SEST-714 Intelligence in the Cyber Domain
Fall for 2017-2018
This course is designed to prepare students for a career in intelligence that targets cyber adversaries. Intelligence professionals hoping to have an impact in the cyber domain can effectively attribute cyber crimes and attacks to specific adversaries. They analyze information from a variety of sources to determine the motivations behind such crimes. They also work with law enforcement and intelligence agencies, as well as policymakers, to implement prevention, response, and deterrence measures against adversaries.
In the first part of this course, we will review the basics of attribution and discuss methods by which cybersecurity professionals attribute hacking activities to specific actors or groups. Second, we will discuss methods by which governments and private security companies assess adversaries' reasons for hacking. We will also discuss various response and deterrence tools that intelligence and law enforcement professionals have at their disposal, and cost-benefit analysis weighed by intelligence professionals when making decisions on which actions to take.
In the second part of the course, we will apply this baseline knowledge to real world adversaries--cyber criminals, terrorists, hacktivists, and nation state actors. Case studies regarding real world hacking events will be studied with the assistance of selected readings and guest speakers who are experts on specific actor groups. We will study the financial motivations of cyber criminals, the unique money laundering methods they use, and ways in which intelligence and law enforcement professionals track them. We will discuss the motivations of espionage actors from various nations, the attribution process of the U.S. Government, and the costs and benefits of its response in each instance. Other case studies of cyber warfare, terrorism, and hacktivism will be similarly reviewed by the class.
Students of this course will develop a toolbox of analytic techniques for studying past, present, and future cyber adversaries. They will also gain an understanding of nuanced differences between current adversaries in the cyber domain, ranging from financially motivated cyber criminals to politically, personally, or economically driven nation state actors--and a range of adversaries in between. They will learn the value of tactical, technical knowledge of cyber actors, and they will discover how cyber intelligence requires an equal grasp of the strategic motivations of those actors.
No prior knowledge or experience in cybersecurity or technology is expected in this course.
The following syllabi may help you learn more about this course (login required):
Fall '17: Burkart-Gattone M (file download)
Additional syllabi may be available in prior academic years.