 Strategic Cybersecurity, Module 1. Cybersecurity, an interdisciplinary approach. Once you have completed the readings, lecture, activity, and assessment, you will be able to identify important topics and issues associated with strategic cybersecurity. Articulate why cybersecurity has evolved from a technical discipline into one with strategic implications. Welcome to the fascinating topic of strategic cybersecurity. In contrast to most cybersecurity classes, which generally focus on the very technical aspects of cyber intrusion, strategic cybersecurity looks at the field from, as they say in the military, 30,000 feet. Meaning, we will look very broadly at the many non-technical aspects of the field. And because of the various domains of knowledge required to understand cybersecurity at the strategic level, we will take a multi-disciplinary approach to the topic. We will incorporate knowledge from a variety of disciplines, including economics, psychology, political science, history, and of course, computer science. This course can be thought of as a survey in that I will be providing an overview of many topics relevant to the field of strategic cybersecurity to include some of the more basic vulnerabilities of the Internet. Cyber conflict, cybercrime, cyberterrorism, and the problems of attribution with regard to hacking attacks occurring over the Internet. I will also cover some legal, historical, and philosophical issues related to cybersecurity, including issues of state sovereignty, the erosion of privacy, surveillance, and government regulation. For instance, we'll discuss how the Treaty of Westphalia, a treaty signed in 1648 that marked the end of the Thirty Years' War, is related to cybersecurity. Later, we will address how the legal concept of use ad bellum, a Latin term meaning the right to wage war, is applied to cyber conflict. You'll learn how cyberspace is generally characterized as existing in layers. For instance, many refer to the Internet as comprised of five distinct layers, a geographic layer, a physical network layer, a logic layer, a cyber persona layer, and a persona layer. And each of these layers has its own specific vulnerabilities. I'll describe how many countries organize their offensive cyber capabilities into highly orchestrated units called APTs or advanced persistent threats. These countries will organize efforts to steal a specific type of information or disrupt a specific capability of an adversary into an APT. You'll see how the exploding rate of information technology development is straining the ability of the justice system to keep up. The issue of privacy, for instance, is increasingly coming to the forefront of the list of problems our society is having to face as one particular technology, what's called the Internet of Things, becomes more developed. In its most basic form, the Internet of Things can be thought of as the linking together or networking of various devices and applications one may use through the course of their daily life. Think of a networked refrigerator that can sense when you are out of milk, and may order fresh milk for you, or an automated thermostat in your home such as Nest, that can detect your pattern of life, such as when you are generally home or away at work, and adjust the temperature in various rooms of your home accordingly. In order to do this, the automated program would have to have sensors throughout your house to detect your movements. If you combine this technology with similar tracking technology in your car or cell phone for that matter, you essentially leave a digital trail which may allow others to track your movements 24 hours a day. This of course has major implications for individual privacy that we will address in a later lecture. And just a quick note about the logistics of the course. Most lectures will open with a list of student learning outcomes, or SLOs, followed by a seven to ten minute video presentation, giving you a quick background on the lecture topic. At the end of the video, we will present a slide with both short answer and multiple choice questions covering the material in the module. Generally, the short answer questions can be addressed in 250 words or less. In the majority of modules, we will also present exercises to help you better integrate the material. If you have been assigned to take this course as part of an official training program, your instructor may ask that you turn in your answers for grading or credit. In the two textbooks we will be utilizing for this course, in addition to various other readings I will be providing, are Paul Rosenweig's 2013 Cyber Warfare and Singer and Friedman's 2014 Cyber Security and Cyber War, what everyone needs to know. Paul Rosenweig is a professor at law at the George Washington University Law School and lectures on cybersecurity law and policy. He also previously served as a Deputy Assistant Secretary for Policy in the Department of Homeland Security. Peter Singer is a well-known expert on cyber warfare, security and intelligence and currently serves as a strategist for the New America Foundation. We will also be utilizing Dr. Kenneth Greer's e-book, Strategic Cyber Security, which can be downloaded for free. Dr. Greer spent four years at NATO's Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia, where he researched material for his book with other experts in cyber conflict and cyber law. We hope you enjoy the course. Now, to get us underway, let's turn to our first set of questions for this module. Quiz Question 1. According to Rosenweig, which answer fails to explain why the Stuxnet virus was so transformative? A. It showed that computer viruses or attacks could be lethal, not just disruptive. B. It highlighted the vulnerability of critical infrastructure, e.g. the electrical grid, to cyber attacks. C. It enhanced the ability of the Iranian government to control Iranian citizens. D. It created a need to rethink our definitions of espionage, terrorism and crime. The answer is C. It enhanced the ability of the Iranian government to control Iranian citizens. Quiz Question 2. According to Singer and Friedman, in addition to the physical or digital realms, cyberspace can be defined as much by which realm? A. Practical. B. Electrical. C. Cognitive. D. Military. The answer is C. Cognitive Realm. The activity for this module asks that you download and read, assessing Russian activities and intentions in recent U.S. elections, available on the U.S. Senate Select Committee on Intelligence website. After reading the report, consider which of the key judgments that the report highlights used elements of strategic rather than traditional cybersecurity. Quiz Question 2. According to Singer and Friedman, in addition to the physical or digital realms, cyberspace can be defined as much by which realm? A. It enhanced the ability of the Iranian government to control Iranian citizens.