SPCI 509

Cyberterrorism and Communication Systems

Course Introduction

This course will cover the complexities and subtleties of telecommunication and computer infrastructures and their inter-relationship with other critical infrastructures. We'll look at the vulnerabilities of these systems to environmental damage, hackers, and terrorists. We will discuss ways to maintain confidentiality, integrity, and availability of data; authenticate users; and hire trustworthy employees. These concepts are not static: they operate within "live" systems, which means that it is not enough to put protective measures in place. Organizations must also have daily operational policies and procedures that provide for detection and reaction capabilities that can quickly restore the system to a nominal state and perhaps even identify and hold accountable those who attacked the system.

Learning Objectives

When you complete this course, you will be able to do the following:

• identify the vulnerabilities of critical infrastructure systems to failure (in particular, to cyberterrorism), and recommend security solutions required for operational levels of trust;
• analyze the vulnerabilities of a corporate cyber network;
• create security plans and policies for cyber systems and training requirements to assure system operation at specified levels of trust;
• apply systems analysis to solvingcommunications systems and ir security problems inherent in the inter-networking connectionsof infrastructure systems;
• develop conceptual, graphic models of communications systems;
• describe best practices to secure digital infrastructure; and
• for a hypothetical city, create both a defense against cyber attack, and a plan of attack.

Course Topics

This course will address the following topics:

• threats, vulnerabilities, and counter measures, including reviews of policies, procedures, and products, and how to assess risks;
• "critical infrastructures" what they are, how they were defined, how they relate to one another, and how to think about their protection;
• development and maintenance of a security plan for a site or organization;
• security policies and practices, from the cyber realm to the physical realm, and methods of ensuring accountability;
• certification and accreditation of information systems and the personnel who use and maintain them;
• vetting, training, and managing personnel to maintain operational integrity and security;
• protection from and reaction to disruption from cyber attacks, hardware failures, or natural or man-made physical disasters;
• methods of auditing to detect disruptions, alterations, or unauthorized access to information systems;
• techniques for proper investigation of incidents in ways that support operational goals, including potential legal action; and
• ways to ensure security policies and safeguards are in place and integrated within standard operations

The Textbook

Bishop, Matt. Computer Security: Art and Science. New York: Addison-Wesley, 2003. ISBN 0-201-44099-7

Covering information security theory, technology and practice, this text is primarily aimed at advanced undergraduates and graduate students in computer science, although it should also be of interest to security professionals and researchers. It was chosen for this course because it addresses computer security/information assurance in a comprehensive manner. You will find it a helpful reference during, as well as after, this course.

Technology Requirements and Skills

See the Online Student Handbook for the technology requirements and skills necessary for this course.

Prerequisites

You are expected to have some computer literacy as well as knowledge of networks and networking. The textbook will provide additional background in these subjects, beyond the required reading assignments.

Course Components

Your work in this course will consist of

• individual and team assignments in several lessons;
• optional exercises imbedded in the lessons;
• participation in weekly online discussions;
• participation in a final team project; and
• completing a final written assignment

Individual and Team Assignments

The first five lessons require that you submit a written assignment (either individually or participating in a team effort) that emphasizes key ideas covered in the lesson. Grading criteria are provided with each assignment. You will submit written assignments according to the instructions found in "About Your Instructor" in your online course syllabus.

Optional Exercises

Within each lesson, you'll find "Your Turn" sidebars containing questions about the material, often along with optional readings. These questions are intended to help you think about the implications of the information; they are optional, so you need not turn your responses in. If you would like to discuss these questions, however, you may either e-mail your instructor or start a thread on the discussion forum for that lesson.

Participation in Weekly Online Discusssions

You will be graded on your participation in online discussions. Suggested questions and opportunities for reflection are included in each lesson. These questions will be the basis for beginning our weekly dialogue.

Participation in a Final Team Project

You will be required to participate in a final course project, with team members to be assigned by the instructor. In this project, you and your team will create a plan to protect the cyber infrastructure of a hypothetical city, and another plan to attack the same city. Your instructor will provide more information about the team project during Week 6, and you will begin working on the project then. Your team will submit your completed project during Week 10. Please submit your responses for the Final Team Project according to the instructions in "About Your Instructor."

Final Written Assignment

You will complete a final written assignment during Week 9. This assignment will consists of your choice of two essay questions out of the three that will be provided. Lesson Nine will help you prepare for your final written assignment. Please submit your final written assignment according to the instructions in "About Your Instructor."

Late Assignments

To earn credit, you must complete all assignments on time.

If unforeseen circumstances prevent you from completing an assignment on time, please contact your instructor before the assignment is due to obtain permission for a late submission. Without such permission, your assignment will not be accepted.

Grading

You will receive a numeric grade for this course. The numeric grading system used by the University of Washington relies on a decimal scale between 1.7 (low) and 4.0 (high).

University of Washington Grade Scale for Graduate Students:

4.0 - 3.9 = A
3.8 - 3.5 = A -
3.4 - 3.1 = B+
3.0 - 2.9 = B
2.8 - 2.5 = B-
2.4 - 2.1 = C+
2.0 - 1.7 = C

For graduate courses, grades below 1.7 are recorded as 0.0 and no credit is earned.  A minimum of 2.7 is required in each course that is counted toward a graduate degree. A 3.0 cumulative average in graduate work is required to receive a graduate degree.

Weighting of Assignments

Your assignments will be weighted using the percentages shown in Table i.1, below.

Table i.1—Grading
Assignment	Percentage
Assignment 1	8%
Assignment 2	8%
Assignment 3	8%
Assignment 4	8%
Assignment 5	8%
Final Course Project	25%
Participation in Discussion Forums	15%
Final Written Assignment	20%
TOTAL	100%

About the Course Developers

This course was created by a team of content experts including Barbara Endicott-Popovsky, Dave Dittrich, Ray Forbes, and Gordon Ross.

Barbara Endicott-Popovsky

Barbara is a corporate coach and facilitator of successful projects that tackle and solve difficult IT problems, and the president of Endicott Consulting, Inc. Her 20-year career includes executive positions managing the business side of computing: creating strategic IT plans, evaluating and selecting IT projects, managing multi-million dollar computing budgets, planning and implementing architecture standards and data management.

As a consultant and project manager she has extensive experience with managing the organizational development issues involved with implementing new IT structures and programs, leading IT projects to successful conclusions. Recently, her experience resulted in the design and development of a new Project Management Masters program with a local university. She has lectured extensively both locally and internationally.

Barbara has earned an MS in Information Systems Engineering and an MBA from the University of Washington. She is currently working on her PhD in computer science with a specialty in computer security/computer forensics.

Dave Dittrich

Dave is the Senior Security Engineer for the University of Washington's Computing & Communications' University Computing Services Security Operations group (currently working half time in this position.) He started working at the UW in 1990. From 1996 until 2003, he was the principle computer security incident response analyst and system/network security consultant. His background is in programming and UNIX system administration on several platforms.

Dave is also currently working half time, sponsored by the University of Washington's iSchool and Computer Science & Engineering department, developing Information Assurance research and curricula at the UW. This effort includes collaboration with faculty from Seattle University and Highline Community College. Many years ago, Dave also supported World Wide Web services including the initial prototype and subsequent support of the University's original (now retired) Weber Web service (and proud father of the Weber Guy).

Dave taught the R870: Unix System Administration—A Survival Course Education and Training course for about 10 years, and in Autumn 2003 co-taught a course on Computer Security Incident Response.

Gordon Ross

Gordon's career spans 30 years as an award-winning Internet filtering pioneer; biometric technology, computer security, and telecommunications engineer; and an internationally sought-after speaker. He is a firm believer that education, combined with effective technology solutions, proper funding and training for law enforcement will ensure that the Internet and the digital world remains an open, safe and helpful place for the global community.

Since 1994, Gordon has lead development of Internet and biometric security products and established a solid market and brand leadership, beginning with the industry's first filtering product in January 1995: Net Nanny. Since then, he has expanded the development of filtering and biometric and other security technology.
Mr. Ross testified before the Congressionally-appointed COPA Commission on filtering technologies, sat on the US Congressional Internet Caucus Advisory Board, and testified before Sen. John McCain's Commerce Committee hearing on Internet Pornography.

Gordon was the recipient of the first Christian Computing Award for a software product, in recognition for his long-standing contribution to further public understanding of the important issues surrounding child safety and securing data in the online world. For his efforts to ensure that the Internet is a safe, open medium, Mr. Ross received the first annual Internet Humanitarian of the Year award in February 1999, from CyberAngels in New York, an online Internet safety organization (a division of the Guardian Angels). In the same year, Mr. Ross was awarded the Ethics in Action Award, in Vancouver, Canada, for individual ongoing corporate responsibility.

Gordon also has expertise in information flow, securing telecommunication systems, routing, access control and network management.

Gordon graduated from California State Polytechnic University in 1973, holds a Bachelor of Science Degree in Electronics Engineering, and is a registered Professional Engineer.

---

©2003–2007, University of Washington. All rights reserved.
No part of this publication may be reproduced in any form or by any means without permission in writing from the publisher.