Cybersecurity and Cyberwar

Peter W. Singer is a Senior Fellow and the Director of the 21st Century Defense Initiative at the Brookings Institution. Allan Friedman is a Fellow in Governance Studies and Research Director of the Center for Technology Innovation at the Brookings Institution.

1. Why cyberspace is wonderfulEL and complicated ; What is cyberspace? ; Why do people talk about the difference of a networked world? ; How does the Internet actually work? ; Who owns this thing? ; WaitEL You mean no one runs the internet? ; What can governments do online? What are the limits of state power? ; Just how dependent are we on cyberspace? ; 2. Security and Insecurity Online ; What do we mean by a <"secure>" system? ; What is the difference between an attack on a network and an attack on a system? ; How does anti-virus software work? ; How do you defend a network? ; Why is anonymity a problem online? Why is it relatively easy to act without accountability? ; How can you authenticate some one to be sure they are who they say they are? ; How do we keep data secure in cyberspace? ; 3. Threats and Bad Actors ; o Differentiating threats ; o Value at risk ; What are the bad guys after? What can you really do with a computer? ; What's the worst you can do? Can a hacker really turn off the power grid? ; o Different motivations of attackers ; o Different types of attacks ; o What is Cyber Terrorism, actually? ; What does "cyberwarfare" mean? ; How are countries militarizing cyberspace? Why? ; So if we just built better systems, could we have a secure internet? ; 4. Case Studies / Examples of attacks ; o Aurora / Google {phishing, attribution} ; o Stuxnet {Critical infrastructure, intelligence} ; o Wikileaks data breach & fallout {data protection, DoS} ; o Israel-Syria Air Defense {Cyber-Kinetic Crossover, cyberwar} ; - ; 5. Why securing cyberspace is hard ; What are some mechanisms that enable us to trust systems or data? ; What is the difference between espionage and exploitation? ; Why not just write better software? ; Why can't network operators detect bad behavior? ; Why security through obscurity doesn't work ; How do we know what has happened after a cyber incident? ; How does the rise in <"cloud computing>" change the dynamics of cyber security? ; What makes mobile computing different? ; If everyone's systems are vulnerable, can't defenders just interrupt the attacker's systems? ; Why is it so hard to know who the attackers are? ; Why does attribution matter? ; How do we measure a cyber risk? ; Why aren't users able to protect themselves? ; Don't vendors and service providers have enough incentives to provide good security? ; Why aren't companies investing enough to protect themselves? ; 6. International Dimensions ; What changes when cyber problems cross international borders? ; How do countries differ in their approach to cyberspace? ; Who has the biggest cyber armies? ; What constitutes an act of war? ; How does law enforcement deal with international boundaries? ; What are existing international organizations currently doing? ; What international treaties are in place? ; Why don't the classic models of military deterrence work for cyberspace? ; What are the obstacles to international cooperation to resolve cybersecurity issues? ; 7.The path forward to a more secure cyberspace ; It sounds like every aspect of modern life is vulnerable. Are things really that bad? ; Why can't we just re-built the technology to prevent bad behavior? ; Can we impose accountability through national control of cyberspace? ; How can private firms be incentivized to internalize their risk? ; If a company or government agency was willing to invest in cyber security defenses, what would stand in their way? ; Can internet service providers do more to identity and stop bad behavior? ; How can we make it harder for bad actors to profit from successful attacks ; What can I do to protect myself?