FCRG Spring 2020

Future of Cybersecurity Reading Group (FCRG)

aka

Special Topics in Information - INFO 290 LEC 005, CCN 30261 (2 credits)
Future of Cybersecurity Workshop - LAW 276.12 SEM 001, CCN 32032 (1 credit -- thanks ABA!)

Fridays 11:20A-12:45P in 134 Boalt Hall (Law School) - as of March 10, 2020, we are currently meeting via Zoom, per University and Law School requirements to manage COVID-19.

Note: The Law School does not operate on "Berkeley Time." This class starts at 11:20.

Click here for the Zoom link

From January 24, 2020
To April 03, 2020 (law)
To May 1, 2020 (UG & Grad)

Office Hours: Tuesdays at 11 AM in Berkeley Law 342 and by Zoom.

Instructors: Chris Jay Hoofnagle, Adjunct Professor of Information and Law; Jennifer M. Urban, Clinical Professor of Law.

We will discuss cybersecurity policy among a group of graduate, professional, and undergraduate students. In Spring 2020, we will focus on four topics: 1) Laura DeNardis' new book, The Internet in Everything. Professor DeNardis is a giant in internet governance and policy. Her new book has met with glowing reviews. It will be released on January 7th. 2) Richard A. Clarke and Robert K. Knake's recently-published book, The Fifth Domain. This is a popular book but it makes an argument important for theory surrounding whether the offense or the defense has the upper hand in cyber. 3) Professor Hoofnagle's in-progress book with Simson Garfinkel on quantum technologies, Law and Policy for the Quantum Age, is forthcoming from Cambridge University Press and is relevant to cybersecurity. 4) A series of policy reports and papers we have identified. 

This course is open to law students, graduate students, and undergraduates (with permission). Undergraduates should be prepared to read and engage at a level commensurate with your graduate school peers--there's no "back benching" this seminar.

Assessment

Students are expected to participate in weekly discussions, lead paper discussions (50%) twice, and write two response pieces (3-4 pages) to be circulated in advance of class (50%). (Response writers will also serve as discussion leaders.) We will circulate a sign up sheet for discussion leadership/response writing duties; you will circulate your response piece in advance of class on the discussion board. We have a pedagogical purpose in using student discussion leaders--the purpose is to give you a challenging speaking assignment. The ability to run a structured discussion is an invaluable skill, but it only develops from practice. FCRG is a friendly atmosphere to learn this skill.

When you are assigned to write a response, get in touch with your other discussion leaders (if 2 or more are assigned that week). You are free to self-organize and write a joint response piece. We also encourage you to participate in office hours the week of your discussion leadership.

Please use this template for your reading responses. Your reading response is due 24 hours before class--Thursdays around Noon. Please post your response as a discussion--just start a new discussion to do this.

For your response pieces, it is important to not simply recount the reading. Assume that everyone has read carefully. Your response piece should follow at least one of the following strategies:

  • You could analyze a major theme or problem in the readings and tie it to challenges in cybersecurity generally, or to larger theoretical frameworks used in cybersecurity.
  • You could show the linkages among multiple themes/readings in the course.
  • You could analyze the arguments raised in the reading by assessing strengths, the merits of counterarguments, and of course by identifying the implicit/explicit assumptions that underly the argument. 

The best response pieces integrate themes of the course, raise high-level discussion questions, and/or present original arguments and the limitations of those arguments. It's a good idea to identify specific themes that you would like to develop in conversation. Pay attention to the footnotes--you might find context and color from extrinsic sources.

APM-015 Part II statement

This course will deal with material concerning current events and exploration of government actions and their possible consequences. Class discussion will feature such material.

BCLT Certificate

Law students: Hoofnagle & Urban's courses count toward's BCLT's certificate program.

Course Materials

Please purchase:

  • Laura DeNardis, The Internet in Everything, Freedom and Security in a World with No Off Switch (Yale University Press 2020, 9780300233070).
  • Richard A. Clarke and Robert K. Knake, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats (Penguin Press 2019,  978-0525561965).

We will also read

  • Chris Jay Hoofnagle & Simson Garfinkel, Law and Policy for the Quantum Age (forthcoming CUP), files on bcourses.
  • Policy reports and papers TBD.

Some readings will be behind paywalls. In order to get the readings at no cost, you will have to use the Berkeley Library VPN or the Library Proxy. These tools enable you to obtain all UCB-subscribed journals and books from your home computer. If you have problems, see your helpdesk. 

Tech Cred

If you are feeling at sea with cybersecurity or hacking techniques, you might explore the relevant courses on lynda.com. UCB has a site license, so you can watch as many as you'd like :) For instance:

The quality of these videos vary, but some are excellent.

To log in, you need to use this link and your calnet: https://hr.berkeley.edu/development/learning/online-learning 

Course Schedule

 

Date Class Discussion Leaders DeNardis Clarke & Knake Other
24-Jan-20 WK1 SL & DC Chapter 1 1–29

Please introduce yourself on the discussion board ASAP.

Please complete the discussion leadership survey ASAP.

31-Jan-20 WK2: This week, Clarke and Knake make reference to a number of important cybersecurity documents--the DBIR, the "kill chain" analysis, and MITRE's ATT&CK. Please look over these documents enough to understand their contribution. JC & RM None Chapters 3-4; 33–61 Skim Verizon DBIR (2019), https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf ; Skim Hutchins et al, ntelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, https://lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf ; Skim MITRE, Getting Started with ATT&CK, https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf 
7-Feb-20 WK3: As with last week, Clarke and Knake make reference to important external resources that we would like you to be familiar with. GG & HM Chapter 2 Chapter5; 63–83 Please study the Momentum Partners, Cyberscape (2019 or most recent version), https://momentumcyber.com/docs/CYBERscape.pdf ; skim Sounil Yu, Understanding the Security Vendor Landscape Using the Cyber Defense Matrix (on bCourses); skim Microsoft, Security Development Lifecycle Overview, https://www.microsoft.com/en-us/securityengineering/sdl/practices
14-Feb-20 WK4 MG & FH Chapter 3 Chapter 6; 85–105

RSA college day(s) are Thursday, February 27, 2020, and Friday, February 28, 2020. Let's spend some time looking at the RSA agenda

Please look at the executive summary and study the chart on page 16 New York Cyber Task Force, Building a Defensible Cyberspace, https://sipa.columbia.edu/sites/default/files/3668_SIPA%20Defensible%20Cyberspace-WEB.PDF ; 

21-Feb-20

WK5

Hoofnagle absent

RC & EW Chapter 4 Chapters 7-8; 109–141 Nuclear Regulatory Commisson, Physical Protection of Plants and Materials, 10 CFR Part 73. Please read two sections: § 73.54 Protection of digital computer and communication systems and networks AND § 73.77 Cyber security event notifications, https://www.nrc.gov/reading-rm/doc-collections/cfr/part073/full-text.html ; Skim Cisco, BGPMon, https://bgpmon.net/blog/ ; 
27-Feb-20 Optional RSA RSA College Day is Thus/Fri. We have free passes if you'd like to go.
28-Feb-20 WK6 CLASS CANCELLED RSA and the BTLJ Symposium conflict with our class. We will make it up on April 3rd.
28-Feb-20 Optional A number of cybersecurity and national security experts, including Susan Landau, Rebecca Slayton, Christopher Yoo, Joseph Lorenzo Hall, and John Morris, are speaking at the BTLJ Symposium . The symposium is about expertise and government, but this may be an opportunity to learn more about cybersecurity expertise.
6-Mar-20

WK7

Hoofnagle absent

LO, VV & RM Chapter 5 Chapters 9-11; 143–178

Let's debrief on what we learned at RSA!

Clarke and Knake discuss Escalate and Immersive Labs in this reading, for optional enrichment, create a free account on Immersive and try out some of the cybersecurity professional exercises: https://www.immersivelabs.com/ 

13-Mar-20 WK8 CL, CM, & RC Chapter 6 Chapter 12; 181–203 Summary, Department of Defense Cyber Strategy 2018, https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF
20-Mar-20 WK9 DN, AV & MG Chapter 7 Chapters 13-14; 205–235 Nick Merrill, Internet Fragmentation: Beyond “free” and “closed,” Nov 26, 2019, https://medium.com/cltc-bulletin/internet-fragmentation-beyond-free-and-closed-cb8b1dfcd16a
27-Mar-20 Caesar Chavez Holiday, No Class
3-Apr-20 WK 10 Last Day Law in Boalt 240 VV, DN & EW Chapter 8

Chapters 15-17; 239–264

3-Apr-20 Makeup in Room 240 1-2:25 Chris & Jennifer Will Lead Done Chapters 18-19; 265–298 4iQ, The Changing Landscape of Identities in the Wild, The Long Tail of Small Breaches, Fall 2019 (on bcourses)(disclosure: Professor Hoofnagle is a board member of 4iQ).
10-Apr-20

WK 11

Urban Absent

FH, KP & CM Done Done Richard Danzig, Technology Roulette: Managing Loss of Control as Many Militaries Pursue Technological Superiority (2018), https://www.cnas.org/publications/reports/technology-roulette 
17-Apr-20 WK 12 GG, & JC Done Done Henry Farrell and Abraham L. Newman, Weaponized Interdependence How Global Economic Networks Shape State Coercion, International Security, Vol. 44, No. 1 (Summer 2019), pp. 42–79, https://muse.jhu.edu/article/730804/pdf
24-Apr-20 WK 13 JM, AV & KP Done Done Rebecca Slayton, What Is the Cyber Offense-Defense Balance?
Conceptions, Causes, and Assessment 41(3) International Security 72 (Winter 2016/17), available athttps://www.mitpressjournals.org/doi/pdf/10.1162/ISEC_a_00267 <remember to use the VPN or the proxy
1-May-20 WK 14 Last Day UG Jennifer & Chris Done Done Be sure to read our cybersecurity FAQ, and two post two short reflections on our readings this semester.

Course Summary:

Date Details Due