ITX8050
LOCKED SHIELDS 2016 version
- Instructor: Kaur Kasak, kaur.kasak [ at ] gmail.com
- Topic: Exercise Locked Shields 2016. Student's role: Test Run Blue Team, Execution White Team support
- Objectives:
- Provide the students a practical experience in assembling a defensive team and preparing a defensive campaign according to exercise scenario. This will be accomplished by engaging the students into the Blue Teams of LS16 Test Run.
- Provide the students an experience in responding to full-scale cyber attack campaign by tasking them to protect exercise networks during one day lasting attack campaign.
- Use the help of the students to run LS16. Provide the students insight how technical cyber defence exercises are organized. The students will be engaged into the White Team after the Test Run.
- Limitations:
- 3 Student Blue Teams, (up to) 12 + 12 + 12 students
- LS16 will be UNCLASS exercise, but participation is only open to persons who have nationality of a NATO nation.
- Important Dates:
- First meeting: TBD Feb 2016
- 01 Feb - 08 Mar 2016: Intensive preparation period
- 09-10 Mar 2016: Access to systems. Test Run (full-day events!)
- 19-21 Apr 2016: Execution (full-day events!)
- All other information will be provided through another collaboration environment. In case you have registered but have not received the invitation by TBD Feb 2016, please contact kaur.kasak [ at ] gmail.com
STRATEGY / CYBER CHALLENGE PREP version
- Instructor: Tiia Sõmer
- Topic: management of cyber security at a strategic level. The course will be taught by invited speakers (from Estonia and international), putting main effort to the practical side of strategic cyber security. The course is also designed to prepare students for the 9/12 Cyber Challenge, but participation does not guarantee a slot on the TUT team.
- First meeting: 05 Nov 2015 at 1800-1930 in ICT-315
Schedule
NB! Check for updates regularly!
05.11
Introduction to the course (Tiia Sõmer) Meedia:001_05NOV15.pptx
Strategic issues in cyber security (Rain Ottis)
Cyber Challenge 2015 experience (Wael AbuSeada)
12.11
International actors in cyberspace, role of small states in international arena (Liina Areng) Meedia:002_12NOV15_LA.pdf
E-Diplomacy (Tanel Sepp)
=== 19.11 -> 20.11
PLEASE NOTE THE CHANGE OF DATE TO 20NOV 2015 !!!
THE LECTURE WILL BE HELD IN THE SAME ROOM AS USUALLY: ICT 315
UN and Cyber Security (Peter Pedak) Meedia:003_20NOV15_PP.pdf
EU and cyber security. EU Cyber Security Structure. The functioning of EU (Luukas Ilves)
NATO and Cyber Security (Hannes Krause) Meedia:004_20NOV15_HK.pdf
26.11 -> 27.11
PLEASE NOTE THE CHANGE OF DATE TO 27 NOV 2015 !!!
THE LECTURE WILL BE HELD IN THE SAME ROOM AS USUALLY: ICT 315
Comparative analysis of cyber security strategies (Kadri Kaska)Meedia:005_27NOV15_KK.pdf
General principles of International law applicable in cyberspace (Pascale Brangetto)Meedia:006_27NOV15_PB.pdf
Writing policy briefs (Dr Mika Kerttunen)
03.12 -> 07.12
DATE HAS BEEN CHANGED TO 07 DECEMBER
Cyber security and national security. Decision-making on cyber at national level. (Kristjan Prikk) Meedia:009_07DEC15_KP.pdf
Critical Infrastructure and Critical Information Infrastructure (Urmo Sutermäe) Meedia:008_07DEC15_US.pdf
Crisis Management in Cyber (Lauri Luht) Meedia:007_07DEC15_LL.pdf
10.12
Media involvement/ strategic communications in cyber crisis (Liisa Past)
Strategic communications is a somewhat underrated aspect in crisis management. This lecture will give you insight into how STRATCOM can be used to your advantage in times of crisis. The lecture will take place in the form of seminar, please come with your questions and thoughts and be ready to discuss the topic.
WRITTEN ASSIGNMENT =
This assignment can be completed either individually or as teamwork. In individual task, you will have to provide one policy recommendation; in case you opt for teamwork you should provide policy recommendations from one perspective per person in the group. The maximum group size can be 4 persons. Deadline for submission of written assignment is 10 January 2016.
INSTRUCTIONS
You are cyber security advisor to the Government of one country. A major cyber incident is occurring that affects the country’s national security. The Head of Government needs information on the full range of ongoing crisis and policy response alternatives available to respond, and you have been tasked to develop policy recommendation to the Government. You should provide policy recommendation from one of the following perspectives:
- Crisis management at national level;
- Critical infrastructure;
- Private sector;
- Diplomacy/ international organisations;
- Legal;
- Cyber security.
To present your policy recommendation, you will have to keep in mind all aspects in order to successfully synthesize useful policy measures from the limited information available.
You will be provided with fictional information on the background and current situation of a major cyber attack. The scenario will present a fictional account of political and economic developments leading up to the cyber incident. You are restricted to the facts provided within the coming week in order to formulate your analysis. You will have to provide a WRITTEN POLICY PAPER of 1500 words. This will be an analytical paper, discussing the potential implications of the cyber attack for different state and non-state actors and exploring one policy recommendation from selected perspective as chosen in depth.
Some tips:
- Don’t fight the scenario – assume the information given is true, and explore the implications of that information, not plausibility of scenario.
- Be creative – cyber policy is an evolving discourse and there is no single correct policy response to any scenario. There can be many ideas to experiment with in responding to crisis.
- Analyse the issues – it will be more important to analyse the issues than to list all possible problems or solutions.
Information on background and current situation of cyber attack affecting the country:
The country in question is the U.S. and you are asked to give advise to the Cybersecurity Directorate of the National Security Staff. The packet attached herewith contains fictional information on the background and current situation of a major cyber attack affecting the United States. The scenario added represents fictional account of political and economic developments leading to the cyber incident. You are restricted to the facts contained in the attached documents in formulating your answers.
Your recommendation must analyse the possible strengths, weaknesses, opportunities and threats of the proposed policy alternative.
Scenario packet: Meedia:strat_course_written_assignment_2015.pdf
Special Course in Cyber Security / 2015-2016 Spring Term
Instructor: Hayretdin Bahsi, hayretdin.bahsi@ttu.ee
Course Objectives: Main objective is to present and discuss some of the technical research topics recently emerged due to the new technical and strategic dimensions of cyber security.
Learning Outcomes: After successful completion of the course, students will have solid understanding about the discussed security concepts and their links with the strategic concepts. They will find opportunity to enhance their practical skills by hands-on homeworks. Their research capabilities will be improved by conducting an implementation project or preparing a short literature survey paper.
Textbook: No specific textbook is required. Appropriate documents and papers are listed below.
Grading: Grading mainly bases on the success of students in the term project. Final exam will be conducted to understand whether students get familiar with the basic concepts. Homework assignments that include some hands-on studies will be delivered.
A tentative distribution of grading items are given as follows: • Attendance: %20 • Homework Assignments: %30 • Term Project (Report/Paper+Presentations): %60
The final grade will be converted to "pass" if it exceeds 60 (out of 100) otherwise will be "fail".
Students may follow one of the two paths for the term project. First path is to conduct an implementation project that requires to integrate existing security tools or to develop a new tool in order to solve a technical problem. The other path is to prepare a short literature survey about a topic. Surveys should include the analysis of at least 5 papers. Students can choose their project or paper topics by themselves but their choices are subject to approval of instructor. They can also select their topics from a list which is given by the instructor. Each student is requested to present the project findings or literature survey to the class.
Syllabus:
Classes will take place in two-week period. Reading resources for each week are given below.
Week 1: Definitions of key terms and some background information
Week 3: Cyber threat intelligence and information sharing
• Jon Friedman, Mark Bouchard, Definite Guide for Cyber Threat Intelligence, 2015, iSightPartners
• Romain Bourgue, Joshua Budd, Jachym Homola, and Michal Wlasenko, Dariusz Kulawik Detect, Share, Protect Solutions for Improving Threat Data Exchange among CERTs, 2013, ENISA
• Burger, Eric W., et al. "Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies." Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security. ACM, 2014.
Week 5: Advanced persistent threats
• Hutchins, Eric M., Michael J. Cloppert, and Rohan M. Amin. "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains." Leading Issues in Information Warfare & Security Research 1 (2011): 80.
• Sood, Aditya K., and Richard J. Enbody. "Targeted cyberattacks: a superset of advanced persistent threats." IEEE security & privacy 1 (2013): 54-61.
• APT1 Exposing One of China’s Cyber Espionage Units, 2013, MANDIANT.
Week 7: Cyber security situational awareness and continuous monitoring
• Jakobson, Gabriel. "Mission cyber security situation assessment using impact dependency graphs." Information Fusion (FUSION), 2011 Proceedings of the 14th International Conference on. IEEE, 2011.
• Natarajan, Arun, et al. NSDMiner: Automated discovery of network service dependencies. IEEE, 2012.
• Mell, Peter, et al. "CAESARS Framework new Extension: An Enterprise Continuous Monitoring Technical Reference Model (Second Draft)." (2012).
Week 9: Deception in cyber defence
• Almeshekah, Mohammed H., and Eugene H. Spafford. "Planning and integrating deception into computer security defenses." Proceedings of the 2014 workshop on New Security Paradigms Workshop. ACM, 2014.
• Virvilis, Nikos, Oscar Serrano Serrano, and Bart Vanautgaerden. "Changing the game: The art of deceiving sophisticated attackers." Cyber Conflict (CyCon 2014), 2014 6th International Conference On. IEEE, 2014.
Week 11: Cyber security of industrial control systems (ICSs)
• CSSP, DHS. "Recommended Proctice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies." US-CERT Defense In Depth (October 2009) (2009).
• Robinson, Michael. "The SCADA threat landscape." Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013. BCS, 2013.
• Edmonds, Janica, Mauricio Papa, and Sujeet Shenoi. "Security analysis of multilayer SCADA protocols." Critical Infrastructure Protection. Springer US, 2008. 205-221.
Week 13: Attack graphs
• Ou, Xinming, Sudhakar Govindavajhala, and Andrew W. Appel. "MulVAL: A Logic-based Network Security Analyzer." USENIX security. 2005.
• Singhal, Anoop, and Xinming Ou. Security risk analysis of enterprise networks using probabilistic attack graphs. US Department of Commerce, National Institute of Standards and Technology, 2011.
• Cheng, Pengsu, et al. "Aggregating CVSS base scores for semantics-rich network security metrics." Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on. IEEE, 2012.
Week 15: Presentations