Note. Documents should be read before the class for which they are assigned. New readings may be added to the list during the semester, so check the Web page each week.
Overview of course. Concepts and principles of information warfare. Who conducts IW and why. Technology trends and IW.
Slides: IW-intro.ppt
Open source collection. The Internet and privacy. Web tracking and cookies. Intellectual property rights. Napster and Gnutella.
Questions: q-opensource.html
Denning, Preface, Chapters 1-4.
Adams, Chapter 2.
John L. Petersen, "Living in a Wired World: Cyber Society in 2020," in Cyberwar 2.0, pp. 119-130.
Cornerstones of Information Warfare, Air Force report with forward by Ronald R. Fogleman and Sheila E. Widnall, http://www.infowar.com/mil_c4i/mil_c4ia.html-ssi.
Martin C. Libicki, What is Information Warfare?, National Defense University, 1995, http://www.ndu.edu/inss/actpubs/act003/a003cont.html.
Georgetown Internet Privacy Policy Study, http://www.msb.edu/faculty/culnanm/gippshome.html.
Safe Harbor Privacy Provision, negotiated between Department of Commerce and European Commission, http://www.ita.doc.gov/td/ecom/menu.html.
The Privacy Foundation, http://www.privacyfoundation.org/index.cfm. See "Microsoft Word Documents That Phone Home" under Advisories and Reports, plus information on privacy and copyright issues.
Laura Rich, "Hollywood Wins DVD-Copy Case," The Standard, August 17, 2000, http://www.thestandard.com/article/display/0,1151,17790,00.html.
Ed Felton, Information about SDMI challenge, http://www.cs.princeton.edu/sip/sdmi/.
Milton Mueller, Trademarks and Domain Names: Property Rights and Institutional Evolution in Cyberspace, http://istweb.syr.edu/~mueller/study.html
Strategic Communications. Media manipulation. Propaganda. Psychological operations. Softwar. Deception. Distortions and lies. Conspiracy theories. Harrassment. Advertising and spam. Censorship.
Speaker: John Rendon, President, The Rendon Group.
Questions: q-psyops.html
Denning, Chapter 5.
Adams, Chapter 19.
Charles A. Williamson, "Psychological Operations in the Information Age," in Cyberwar 2.0, pp. 179+.
Douglas H. Dearth, "Deception, Human Factors, and Information Operations," in Cyberwar 2.0, pp. 191+.
Chuck de Caro, "Operationalizing SOFTWAR," in Cyberwar 2.0, pp. 199+.
Charles J. Dunlap, Jr., Sometimes the Dragon Wins, http://www.infowar.com/mil_c4i/dragon.html-ssi.
Charles J. Dunlap, Jr., How We Lost The High-Tech War of 2007, http://www.geocities.com/SoHo/Museum/5439/2007.html.
Emil Pain, "The Second Chechen War: the Information Component," http://www-cgsc.army.mil/milrev/English/JulAug00/love.htm.
Poisoning the Web, An ADL Report on Internet Bigotry, Extremism and Violence, http://www.adl.org/poisoning_web/poisoning_toc.html.
1999 Report on Cyberstalking, Department of Justice, http://www.usdoj.gov/criminal/cybercrime/cyberstalking.htm
Separatist, Para-military, Military, Intelligence, and Aid Organizations, http://www.cromwell-intl.com/security/netusers.html.
John Rendon, U.S. Air Force Academy talk, http://www.rendon.com/docs/airforce.html.
CIAC HoaxBusters page, http://HoaxBusters.ciac.org/.
Center for Democracy and Technology (CDT) pages on free speech, http://www.cdt.org/speech/.
Insider Threat. Economic, corporate, and military espionage. Competitive intelligence. Communications intercepts. Traffic analysis. Packet sniffing. Carnivore. Echelon. Cameras. VanEck. Telecommunications fraud. Sabotage of communications systems. Radio frequency weapons.
Questions: q-signals.html
Denning, Chapters 6, 7.
Adams, Chapters 14, 18.
John D. Woodward, Jr., Superbowl Surveillance: Living Up to Biometrics, RAND, May 2001, http://www.rand.org/publications/IP/IP209/IP209.pdf.
Philip E. Agre, Your Face Is Not a Bar Code: Arguments Against Automatic Face Recognition in Public Places, September 9, 2001, http://dlis.gseis.ucla.edu/people/pagre/bar-code.html.
Lawrence D. Sloan, Echelon and the Legal Restraints on Signals Intelligence: A Need for Reevaluation, 50 Duke L. J. 1467, http://www.law.duke.edu/shell/cite.pl?50+Duke+L.+J.+1467.
Duncan Campbell, Inside Echelon, http://www.heise.de/tp/english/inhalt/te/6929/1.html.
An Appraisal of Technologies of Political Control, European Parliament, Scientific and Technological Options Assessment (STOA), http://cryptome.org/stoa-atpc.htm.
Development of Surveillance Technology and Risk of Abuse of Economic Information (an appraisal of technologies of political control), European Parliament, Scientific and Technological Options Assessment (STOA), 4-part series, April and May 1999, http://cryptome.org/dst-1.htm.
Interception Capabilities 2000, European Parliament, Scientific and Technological Options Assessment (STOA), http://www.cyber-rights.org/interception/stoa/interception_capabilities_2000.htm
Vincent Jauvert, Espionage -- How France Listens to the Whole World, April 5, 2001, http://all.net/iwar/archive/2001Q2/0098.html.
National Counterintelligence Center -- see Annual Report to Congress, Foreign Economic Collection and Industrial Espionage; Economic Espionage Act of 1996; and newsletters, http://www.nacic.gov/.
Ann M. Florini and Yahya A. Dehqanzada, No More Secrets, Policy Implications of Commercial Remote Sensing Satellites, Carnegie Endowment for International Peace, July 1999, http://www.ceip.org/programs/governance/RemoteSensingConf/NoMoreSecrets2.htm
Stanley Kober, "Why Spy? The Uses and Misuses of Intelligence," CATO Policy Analysis No. 265, December 12 1996, http://www.cato.org/pubs/pas/pa-265.html
Mark Burton, "Problems and Alternatives: Government Spying for Commercial Gain," http://www.odci.gov/csi/studies/unclass1994.pdf
Robert Graham, Carnivore FAQ, http://www.robertgraham.com/pubs/carnivore-faq.html.
Independent Technical Review of the Carnivore System, December 8, 2000, http://www.usdoj.gov/jmd/publications/carniv_final.pdf.
Wiretap Report, http://www.uscourts.gov/wiretap00/contents.html
CDT pages on wiretapping and surveillance, http://www.cdt.org; Policy Post 6.15, http://www.cdt.org/publications/pp_6.15.shtml
USSID 18 - United States Signals Intelligence Directive, procedures for NSA collection of data on US persons, http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/07-01.htm.
Executive Order 12333 -- United States Intelligence Activities, http://www.odci.gov/cia/information/eo12333.html.
House Permanent Select Committee on Intelligence, Staff Study, Washington: USGOP0, 1996, "IC21: Intelligence Community in the 21st Century," http://www.access.gpo.gov/congress/house/intel/ic21/ic21_toc.html
National Intelligence Council, "Intelligence Challenges Through 2015" John C. Gannon, 27 April 2000, p. 1-7. See "Speeches and Testimony" at http://www.cia.gov/.
Senate Select Committee on Intelligence, Statement by Director of Central Intelligence George Tenet, "The Worldwide Threat in 2000: Global Realities of Our National Security," 2 February 2000, p. 1-11, See "Speeches and Testimony" at http://www.cia.gov/.
Computer break-ins and unauthorized access. Hacking tools and techniques. Denial-of-service attacks. Spoofing. Trojan horses. Computer viruses and virus hoaxes. Computer worms. Extortion. Identity theft. Internet fraud. Case studies. Computer Crime Investigations. Law enforcement challenges.
Slides: cyber-attack.ppt
Questions: q-hacking.html
Denning, Chapters 8 - 10.
Greg Shipley, Anatomy of a Network Intrusion, Network Computing, October 18, 1999, http://www.networkcomputing.com/1021/1021ws1.html.
Liraz Siri, The Internet Auditing Project, http://www.viacorp.com/auditing.html.
Steve Gibson, The Strange Tale of the Denial of Service Attacks Against GRC.COM, May 2001, http://grc.com/dos/grcdos.htm.
David Moore, Geoffrey M. Voelker, and Stefan Savage, Inferring Internet Denial-of-Service Activity, 2001, http://www.caida.org/outreach/papers/backscatter/usenixsecurity01.pdf.
David Moore, The Spread of the Code-Red Worm (CRv2), http://www.caida.org/analysis/security/code-red/.
L. Britt Snider, "Improper Handling of classified Information by John M. Deutsch, CIA Report, February 18, 2000, http://www.fas.org/irp/cia/product/ig_deutch.html.
Sarah Gordon, The Generic Virus Writer II, http://www.research.ibm.com/antivirus/SciPapers/Gordon/GVWII.html
Web sites
Brian Martin's articles on hacking/security, http://www.attrition.org/~jericho/works/writing_security.html
Information operations that are are politically and socially motivated. Case studies of hacktivism and hacktivist groups. Assessment of cyberterrorism threat.
Slides: hacktivism-cyberterrorism.ppt
Questions: q-cyberterrorism.html
Dorothy E. Denning, "Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy," presented at The Internet and International Systems: Information Technology and American Foreign Policy Decisionmaking Workshop, the Nautilus Institute and World Affairs Council of Northern California, December 10, 1999, http://www.cs.georgetown.edu/~denning/infosec/nautilus.html.
Dorothy E. Denning, Cyberterrorism, Testimony before the Special Oversight Panel on Terrorism, Committee on Armed Services, U.S. House of Representative, May 23, 2000, http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html.
Andrew Rathmell, "Assessing the IW Threat from Sub-state Groups," in Cyberwar 2.0, pp. 295+.
Cyber Attacks During the War on Terrorism: A Predictive Analysis, Institute for Security Technology Studies, Dartmouth College, September 22, 2001, http://www.ists.dartmouth.edu/ISTS/counterterrorism/cyber_attacks.htm.
Michael Wine, Cyberspace - A New Medium for Communication, Command and Control by Extremists, April 1999, http://www.ict.org.il/articles/cyberspace.htm
Matthew G. Devost, Brian K. Houghton, and Neal A. Pollard, Information Terrorism: Political Violence in the Information Age, http://www.terrorism.com/Denning.html.
Mark Pollit, Cyberterrorism -- Fact or Fancy?, http://www.cs.georgetown.edu/~denning/infosec/pollitt.html.
Web Sites
Cryptography: single-key and public-key. Key management. Applications of encryption to virtual private networks, e-mail, commerce. Steganography. Anonymity. Biometrics. Cryptographic techniques for authentication. Digital signatures. Location-based authentication. Watermarking.
Questions: q-crypto.html
Denning, Chapters 11 - 12.
C. Ellison and B. Schneier, Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, Computer Security Journal, v 16, n 1, 2000, pp. 1-7, http://www.counterpane.com/pki-risks.html
Dorothy E. Denning and William E. Baugh, Jr., Hiding Crimes in Cyberspace, 1999, http://cryptome.org/hiding-db.htm.
Special Issue of The Information Society on Anonymity, Vol. 15, No. 2, July 1999, http://www.slis.indiana.edu/TIS/tables_of_contents/toc_15.html#15-2. This publication has numerous excellent articles.
Monitors. Filters. Firewalls. Intrusion detection. Auditing. Incident handling. Forensics.
Speaker: Kevin Mandia, Director of Computer Forensics, Foundstone Inc., www.foundstone.com.
Questions: q-monitors.html
Denning, Chapters 13.
Rebecca Bace and Peter Mell, Intrusion Detection, NIST, August 16, 2001, http://cryptome.org/sp800-31.htm.
Bruce Schneier, Managed Security Monitoring: Network Security for the 21st Century http://www.counterpane.com/msm.html
Richard P. Lippmann and Robert K. Cunningham, Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks, RAID 99, http://www.raid-symposium.org/raid99/PAPERS/Lippmann1.pdf
Field Guide for Investigating Computer Crime, http://www.securityfocus.com/cgi-bin/infocus.pl?head=Incidents:Forensics&id=1244.
Jeffrey Kephart, Gregory Sorkin, David Chess, and Steve White, Fighting Computer Viruses, Scientific American, November 1997, http://www.sciam.com/1197issue/1197kephart.html.
Information security for organizations. Best practices. Risk analysis and management. Certification and accreditation. Security training and awareness. Generally Accepted Systems Security Principles.
Speaker: Peiter Mudge Zatko, Vice President of Research and Development, @Stake, www.atstake.com.
Questions: q-security.html
Denning, Chapters 14 - 15 (through p. 400).
CERT, Home Network Security, http://www.cert.org/tech_tips/home_networks.html.
Charles C. Mann, "The Mole in the Machine," The New York Times Magazine, July 25, 1999, http://www.nytimes.com/library/magazine/home/19990725mag-tech-secure-secrets.html .
Critical infrastructure protection. National Plan. President's Commission on Critical Infrastracture Protection (PCCIP). PDD 63 and national inititives. National network monitoring (FidNet, JTF-CND).
Speaker: Major General James D. Bryan, Director, JTF-CNO.
Questions: q-defense.html
Denning, Chapter 15 (pages 400+).
Adams, Chapters 1, 12.
CIAO Web site, http://www.ciao.gov/.
Report of the President of the United States on the Status of Federal Critical Infrastructure Protection Activities (pdf), January 2001, http://www.ciao.gov/CIAO_Document_Library/CIP_2001_CongRept.pdf.
Nicholas Chantler, "Intelligence Preparation of the Information Warfare Battlefield," in Cyberwar 2.0, pp. 313+.
N. Gass and T.T. Romet, "A Framework for Modelling the Threat of Information Operations and the Infrastructure of a Country," in Cyberwar 2.0, pp. 347+.
Richard Forno, "The INFOCORPS -- A Unique Proposal for a Unique Mission," in Cyberwar 2.0, pp. 255+.
Alan D. Campen, "Outsourcing Command and Control," in Cyberwar 2.0, pp. 241+.
USIA Journal on Cyberthreat: Protecting U.S. Information Networks, http://usinfo.state.gov/journals/itps/1198/ijpe/toc.htm.
CSIS report on Cybercrime, Cyberterrorism, and Cyberwarfare, http://www.csis.org/pubs/cybersum.html.
Information warfare policy at a national and international level. International laws governing IW. Council of Europe Cybercrime convention. Cyberweapons controls. Ethics of offensive IW operations. Strategic information warfare.
Speaker: Catherine Lotrionte, attorney, Office of General Counsel, Central Intelligence Agency and adjunct professor, National Securities Studies Program, Georgetown University.
Questions: q-international.html
Adams, Chapters 16, 20, Conclusion.
Charles J. Dunlap, Jr., "The Law of Cyberwar: A Case Study from the Future," in Cyberwar 2.0, pp. 139+.
An Assessment of International Legal Issues in Information Operations, Department of Defense Office of General Counsel, December 1999, http://www.cs.georgetown.edu/~denning/infosec/DOD-IO-legal.doc.
Dorothy E. Denning, Obstacles and Options for Cyber Arms Control, Arms Control in Cyberspace, Heinrich Boell Foundation, June 29-30, 2001, http://www.cs.georgetown.edu/~denning/infosec/berlin.doc.
Council of Europe Draft Convention on Cybercrime, http://conventions.coe.int
Center for Democracy and Technology materials on the CoE Convention on Cybercrime, http://www.cdt.org/international/cybercrime/.
John Arquilla, Ethics and Information Warfare, Ch 13 of The Changing Role of Information in Warfare, RAND Corp, 1999, http://www.rand.org/publications/MR/MR1016/.
Dan Kuehl, The Ethics of Information Warfare and Statecraft, http://www.infowar.com/mil_c4i/mil_c4ij.html-ssi.
Roger C. Molander and Sanyin Siang, The Legitimization of Strategic Information Warfare: Ethical Considerations, http://www.aaas.org/spp/dspp/sfrl/per/per15.htm
Cryptography and Liberty 2000, An International Survey of Encryption Policy, EPIC, http://www2.epic.org/reports/crypto2000/
Douglas H. Dearth, "Imperatives of Information Operations and Information Warfare," in Cyberwar 2.0, pp. 391+.
TBA.