences of competing interests, the costs of malicious cyber attacks, and the impact to the economy when cybersecurity is not prioritized are explored in this unit.

 

 

“Intro to the Challenge of Cybersecurity – Unit 5”

Unit 5 – “Countermeasures Against Attacks”

32 Days

Unit 5 further develops understanding of data security controls and includes authentication, identification, authorization, and access controls. These tools are examined from the perspective of their function in terms of preventing disclosure, deception, disruption, destruction, or usurpation. From here this unit introduces important terms and concepts in cryptography, and then covers how symmetric and asymmetric cryptosystems work. The unit returns to policy controls and students will analyze laws to discern what type of data are being protected, for whom, and under what circumstances. The unit also covers physical policies as part of a comprehensive defense-in-depth protection strategy.

From there, the unit moves on to discuss network security controls with topics like protocols that build in security, firewalls, intrusion detection, and intrusion prevention systems. The unit discusses important topics such as input validation, state analysis of software, dynamic analysis of software, the role of patching in software security, and the challenge of zero-day vulnerabilities. Regarding hardware security controls, the unit presents how physical controls are used to secure hardware. By the end of this unit, students will also begin to think about the “bigger picture” of systems to develop a strong understanding of how (and which) controls are used in securing a system from attacks.

“Intro to the Challenge of Cybersecurity – Unit 4”

Unit 4 – “Data, Software, Hardware, and Network Security”

25 Days

In this unit, students delve deep into the technical aspects of cybersecurity including data states and data controls, as well as vulnerabilities and exploits in software, hardware, networks, cyber-physical systems, and human use of data. Students in this unit acquire both theoretical understanding and practical, hands-on experience of cybersecurity as a complex set of systems, networks, and human interaction that is vulnerable to numerous exploits and needs to be protected.

“Intro to the Challenge of Cybersecurity – Unit 8”

Unit 8 – “States, Statelessness, Sovereignty, and Cybersecurity”

15 Days

This unit explores how cybersecurity is both a deeply technical and a deeply political space.  The unit begins with a focus on end to end encryption and The Cryptowars. Students learn about the National Security Council and explore competing social values and ideologies that are forces in The Cryptowars.  Building on this foundation, students then dive into a deeper understanding of the values and tensions by participating in a simulation where they play different roles in the National Security Council tasked with making a recommendation to the President of the United States.  A goal of the simulation is to reveal how cybersecurity practices are highly complex and variable causing tensions between what ethical duties are, to whom the ethical concern should be considered, and whose interests should be invested in protecting. The simulation engages students in analyzing the relationship between ethics and laws, and reflecting on their own personal values and beliefs.  The unit then ends with a lesson on Cyber as an Instrument of Power where students extend the ideas explored in the simulation to an international stage.

“Intro to the Challenge of Cybersecurity – Unit 3”

Unit 3 – “The Building Blocks of Cyberspace: Hardware, Software, and Networks”

20 Days

This unit provides an introduction to computer hardware, software, and operating systems. Students explore how hardware and software work together to achieve an overall objective. Students learn how devices communicate across the Internet and explore open source versus proprietary protocols. After these basic building blocks of cyberspace are defined, the unit introduces basic concepts of networks and networking. This unit includes introductory labs to introduce students to basic Linux commands and networking concepts. Finally, students examine the growth in society’s use of and reliance on computers and networks ranging from health, commerce, national defense, to entertainment and leisure.