UMUC Cybersecurity Capstone CSEC670 © UMUC 2012 .docx

UMUC Cybersecurity Capstone
CSEC670
© UMUC 2012 Page 1 of 40
Contents
Topic 1: Scenario
...............................................................................................
.............................. 2
Scenario: Attack on NYSE
...............................................................................................
............ 2
Topic 2: Module Introduction
........................................................................................... ....
............ 4
Topic 3: Emerging Cybersecurity Technologies
.............................................................................. 5
Prioritized Research and Development
....................................................................................... 5
DARPA and IARPA
...............................................................................................
....................... 7
Remote Agent Technologies
...............................................................................................
......... 8
Real-Time Forensic Analysis
...............................................................................................
........ 9
Topic 4: Government Funding of Cybersecurity Technologies

..................................................... 10
NSA Initiatives
...............................................................................................
............................. 10
DHS S&T
...............................................................................................
..................................... 11
Topic 5: Local Initiatives
...............................................................................................
................. 12
Cybersecurity Integration: Lateral and Cross-Sector
................................................................. 12
Academic Initiatives
...............................................................................................
.................... 14
WC4, CIAT, and Western Cyber Exchange
............................................................................... 15
Scholarship for Service
...............................................................................................
............... 17
Blue-Ribbon Panel Debate
...............................................................................................
......... 18
Topic 6: International Collaboration
...............................................................................................
29
Department of Homeland Security Programs
............................................................................ 29
Department of Defense Programs
.............................................................................................
30
Topic 7: Cybersecurity Policy in the International Arena
............................................................... 31

IETF, ICANN, and W3C
...............................................................................................
.............. 31
Activity
...............................................................................................
......................................... 33
Activity: Kevin's Task
...............................................................................................
.................. 34
Topic 8:
Summary.................................................................................
......................................... 38
Glossary
..................................................................................... ..........
.......................................... 39
CSEC670
Topic 1: Scenario
Scenario: Attack on NYSE
The Future of Cybersecurity Technology and Policy
CSEC670—Module 3
Attack on NYSE
Kevin Baker is a partner in a leading investment house and

financial services firm on
Wall Street. He is in the middle of a meeting in his office when,
all of a sudden, there is a
flurry of activity outside his door. Employees are forming
huddles around their computers
and tensely reading from their screens. Kevin's private phone
starts ringing. He answers
it. It is his close friend and business confidant, Thomas Harper,
calling to inform Kevin of
an attack on the trading activity at the New York Stock
Exchange. Kevin quickly ends his
meeting so he can find out what is happening.
Disclaimer: The storyline and characters in this part of the
module are fictitious and were developed for the
purposes of this course. No association with any real person,
places, or events is intended or should be
inferred from the use of the fictitious names.
Scenario
Scene 1
Kevin turns on the television to catch the breaking news.
Here is a transcript of the news.
Headline: NYSE Brought to a Standstill!
News reporter: At 10:22 a.m., trading activity at the New York
Stock Exchange spiraled
out of control.
News Reporter: The stock ticker data projected by the Exchange
displayed obvious
irregularities, including missing digits and unrealistic price
fluctuations, sending brokers
and investors scurrying to find accurate data.

News reporter: The typically passionate buying and selling
came to a screeching halt.
Confusion and panic could be seen on the faces of brokers.
News reporter: When the authorities at the stock exchange
checked into their systems
to look for the error, the Market System Administrators found
evidence of a system
network compromise.
News reporter: Systems engineers at the stock exchange quickly
determined that they
were undergoing a denial of service attack.
News reporter: The attack on the stock trading system raised
many questions about the
reliability of trading data.
News reporter: The attack ultimately resulted in the temporary
shutdown of the markets
at 11 a.m. Cybersecurity teams are currently analyzing the
cyberattack and the trading
data to get to the bottom of the crisis.
CSEC670
News reporter: Market watchers are worried that there will be a
massive selloff once
trading resumes.

Scene 2
Kevin's firm has prospered over the past 150 years and is a
leader in the financial
industry. The firm has been a trusted advisor to senior
government leaders. Kevin is
invited to serve on a blue-ribbon panel set up by the government
to investigate the
attack on the stock exchange and to study ways to meet
cybersecurity challenges.
The blue-ribbon panel's charter is to assess the fundamental
reasons for the stock
exchange being vulnerable to attack through the Internet. The
blue-ribbon panel will
study national cybersecurity strategy. In particular, the team
will identify gaps in the
strategy with respect to coordination between the public and
private sectors.
Prior to his first meeting with his fellow panelists, Kevin makes
some notes over coffee at
home.
Points of Consideration
Emerging technologies
Emerging strategies
How to integrate across the nation's footprint
How to trigger cross-sector growth and market forces to
improve cybersecurity
How to improve government's ability to seed the market

Scene 3
Kevin is on his way to the first blue-ribbon panel meeting. He is
thinking of the
cybersecurity challenges the panel will face.
Kevin (thinking): We need a new cybersecurity strategy at a
national level, one that
integrates government and private-sector defenses. We need to
think through all the
permutations of how the blue-ribbon panel must approach its
charge.
CSEC670
Topic 2: Module Introduction
The shock and destruction caused by the terrorist attacks on
September 11, 2001,
brought about a radical change in how the U.S. government
approached security. By the
end of George W. Bush's presidency, cybersecurity had risen in
priority and the
Comprehensive National Cybersecurity Initiative (CNCI) had
been developed. The CNCI
represented the president's national strategy and programs to be
implemented.
When President Obama took office in 2009, his administration

maintained a focus on
cybersecurity; however, the, nation's preparedness and
cyberdefenses are often
criticized and have been under repeated review. In 2010, the
Stuxnet worm was
released to wipe out Iran's nuclear program. In 2011, Stuxnet
was in the media, as were
many increasingly sophisticated and pernicious threats and
attacks in cyberspace.
These incidents have caused the U.S. government to pay even
more attention to
cybersecurity.
Greater funding is being granted to research and development
for improved strategies to
meet the challenges of cybersecurity. However, there is a
growing belief that the nation's
approach to cybersecurity must be changed and that the United
States is losing the
battle. This module explores some new approaches and
technologies aimed at tackling
cybersecurity problems head-on.
CSEC670
Prioritized Research and Development
The President's Council of Advisors on Science and Technology

reported on the
Networking and Information Technology Research and
Development (NITRD) program
in January 2011. The NITRD program is interested in "leap-
ahead" technologies. New
thinking has emerged that seeks to borrow successful strategies
from other fields to
enable a more nimble and proactive approach to security.
New concepts include cybereconomics, seeking to leverage
market forces, and deriving
self-healing methodologies from nature for application to
network security. Other
examples of new thinking include Tailored Trustworthy Spaces
and Moving Target
defenses. Emerging concepts seek to create dynamic structures,
architectures, and
defenses. Many defenses are static and cannot respond
strategically to a dynamic
threat. The NITRD program has identified several priority
areas, and federal research
and development funding should align with these priorities.
The Defense Advanced Research Projects Agency (DARPA), for
example, reported in
November 2011 that it would accelerate its cybersecurity
funding by more than 70
percent from $120 million in fiscal year 2011 to $208 million in
fiscal year 2012 (Hoover,
2011).
Reference: Hoover, J. N. (2011, November 7). DARPA boosts
cybersecurity research spending 50%.
Information Week. Retrieved from
http://www.informationweek.com/news/government/security/23

1902495
Big Data (BD)
Big Data is a term applied to data sets whose size is beyond the
ability of
commonly used software tools to capture, manage, and process
the data within a
tolerable elapsed time (NITRD, n.d.).
Reference: Networking and Information Technology Research
and Development program (NITRD). (n.d.).
Big Data (BD SSG). Retrieved from
http://www.nitrd.gov/subcommittee/bigdata.aspx
Human Computer Interaction and Information Management
(HCI&IM)
HCI&IM focuses on information interaction, integration, and
management research to
develop and measure the performance of new technologies (e.g.,
robotic,
multimodal), agents, cognitive systems, and information
systems that support the
hierarchy and refinement of data from discovery to decision and
action by both
humans and computers working together and separately.
Human Computer Interaction and Information Management
Coordinating Group (HCI&IM CG). Retrieved

from http://www.nitrd.gov/subcommittee/hciim.aspx
High Confidence Software and Systems (HCSS)
HCSS R&D supports development of scientific foundations and
innovative and
enabling software and hardware technologies for the
engineering, verification and
validation, assurance, and certification of complex, networked,
distributed computing
systems and cyberphysical (IT-enabled) systems (CPS).
CSEC670
High Confidence Software and Systems Coordinating Group
(HCSS CG). Retrieved from
http://www.nitrd.gov/subcommittee/hcss.aspx
High End Computing (HEC)
HEC I&A agencies coordinate Federal activities to provide
advanced computing
systems, applications software, data management, and HEC
R&D infrastructure to
meet agency mission needs and to keep the United States at the

forefront of 21st
century science, engineering, and technology.
Interagency Working Group on High End Computing (HEC
IWG). Retrieved from
http://www.nitrd.gov/subcommittee/hec.aspx
Software Design and Productivity (SDP)
The SDP R&D agenda spans both the science and the
technology of software
creation and sustainment (e.g., development methods and
environments, V&V
[verification and validation] technologies, component
technologies, languages, tools,
and system software) and software project management in
diverse domains. R&D
will advance software engineering concepts, methods,
techniques, and tools that
result in more usable, dependable, cost-effective, and
sustainable software-intensive
systems.
Software Design and Productivity Coordinating Group (SDP
CG). Retrieved from
http://www.nitrd.gov/subcommittee/sdp.aspx
Social, Economic, and Workforce Implications of IT and IT
Workforce

Development (SEW)
The activities funded under SEW focus on i) the co-evolution of
IT and
social/economic systems, ii) interactions between people and IT
devices and
capabilities, iii) the workforce development, training, and
education needs arising
from the growing demand for productive next-generation
workers skilled in IT,
including graduate fellowships, and iv) the role of innovative IT
applications in
education and training.
Social, Economic, and Workforce Implications of IT and IT
Workforce Development Coordinating Group
(SEW CG). Retrieved from
http://www.nitrd.gov/subcommittee/sew.aspx
CSEC670
DARPA and IARPA
The NITRD program supports national research and

development initiatives and helps
avoid redundant efforts among federal research laboratories.
Consistent with NITRD
priorities, a pair of organizations, DARPA and IARPA, are
heavily engaged in
cybersecurity research and development investments. The
budgets of both
organizations, which are partially classified, amount to billions
of dollars.
This table gives a brief description of DARPA and IARPA.
Organization DARPA
IARPA
Stands for: Defense Advanced Research
Projects Agency
Intelligence Advanced
Research Projects Activity
Formed in: 1958
Originally named Advanced
Research Projects Agency
(ARPA); renamed DARPA in
1972
2006
Operates under: Department of Defense (DoD) Office of the

Director of
National Intelligence (ODNI)
Projects undertaken: ARPA is renowned for
inventing the Internet. DARPA
funded the Global Positioning
System (GPS) and
unmanned systems.
IARPA pursues research
projects based on the
priorities of the ODNI. For
example, recent efforts
have focused on data
mining technologies.
CSEC670
Remote Agent Technologies
Compliance audits and patching have become reactive and too
slow for the ever-present

risks in cyberspace today. Therefore, there is wide
acknowledgement of the need for
active monitoring of networks.
Remote Monitoring Agents
Remote monitoring agents conduct centralized, remote tests of
the security of networks.
Remote agents do not require large amounts of manpower, so
tests can be performed
rapidly and efficiently without a backlog developing. Remote
agents can be loaded by a
client or a server. The agents operate from a centralized
location, thus saving travel time
and travel costs.
Step 1: Remote agents accept commands from a centralized
security process, using a
secure connection.
Step 2: These remote agents run certain tests and report results
back to the centralized
location.
Step 3: A remote agent is able to conduct tests on a network
without transgressing
nonsecure protocols in a firewall.
Forensic Examinations
Forensic examinations are also feasible with remote agents.
Notwithstanding
sophisticated security technologies, manpower-intensive human
intervention and
analysis are still required. Moreover, examination is often

conducted onsite, which can
entail expensive and time-consuming travel.
CSEC670
Real-Time Forensic Analysis
Real-time forensic analysis is a growing area in the
marketplace, and it is of interest to
technology developers. It is an approach related to situational
awareness and
continuous monitoring.
Forensic Analysis in Criminal Proceedings
Law enforcement professionals relate forensic analysis
exclusively to criminal
investigations. Forensic analysis is used as a means of
assurance for evidence
preservation.
Forensic Analysis in Cybersecurity
In the cybersecurity realm, forensic analysis is the reproduction
of an incident, akin to a
playback of a recording. Forensic investigation, in the case of a
cyberattack, can help
ascertain the cause and methodology of an intrusion. Replaying
an attack entails full
packet capture and sensing and retention of data for all critical

nodes.
Try This!
Match each type of technology to the organization that sponsors
or administers it.
Type of Technology Organization
1. A new tool for detecting botnets
a. Military laboratories; e.g., Army
Research Laboratory (ARL),
Naval Research Laboratory (NRL)
2. A proposed battle-ready vehicle with
advanced security and safety
features to protect against improvised
explosive devices
b. Department of Defense
Information Assurance Program
(DIAP)
3. An army-specific technology to
prevent against intrusions during
traditional military conflicts
c. National Science Foundation
(NSF) Scholarship for Service
(SFS) Program
4. A new type of cybermalware that can
be used as an offensive measure in a
cyberwar

d. Department of Homeland Security
(DHS) S&T Division
5. Educational benefits for future
government cybersecurity
professionals
e. Networking and Information
Technology Research and
Development (NITRD)
6. Educational benefits specifically for
current Department of Defense (DoD)
cybersecurity workers
f. Defense Advanced Research
Projects Agency (DARPA)
7. A new invention by a university
professor as a "game changer" in
mobile phone monitoring capabilities
g. Aquidneck Island Reuse Planning
Authority (AIRPA)
Correct Answer: 1-d, 2-f, 3-a, 4-g, 5-c, 6-b, 7-e
CSEC670

NSA Initiatives
The research and development budget of the National Security
Agency (NSA) is highly
classified. NSA's funding efforts align with NITRD priorities,
although the Intelligence
Community also has its own priorities. NSA, through its
collaboration with DHS and the
National Science Foundation (NSF), is heavily engaged in
workforce development as
well as R&D. Cybersecurity has become so important that
funding is now available for
much more than just technology. Funding is provided to develop
methodologies, and
even for training.
NSA also regularly utilizes Cooperative Research and
Development Agreements
(CRADAs) to implement development relationships.
Key Features of CRADAs
This non-Federal Acquisition Regulation (FAR) mechanism
enables the government
to work collaboratively with companies, universities, and
nonprofits to develop
capabilities.
CRADAs provide a mechanism for technology development
that is more flexible than
the FAR mechanism. Contracting mechanisms under the FAR
require specificity to
enable articulation of government requirements and statement of

work tasks.
CRADAs are therefore preferred when requirements are
unknown, and indeed would
be byproducts of the R&D process. CRADAs, rather than FAR
contracting, provide
this flexibility, which is helpful in dealing with emerging
technologies.
CRADAs provide a collaborative structure between NSA and
technology developers
to enable incorporation of the needs of the Intelligence
Community during the
development process.
CRADAs can be funded or unfunded.
For further examples of the use of CRADAs by NSA and other
federal R&D agencies,
visit the government solicitation information Web site
www.fedbizopps.gov, or search for
CRADA with a search engine.
CSEC670
DHS S&T

The Science and Technology (S&T) Directorate at DHS is the
department's counterpart
to DARPA, IARPA, and other R&D bodies in the federal
government. In 2010 and 2011,
S&T issued a comprehensive Broad Agency Announcement
(BAA) for a number of
cybersecurity categories such as cybereconomics, Moving
Target defenses, and other
emerging concepts. S&T utilizes a variety of contracting
mechanisms to fund novel and
cutting-edge approaches and technologies.
DHS also emphasizes partnering approaches, to the extent that
they are permitted
under the Federal Acquisition Regulation. DHS has the added
benefit, based on
language in the Homeland Security Act and Homeland Security
Presidential Directive 7
(HSPD-7), to collaborate with industry sectors to ascertain the
cybersecurity needs of
those sectors. For example, the medical sector might have
heightened privacy protection
needs.
Reference: U.S. Department of Homeland Security (DHS).
(2003, December 17). Homeland Security
Presidential Directive 7: Critical infrastructure identification,
prioritization, and protection. Retrieved from
http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm

CSEC670
Cybersecurity Integration: Lateral and Cross-Sector
Many organizations recommend sharing information laterally to
stay on the same page
with respect to cybersecurity developments. Sharing
information not only keeps
everyone abreast of what is happening; it also gives insight into
various intrusions and
security measures.
The 9/11 Commission on Information Sharing
The 9/11 Commission Report recommended sharing information
laterally in order to
"connect the dots" (9/11 Commission, 2004, p. 408). According
to the September 2010
interim version of the National Cyber Incident Response Plan
(NCIRP):
In the current risk environment, cyber incidents occur every
day, often cascading
across Federal, State, Local, Tribal, Territorial, and private
sector systems.
Cyberspace's cross-jurisdictional and interdependent nature
requires effective
partnerships across these traditional boundaries. The Federal
Government and the
Nation are highly dependent on IT and communications
infrastructure provided by

the private sector, and this dependency underscores the need for
flexibility and
partnership across a wide variety of communities (DHS, 2010,
p. 1).
Reference: National Commission on Terrorist Attacks upon the
United States (9/11 Commission). (2004,
July 22). The 9/11 Commission report. Retrieved from
http://govinfo.library.unt.edu/911/report/911Report.pdf
Reference: U.S. Department of Homeland Security (DHS).
(2010, September). National Cyber Incident
Response Plan (interim version, September 2010). Retrieved
from
http://www.federalnewsradio.com/pdfs/NCIRP_Interim_Version
_September_2010.pdf
The Federal Government on Information Sharing
The national focus on improving cybersecurity originated at the
federal level. National
strategy documents drive military strategy, which further drives
operational programs
across the military services, with similar processes taking place
within interagency
support mechanisms. Meanwhile, the growing sophistication and
gravity of the online
threat has resulted in grassroots efforts emerging in response to
local needs. As the
nature of the threat is asymmetric, traditional border defenses
(e.g. protections provided
at the federal level) do not offer adequate protection.
Information Sharing at the Local Level

In 2010, the Multi-State Information Sharing and Analysis
Center (MS-ISAC) was
designated by DHS as the ISAC for state, local, territorial, and
tribal (SLTT) components
of government. The MS-ISAC was put in place to engage in
information sharing and
other cybersecurity support under the National Infrastructure
Protection Plan (NIPP).
The MS-ISAC operates a 24/7 cybersecurity operations center
and shares information
with supported state governments. The integration of MS-ISAC
services throughout the
nation is a work in progress.
CSEC670
Summary
The "all hazards" strategy of critical infrastructure at DHS
mechanizes the establishment
of community emergency management offices. The community
emergency management
offices aim to integrate cybersecurity with state, regional, and
national capabilities.
However, many communities need assistance, as their resources
may be insufficient to
address sophisticated threats. Seeing a need and a market niche,
a variety of
enterprises have sprung up to offer services.

CSEC670
Academic Initiatives
I3P
The Institute for Information Infrastructure Protection (I3P) "is
a consortium of leading
universities, national laboratories, and nonprofit institutions
dedicated to strengthening
the cyber infrastructure of the United States" (I3P, 2008). The
I3P, based at Dartmouth
College, receives funding from a variety of federal R&D
agencies. The I3P brings
together experts from various fields related to cybersecurity and
infrastructure protection
to collaborate on trends, gaps, emerging technologies, and
R&D. This collaboration aims
to advance solutions, technology transfer, and an overall
improved security posture for
cyberspace.
The I3P shares its results and plans at focused symposia and
other working-group
events. It has facilitated technology transfer and pursued many
thought leadership,
training and awareness, and other cybersecurity and critical
infrastructure protection

events nationally since 2002.
Reference: Institute for Information Infrastructure Protection
(I3P). (2008). About the I3P. Retrieved from
http://www.thei3p.org/
Academic Institutions
The Berkman Center for Internet and Society at Harvard
University is dedicated to the
study of the Internet and its impact on society. At Stanford
University, the Center for
Internet and Society operates under the auspices of Stanford
Law School. These
programs generally study societal impacts stemming from
Internet growth. They delve
into privacy, commerce, socioeconomic changes, international
dimensions, and the
growing case law that is driving risk management
considerations and changing business
priorities.
Many academic institutions have developed Internet,
cybersecurity, privacy, and
homeland security programs. These institutions include the
University of Maryland; the
Center for Homeland Security at the University of Colorado at
Colorado Springs; and a
DHS-funded, emergency operations-focused Homeland Training
Institute at the College
of Dupage in Glen Ellyn, Illinois. Although these programs are
few in number, they are a
sign that academia is responding to the need to educate and
train society in an
emerging discipline that has been called homeland security,
critical infrastructure

protection, and a variety of other names. The central feature of
each program is a focus
on integrating resources to respond to a new threat that
permeates society.
CSEC670
WC4, CIAT, and Western Cyber Exchange
WC4
In 2011, the Washtenaw County Cyber Citizenship Coalition
(WC4), a Michigan
organization, hosted the national kickoff event for National
Cyber Security Awareness
Month. WC4's mission is to "raise awareness and provide
county residents with the tools
and resources to be good cyber citizens" (WC4, n.d.). WC4
operates out of the
Washtenaw County Sheriff's Office.
Reference: Washtenaw County Cyber Citizenship Coalition
(WC4). (n.d.). Who we are. Retrieved from
http://washtenawcybercoalition.org/who-we-are/
Other state and local cybersecurity programs include:

CIAT)
(Colorado Springs, Colorado)
These initiatives have taken different forms, from for-profit to
government-administered
to nonprofit. All of these initiatives focus on cybersecurity
awareness and training for
individuals and organizations. CyberCityUSA has a major
workforce development
component. All of these programs are responses to the need to
improve cybersecurity
awareness and capabilities at local levels.
Report
In October 2011, the House Republican Cybersecurity Task
Force issued its report and
recommendations concerning the approach Congress should
pursue to improve
cybersecurity. The task force stated:
There is widespread agreement that greater sharing of
information is needed within
industries, among industries, and between government and
industry in order to
improve cybersecurity and to prevent and respond to rapidly
changing threats.
There are several organizations designed to help facilitate
information sharing now,
and there is some sharing going on with varying degrees of
success. But not nearly
enough.

We largely agree with those who believe that a new entity
separate from the federal
government but perhaps partially funded by the federal
government is needed to
sponsor this sharing to allow for active defense (House
Republican Cybersecurity
Task Force, 2011, p. 10).
Reference: House Republican Cybersecurity Task Force. (2011,
October 5). Recommendations of the
House Republican Cybersecurity Task Force. Retrieved from
http://thornberry.house.gov/UploadedFiles/CSTF_Final_Recom
mendations.pdf
CSEC670
CIAT and Western Cyber Exchange
CIAT and WCX
The Center for Information Age Transformation (CIAT) and the
Western Cyber
Exchange (WCX), based in Colorado Springs, Colorado, have a
strategy that adds
operational information sharing to other programmatic
components. The WCX is a

regional initiative that includes computing resources and Smart
Grid cybersecurity
resources from New Mexico. The intent of the WCX is to create
a series of linked nodes,
leading to a regional model of Information Sharing and Analysis
Centers (ISACs) that will
connect local grassroots initiatives with national programs.
Information Sharing Groups
DHS, the MS-ISAC, the CIAT, and groups like the National
Cyber Security Alliance and
the Anti-Phishing Working Group have pursued efforts to bring
separate cybersecurity
groups together. The MS-ISAC has created a partner
engagement position that has a
local community outreach component. At DHS, the National
Cyber Security Division
(NCSD) has a director of state, local, and tribal engagement.
Bills in Congress seek to
establish regional linkages through which national programs and
grassroots initiatives
can integrate solutions and improve broad-based situational
awareness.
CSEC670

With the growing need for cybersecurity experts, NSA, NSF,
and DHS have collaborated
to offer a federally funded scholarship program, whereby
students receive stipends to
attend universities to study approved cybersecurity curricula.
NSF administers the
program, and it is part of the programs implemented under the
CNCI (i.e. workforce
development and education initiatives). The Scholarship for
Service (SFS) program has
both undergraduate and graduate financial assistance
components. Upon graduation,
scholarship recipients have a work service obligation in federal
cybersecurity positions.
CSEC670
Blue-Ribbon Panel Debate
The panelists are exploring a 2011 report by the House
Republican Cybersecurity Task
Force and subsequent commentary and analyses. A debate
ensues over the centralized
national approach to cybersecurity. The panelists discuss
whether a decentralized

community strategy is preferable. Kevin proposes that greater
sharing of information is
required, while some members of the panel oppose his view.
Recommendation by the House Republican Cybersecurity Task
Force
In October 2011, the House Republican Cybersecurity Task
Force issued its report and
recommendations concerning the approach Congress should
pursue to improve
cybersecurity. The task force stated:
There is widespread agreement that greater sharing of
information is needed
within industries, among industries, and between government
and industry in
order to improve cybersecurity and to prevent and respond to
rapidly changing
threats.
There are several organizations designed to help facilitate
information sharing
now, and there is some sharing going on with varying degrees of
success. But
not nearly enough.
We largely agree with those who believe that a new entity –
separate from the
federal government but perhaps partially funded by the federal
government – is
needed to sponsor this sharing to allow for active defense.
(House Republican
Cybersecurity Task Force, 2011, p. 10)

Reference: House Republican Cybersecurity Task Force. (2011,
October 5). Recommendations of the
House Republican Cybersecurity Task Force. Retrieved from
http://thornberry.house.gov/UploadedFiles/CSTF_Final_Recom
mendations.pdf
Statement
"There is widespread agreement that greater sharing of
information is needed within
industries, among industries, and between government and
private sectors to improve
cybersecurity and to prevent and respond to rapidly changing
threats."
Look at Kevin's arguments on the next page if you agree with
this statement; if
not, look at the argument from another panelist, starting on page
24.
CSEC670
Read the panelist's argument, select the counterargument with
which you most
closely identify, and then repeat the process. At the end, review
the summary of
key points for and against.

Kevin's
Counterargument
(C1):
I disagree with you.
The Internet should be
managed by a
combination of
government and
nongovernment
organizations. This
model has been very
successful with regard
to information sharing,
and would work well
regarding security.
Kevin's
Counterargument
(C2):
I do not agree. The
government and
private sectors need to
work together. This is
the only logical
approach, since they
are both users of the
Internet, and a good
deal of critical
infrastructure is in the
private sector. These
organizations need to
have a voice in the
ways in which the
Internet is going to
become more secure.

Kevin's
Counterargument
(C3):
The Internet is doing
just what its founders
wanted it to do.
Perhaps a better
suggestion is having
the government
become more involved
in the Internet 2.0
project, which is an
effort to make the
current Internet more
robust, secure, and
safe for business
transactions and other
purposes.
Panelist's Argument (A1):
We should press the government to take more control of and
responsibility for the Internet, allowing businesses and
government
organizations to minimize threats to individual users. This
would be a
step toward making the Internet more secure, safe, and
trustworthy.
Panelist's
Counterargument (A4)
Panelist's

Panelist's
CSEC670
Kevin's
Counterargument
(C1):
Your argument is not
realistic. We all know
that there are
significant problems
regarding the security
and safety of the
Internet. By not taking
any significant action
now, we would run the
risk of this wonderful
technology not being
used by individuals and
businesses. Why, you
might ask? For the
simple reason is that
the Internet is too risky
to use. Individuals and
businesses run the risk
of having their security,
safety, and
confidentiality

breached by various
attacks.
Kevin's
Counterargument
(C2):
Let's be practical here
for a moment. Neither
the government nor the
private sector is
capable of making
these improvements by
itself. The greatness of
the Internet is that it
highlights what good
can come about when
the government and
private industry work
together.
Kevin's
Counterargument
(C3):
In general, the U.S.
government prefers to
have industries
regulate themselves,
thus allowing the
government to take a
limited role in oversight
or even a completely
laissez-faire approach.
Some examples of
industries that have
this type of self-
regulation are the

medical, legal, and
accounting
professions. Each of
these professions has
a code of ethics and a
documented set of
disciplinary
procedures.
Government control is a good thing when it comes to securing
the
Internet. After all, the U.S. government provided the funds to
build it.
Today, the government needs to have the authority to continue
to
improve the Internet, bringing about more security and
increased
safety for all users.
Go to Conclusion (A7)
CSEC670

Kevin's
Counterargument
(C1):
What really matters is
that both groups of
users collaborate on
ways to explore how
an evolving technology
like the Internet can
have security built into
it. Security also needs
to be added in the
places where we all
agree there is an
increased need for
security.
Kevin's
Counterargument
(C2):
Let's leave the Internet
to the IT professionals
who have the technical
knowledge to make it
safer and more secure.
Putting the brainpower
of the government's
engineers and
scientists together with
those from the private
sector will get us the
best of both worlds.
Kevin's
Counterargument
(C3):

I think you need to be
patient with things
related to IT, as the
Internet did not
develop overnight.
With a little bit of
patience, we can have
both government and
nongovernment groups
working together. As
the old adage goes,
two heads are better
than one, and this
surely applies to
Internet security.
The Internet has changed so much since it was invented. Today,
it is
essential to have the government take more control of the
Internet,
since citizens look to the government for safety and security.
This
step is just a logical extension of the responsibility held by the
government.

CSEC670

Kevin's
Counterargument
(C1):
The United States is a
capitalist country
where many public-
private partnerships
have been powerful
and successful
mechanisms for
dealing with problems.
We are in favor of a
similar solution in
which both sectors will
work together to solve
the many complex
security problems that
currently exist with the
Internet. Hopefully, in
the future, this
approach will be able
to fix Internet security
problems before they
become serious

issues.
Kevin's
Counterargument
(C2):
The government is
already doing a good
job of sharing
information about
cyberthreats and
vulnerabilities in
software and hardware
through the United
States Computer
Emergency Readiness
Team (US-CERT). Isn't
this enough? We can't
expect the federal
government, or an
entity sponsored by the
government, to
become more active in
cyberdefense.
Software vendors
publish a variety of
security bulletins and
advisories. We can't
expect the government
to do what companies
should be doing
themselves.
Kevin's
Counterargument
(C3):
For two decades, we

have had the CERT
Coordination Center
(CERT/CC) available
to help organizations
deal with virus
infections, hacker
intrusions, and Web
site defacements. Over
the past 10 years, the
government has
invested heavily in
programs to train FBI
personnel, the
InfraGard program,
local law enforcement,
and various federal
agencies in dealing
with cybercrime.
We are in agreement that the federal government should take the
lead in regulating and securing the Internet. However, if this is
not
possible, then the government needs to fund a quasifederal
entity
that will control Internet security.

CSEC670
Conclusions
Panelist's Conclusion (A5)
I understand the value of public-private partnerships. It makes a
lot of sense to use this
kind of partnership in the field of cybersecurity. There is a lot
that private industry can
learn from government, and vice versa.
The government has a lot of expertise in various fields to help
secure the Internet. The
private sector, which is filled with computer scientists,
electrical engineers, and
cybersecurity professionals, also has a lot of expertise.
I am a strong supporter of Internet security and feel that it
would be best if the
government took control over this domain. Having the
government in control would boost
private citizens' confidence in an important area of today's
economy.
Summary
Key Points For
1. More information sharing is needed within and among
industries, as well as between

government and industry, so cybersecurity can be improved and
rapidly changing
threats can be addressed.
2. While several organizations exist that are intended to
facilitate information sharing,
and some sharing is going on with different levels of success,
this is not nearly
enough, given the recent incidence of attacks and the possibility
of large-scale
cyberwarfare.
3. There is widespread support for placing the federal
government in charge of
cybersecurity. As a noncommercial entity, its goals are based
not on profit motives,
but rather on serving the community. Having the government in
control would add to
consumer confidence and help ensure improved safety practices.
Key Points Against
1. The government does not need to be involved any more than
it already is. The
United States is a capitalist society in which organizations
succeed or fail based on
the business decisions they make.
2. Many organizations are involved in regulating the Internet.
These include the Internet
Engineering Task Force (IETF), the Internet Corporation for
Assigned Names and
Numbers (ICANN), the World Wide Web Consortium (W3C),
and the Internet

Governance Forum (under the United Nations).
3. For two decades, the United States has been a leader in
sharing information about
threats and vulnerabilities related to software and hardware that
governments and
private-sector companies use. In addition, US-CERT, CERT/CC,
the FBI's InfraGard
program, and various federal, state, and local law enforcement
agencies have
adequate resources to help organizations defend themselves in
the event of an
attack.
CSEC670
Read Kevin's argument, select the counterargument with which
you most closely
identify, and then repeat the process. At the end, review the
summary of key
points for and against.
Panelist's
Counterargument
(C1):
I disagree with you.
The original Internet

was funded,
engineered, designed,
and built by the
government. It makes
sense that the
government should
design and implement
controls. Society needs
the government to be
in charge.
Panelist's
Counterargument
(C2):
Government
involvement in the
Internet would create
powerful and useful
regulations, laws, and
compliance audits.
This would end up
costing companies a
small amount of extra
money, which should
be offset by increased
revenue as customers
realize that they are
receiving a more
secure level of service.
Panelist's
Counterargument
(C3):
Perhaps a better

suggestion is having
the government more
involved today. For
instance, it could make
the current Internet
more robust, secure,
and safe for business
transactions and other
purposes. It should
have a major role in
the Internet 2.0 project.
Kevin's Argument (A1):
We should have the private and public sectors work together,
not
against each other. Collaboration will provide better overall
control of
the Internet, and society as a whole will receive the largest
overall
benefit.
Kevin's
Kevin's
Kevin's

CSEC670
Panelist's
Counterargument
(C2):
The government is
filled with a range of
experts, from policy
personnel to scientists
who are at the top of
their fields in
networking, electrical
engineering, computer
science, and Internet
security. It would be
wasteful not to put all
of this brainpower
together to help solve
the ongoing issues
related to Internet
security.
Panelist's
Counterargument
(C3):
In general, the U.S.
government prefers to
have industries regulate
themselves, thus
allowing the government
to take a limited role in

oversight or even a
completely laissez-faire
approach. Some
examples of industries
that have this type of
self-regulation are the
medical, legal, and
accounting professions.
Each of these
professions has a code
of ethics and a
documented set of
disciplinary procedures.
Involving the government in securing the Internet is not the
right
approach. The Internet is functioning as it was designed to do.
There is a huge, worldwide network that provides many useful
services for individuals and companies. It would be
inappropriate for
the U.S. government to now institute more regulations related to
this
technology for two major reasons. First, today's Internet is an
internationally used technology, and second, the Internet is
already
regulated by different international bodies.

Panelist's
Counterargument (C1):
Your argument is not
realistic. We know that
there are significant
problems regarding the
security of the Internet.
By not taking any
significant action now,
we run the risk of this
wonderful technology
not being used by
individuals and
businesses. Why, you
might ask? For the
simple reason that the
Internet is too risky to
use. Individuals and
businesses run the risk
of having their security
and confidentiality
breached by various
attacks.
CSEC670
Panelist's
Counterargument

(C2):
Let's leave the Internet
to the IT professionals,
the same people who
originally architected it
and who have the
technical knowledge to
make it more secure.
These engineers have
the necessary
experience and know
what they are doing.
Panelist's
Counterargument
(C3):
You should be able to
use the Internet
securely with the
government's help. The
federal government
has the same security
needs or perhaps, as
some cybersecurity
professionals might
argue, even greater
security needs than
most organizations and
individuals.
The Internet has changed so much since it was invented. Today,
it is
essential to have more information sharing about threats and
vulnerabilities than ever before, because individuals and
businesses

rely on the Internet more than ever.
Panelist's
Counterargument
(C1):
We all know that
technology evolves at
a rapid pace. The
government is one very
large entity that can
help develop more
policy and technical
countermeasures that
can be promulgated to
organizations in the
private and public
sectors.
CSEC670
Panelist's
Counterargument

(C2):
The government is
already doing a good
job of sharing
information about
cyberthreats and
vulnerabilities in
software and hardware
through the United
States Computer
Emergency Readiness
Team (US-CERT). Isn't
this enough? We can't
expect the federal
government or an
entity sponsored by the
government to become
more active in
cyberdefense.
Software vendors
publish a variety of
security bulletins and
advisories. We can't
expect the government
to do what companies
should be doing
themselves.
Panelist's
Counterargument
(C3):
For two decades, we
have had the CERT
Coordination Center
(CERT/CC) available
to help organizations

deal with virus
infections, hacker
intrusions, and Web
site defacements. Over
the past 10 years, the
government has
invested heavily in
programs to train FBI
personnel, the
InfraGard program,
local law enforcement,
and various federal
agencies in dealing
with cybercrime.
We agree broadly with those who support the creation of a new
entity that will sponsor this sharing to allow for active defense.
This
entity would be separate from the federal government, but it
might be
partially funded by the government.
Panelist's
Counterargument
(C1):
The United States is a

capitalist country
where we allow
companies to grow and
flourish. In today's
global economy, we
can't have these
companies trying to
fight cyberattacks
themselves. What we
really need is to have
the government
develop and implement
the proper laws and
regulations to secure
the Internet. At the
present time, some
industry observers
believe that this is a
fundamental
responsibility of the
federal government.
CSEC670
Conclusions
Kevin's Conclusion (A5)
I believe that Internet security is best left to the U.S.
government. It designed the Internet
in the first place. It now has to build confidence among private
citizens and businesses

that it can make the Internet more secure.
I believe that the government has the largest group of computer
scientists, electrical
engineers, and cybersecurity professionals who can help make
the Internet more
secure.
I strongly believe that the U.S. government possesses the best
institutions and methods
for sharing information about Internet security. Dedicating more
resources to this area
would boost its own security, which is desirable because the
government is highly
vulnerable to cyberattacks and even cyberwarfare.
Summary
Key Points For
1. More information sharing is needed within and among
industries, as well as between
government and industry, so cybersecurity can be improved and
rapidly changing
threats can be addressed.
2. While several organizations exist that are intended to
facilitate information sharing,
and some sharing is going on with different levels of success,
this is not nearly
enough, given the recent incidence of attacks and the possibility
of large-scale
cyberwarfare.

3. There is widespread support for placing the federal
government in charge of
cybersecurity. As a noncommercial entity, its goals are based
not on profit motives,
but rather on serving the community. Having the government in
control would add to
consumer confidence and help ensure improved safety practices.
Key Points Against
1. The government does not need to be involved any more than
it already is. The
United States is a capitalist society in which organizations
succeed or fail based on
the business decisions they make.
2. Many organizations are involved in regulating the Internet.
These include the Internet
Engineering Task Force (IETF), the Internet Corporation for
Assigned Names and
Numbers (ICANN), the World Wide Web Consortium (W3C),
and the Internet
Governance Forum (under the United Nations).
3. For two decades, the United States has been a leader in
sharing information about
threats and vulnerabilities related to software and hardware that
governments and
private-sector companies use. In addition, US-CERT, CERT/CC,
the FBI's InfraGard
program, and various federal, state, and local law enforcement
agencies have
adequate resources to help organizations defend themselves in
the event of an
attack.

CSEC670
Department of Homeland Security Programs
DHS's National Cyber Security Division (NCSD) works
collaboratively with international
organizations to improve cybersecurity.
From the policy and governance perspective, NCSD collaborates
with international
partners through bilateral mechanisms to improve information
sharing and the
development of standards.
NCSD also operates a Cyber Exercise Program (CEP) that
involves international
participation.
The DHS Privacy Office works with other countries concerning
data privacy interests and
blending privacy interests on a global scale.
US-CERT, a component of NCSD, often collaborates with
foreign cybersecurity centers
to exchange information on malware and trends. US-CERT also

provides support to
countries just starting their own cybersecurity organizations.
In May 2011, the White House released the International
Cybersecurity Strategy. It has a
number of components and assigns certain responsibilities
among federal departments.
DHS's efforts will adhere to the strategic plan. For more
information, visit the Web site
http://www.whitehouse.gov/sites/default/files/rss_viewer/intern
ational_strategy_for_cyber
space.pdf.
CSEC670
Department of Defense Programs
In 1957, the US DoD, the UK, and Canada agreed to a
Declaration of Common Purpose
which had as a goal to improve defense research and
development collaboration
between the two countries. As additional countries joined the
effort (Australia first,
followed by New Zealand) the group was renamed as The
Technical Cooperation
Program, in 1965. The Department of Defense (DoD) relies on
TTCP in its cyberrelated

coordination and cooperation initiatives. Although the Five
Eyes alliance involves the
same countries, this alliance focuses more on intelligence
sharing instead of defense
R&D (TTCP, 1983).
In connection with its defense-related security agreements,
including the North Atlantic
Treaty Organization (NATO) and bilateral relationships across
the globe, DoD has
engaged in a vast number of collaboration, assistance,
coordination, and exercise
activities. NATO, for example, was forced to address incidents
in Estonia and Georgia.
DoD efforts played a part in these technical and policy
discussions.
The "Department of Defense Strategy for Operating in
Cyberspace" released in July
2011 states that one of its initiatives is to "build robust
relationships with U.S. allies and
international partners to strengthen collective cybersecurity"
(U.S. Department of
Defense, 2011a, p. 9). The emerging strategy intends to treat
cyberattacks on a similar
footing with any other threat or attack, and the United States
would afford assistance to
allies on par with conventional options. It has also been made
clear in statements by the
deputy secretary of defense that the Law of Armed Conflict
operates in cyberspace, and
that constraints on the use of force would utilize the same
analysis (U.S. Department of
Defense, 2011b).

References:
The Technical Cooperation Program (TTCP). (1983, October).
Some Historical Comments and Background
on TTCP. Retrieved from
http://www.acq.osd.mil/ttcp/overview/history25.html
U.S. Department of Defense. (2011, July). Department of
Defense strategy for operating in cyberspace.
Retrieved from
http://www.defense.gov/news/d20110714cyber.pdf
U.S. Department of Defense. (2011, July 14). Remarks on the
Department of Defense cyber strategy: As
delivered by Deputy Secretary of Defense William J. Lynn, III,
National Defense University, Washington,
D.C., Thursday, July 14, 2011. Retrieved from
http://www.defense.gov/speeches/speech.aspx?speechid=1593
CSEC670
IETF, ICANN, and W3C
IETF
The Internet Engineering Task Force (IETF) is an open-source,
collaborative

environment in which Internet experts work to develop
standards and protocols to
improve the functionality and interoperability of information
systems and the Internet.
The IETF is not solely focused on security; however, the
organization does develop
Internet security standards, processes, and protocols.
ICANN
The Internet Corporation for Assigned Names and Numbers, or
ICANN, operates with a
team of security practitioners who "ensure effective engagement
in topics relating to
security, including cyber security and other forums related to
security, stability and
resiliency" (ICANN, n.d.).
ICANN is a promoter of DNS security (DNSSEC), and it assists
domain name registries
across the globe on security matters. Like IETF, ICANN is not
principally focused on
security; however, given the changes in the Internet and the
increased need for security,
ICANN has gotten involved with the issue. ICANN's particular
focus regarding security is
not with security tools, technologies, or operational mechanisms
related to cybersecurity;
rather, ICANN sits at a strategic level and is primarily
interested in the resiliency aspect
of security.
Reference: Internet Corporation for Assigned Names and
Numbers (ICANN). (n.d.). Retrieved from
https://www.icann.org/en/security/

W3C
The World Wide Web Consortium, or W3C, is an international
organization that develops
standards related to the Internet. W3C has developed standards
for XML technology,
Internet architecture, and application standards. Though W3C is
not principally a
cybersecurity body, it has created a number of cybersecurity
groups. W3C's security
activity is currently composed of two working groups and one
interest group.
XML Security Working Group
The XML Security Working Group "focuses on maintaining and
revising the XML
Security Specifications" (W3C, 2011).
Reference: World Wide Web Consortium (W3C). (2011).
Security activity statement. Retrieved from
http://www.w3.org/Security/Activity
Web Application Security Working Group
"The Web Application Security Working Group has the mission
to develop security and
policy mechanisms to improve the security of Web
Applications, and enable secure
cross-site communication" (W3C, 2011).

CSEC670
Web Security Interest Group
"The Web Security Interest Group serves as a forum for
discussion about improving
standards and implementations to advance the security of the
Web" (W3C, 2011).
CSEC670
Activity
Correctly match the organization with its initiative.
Organization

Initiative
1. Military laboratories such as
ARL, NRL
a. Short-term funding for new
cybertechnologies
2. NITRD b. Long-term funding for complex,
futuristic cyber and noncyberdefense
technologies
3. IARPA c. Funding for research projects
specifically to benefit U.S.
Intelligence Community organizations
4. DHS S&T Directorate d. Funding to support students
studying
in recognized cybersecurity degree
programs
5. DARPA e. Funding to support education of DoD
personnel in approved universities
with cybersecurity degree programs
6. Institute for Information
Infrastructure Protection
(I3P)
f. Funding for advanced research
projects that will "leap ahead" of what

is available to government
organizations today
Correct Answer: 1-d, 2-b, 3-c, 4-e, 5-a, 6-f
CSEC670
Activity: Kevin's Task
Now, answer some questions to help Kevin make
recommendations to the blue-ribbon
panel.
Question 1: In light of the attack on the stock exchange, which
of the following should
be Kevin's recommendation?
a. The United States should attack the perpetrators.
b. The United States should use law enforcement mechanisms to
arrest the attackers.
c. The United States should establish a new strategy of public-
private partnerships.
d. Kevin should request a meeting with the cyberczar to discuss
existing U.S. policies.
Correct Answer: Option c

Feedback:
The government needs a new strategy for public-private
partnerships, one that is framed
from a policy perspective.
Given the fact that 85-90% of the U.S. critical infrastructure is
in the private sector, it is
important to establish public-private partnerships. These
partnerships will facilitate
information sharing and, in the end, a stronger platform for
securing United States'
critical infrastructure. This is a very important policy initiative
that has been implemented
successfully in the U.S.
Question 2: Which of the following ideas would involve the
most collaboration with the
private sector?
a. Urging the government to develop new technologies
b. Identifying emerging technologies
c. Deciding which government agency should take the lead in
developing a new
strategy
d. Establishing long-term cross-sector initiatives
Correct Answer: Option d
Feedback:
Collaborating with the Federal government and other private
sector companies cannot
happen overnight. It takes time to build trust among and across
the organizations.
Additionally, this is a time consuming effort because it requires
getting ‘buy in’ from

these key stakeholders; such that they will understand the
program and realize the value
that they will obtain from such involvement.
Question 3: Based on the attack on the stock exchange, which of
the following would be
an example of positive market forces to increase cybersecurity?
a. Increasing taxes on corporations
b. Forcing all cybersecurity companies to set up base in
Washington, D.C.
c. Providing tax incentives to cybersecurity companies
d. Restricting government cybersecurity programs to companies
with an annual profit of
more than $2 million
CSEC670
Feedback:
Providing tax incentives to cybersecurity companies is a
positive market force.
Many cybersecurity experts believe that although cross-sector
information sharing
initiatives might be very time consuming they are also some of
the most valuable
initiatives that can be undertaken. They are very time
consuming because 1) it takes a
lot of time to get ‘buy in’ from companies in the private sector

to trust the government’s
intentions, 2) these companies need to become comfortable with
interacting with
competitor organizations in the same sector and, 3) private
sector companies must be
comfortable that this is a ‘win-win’ environment to improve
their organization’s
cybersecurity.
Question 4: Which of the following ideas about involving the
private sector in
cybersecurity efforts are initiatives that already exist?
a. Information Sharing and Analysis Centers
b. The FBI's InfraGard program
c. The Government Accountability Office
d. DHS's Cyber Security Awareness Month
Correct Answer: Options a, b, and d
Feedback:
Initiatives such as Information Sharing and Analysis Centers,
the FBI's InfraGard
program, and DHS's Cyber Security Awareness Month already
exist. GAO is not
involved in this operational aspect of cybersecurity.
Question 5: Which of these organizations would be able to help
the stock exchange
recover from the attack?
a. The New York Chamber of Commerce
b. The Better Business Bureau
c. The Financial Services ISAC
d. Information Systems Security Association

Feedback:
The Financial Services Information Sharing and Analysis Center
would be the ideal
organization to help the stock exchange recover from the attack.
They have the technical
expertise to triage the situation and access industry specialists.
In addition, they can communicate this type of incident to other
organizations in the
financial services sector. Communicating such incidents helps
them assess if any other
companies have experienced a similar security incident and if
they have cybersecurity
experts who would be able to assist in helping the stock
exchange recover from this
incident.
CSEC670
Question 6: Kevin has a seemingly difficult assignment at hand.
Which actions can he
take to make his job on the blue-ribbon panel easier and more
productive?
a. Ensure that the other members of the panel are recognized
subject matter experts.
b. Attempt to do all of the work himself given his expertise and
time available at hand.
c. Develop key subcommittees to address the issue in sufficient
detail.

d. Schedule semi-annual meetings of the blue-ribbon panel.
Correct Answer: Options a and c
Feedback:
Kevin's work on the blue-ribbon panel will be easier and more
productive if the other
members of the panel are recognized subject matter experts.
Additionally, establishing
subcommittees is a good way to organize the task.
Subcommittees are an excellent method to effectively address a
specific group of
issues. This approach allows a group of specialists to focus on
the unique issues that
their knowledge and interests can be focused upon. A good
example of this is the U.S.
Senate, which that has a committee on Foreign Relations. It also
has seven
subcommittees that are uniquely focused on areas such as
African Affairs, European
Affairs and Economic Affairs, and International Environmental
Protection.
Question 7: Why would the government want to "seed the
cybersecurity market?"
a. To create good public relations
b. To help the private sector realize that it is a key stakeholder
c. To assist the private sector in understanding the government's
responsibilities
d. To help develop additional private companies whose business
is focused on
cybersecurity
e. To develop an antagonist relationship with private sector
companies who fear more

government regulation and compliance regarding cybersecurity
Correct Answer: Options a, b, c, and d
Feedback:
All of these choices will help seed and educate the private
sector regarding
cybersecurity its risks, its challenges, and the need to work with
the government.
Over the past two decades, the U.S. government has learned that
effective cooperation
with the private sector is an essential element to effective
cybersecurity. In the U.S. it is
common across many disciplines to have the government allow
industries to self-
regulate themselves (i.e. medicine and law) and only take a
more invasive approach
when absolutely needed.
Question 8: Which of the following government organizations
would fund the "leap
ahead" technologies?
a. The Office of Management and Budget (OMB)
b. The National Security Agency (NSA)
c. The Department of Defense (DoD)
d. The Networking and Information Technology Research and
Development (NITRD)
program
Correct Answer: Option d

CSEC670
Feedback:
NITRD is the federal government's advisor and funding source
for new cutting-edge
technologies.
CSEC670
Topic 8: Summary
We have come to the end of Module 3. The key concepts
covered in this module are
listed below.
With the increased incidence of cyberattacks, the U.S.
government is pumping
more money into research and development, and improved
strategies are
emerging to address the issue of cybersecurity.

The NITRD program launched by the federal government is
interested in "leap
ahead" technologies, which borrow from successful strategies in
other fields to
enable a more proactive approach to security.
Active monitoring of networks is a critical present need, given
the persistent
asymmetric attacks plaguing the Internet. Remote monitoring of
networks, real-
time forensic analysis, and forensic examinations are methods
of actively
monitoring networks.
Organizations such as DARPA, IARPA, and NSA, along with
DHS S&T, are
heavily engaged in cybersecurity R&D.
Many organizations recommend sharing information laterally to
stay on the same
page with respect to cybersecurity developments. The Multi-
State Information
Sharing and Analysis Center (MS-ISAC) has been tasked with
sharing
information among supported state governments.
A number of academic institutions offer educational programs
on cybersecurity to
facilitate greater awareness and to bring many minds together to
collaborate on

trends, gaps, emerging technologies, and R&D. Furthermore,
many state and
local initiatives aid in this educational mission.
NSA, NSF, and DHS have collaborated to offer a federally
funded scholarship
program, whereby students receive stipends to attend
universities to study
approved cybersecurity curricula.
DHS's National Cyber Security Division (NCSD) collaborates
with international
partners through bilateral mechanisms to improve information
sharing and
development of standards.
Organizations such as IETF, ICANN, and W3C make the
Internet more secure by
working on Internet protocols, domain names, and information
security, and by
developing standards for the Internet.
CSEC670
Glossary

Term Definition
CERT Coordination
Center (CERT/CC)
The purpose of the CERT Coordination Center (CERT/CC),
both within and without the United States, is to study Internet
security vulnerabilities, research long-term changes in
networked systems, and develop information and training to
help improve security (2011).
Reference: Carnegie Mellon. (2011). CERT® Coordination
Center
(CERT/CC). Retrieved from http://www.cert.org/certcc.html
Comprehensive
National Cybersecurity
Initiative (CNCI)
The Comprehensive National Cybersecurity Initiative (CNCI)
was established during the presidency of George W. Bush. It
outlines the president's national strategy and goals for
cybersecurity.
Cooperative Research
and Development
Agreement (CRADA)
A Cooperative Research and Development Agreement
(CRADA) is a mechanism that enables the government to work
collaboratively with companies, universities, and nonprofits to
develop capabilities.
Defense Advanced
Research Projects

Agency (DARPA)
The Defense Advanced Research Projects Agency (DARPA)
was formed to maintain the technological superiority of the U.S.
military.
InfraGard InfraGard is a private non-profit organization
comprising the
FBI, law enforcement agencies, academic institutions, and
businesses. The organization’s purpose is to share information
and intelligence to combat crime.
Institute for Information
Infrastructure
Protection (I3P)
The Institute for Information Infrastructure Protection (I3P) "is
a
consortium of leading universities, national laboratories, and
nonprofit institutions dedicated to strengthening the
cyberinfrastructure of the United States" (I3P, 2008).
Reference: Institute for Information Infrastructure Protection
(I3P). (2008).
About the I3P. Retrieved from http://www.thei3p.org/about/
Intelligence Advanced
Research Projects
Activity (IARPA)
The Intelligence Advanced Research Projects Activity (IARPA)
pursues research on behalf of the Director of National
Intelligence (DNI).
Internet Engineering

Task Force (IETF)
The Internet Engineering Task Force (IETF) develops Internet
standards and technical documents to make the Internet more
secure.
Internet Corporation
for Assigned Names
and Numbers (ICANN)
ICANN is a nonprofit organization whose responsibilities
include allocating IP address space, assigning protocol
parameters, and managing Domain Name System (DNS) and
root server system functions.
National Security
Agency (NSA)
The National Security Agency (NSA) is a U.S. intelligence
agency that provides services to the Department of Defense,
other government agencies, and industry partners.
CSEC670
Term Definition
Remote Monitoring
Agents
Remote monitoring agents conduct centralized, remote tests of
the security of networks. Remote agents do not require large

amounts of manpower, so tests can be performed rapidly and
efficiently without a backlog developing. Remote agents can be
loaded by a client or a server.
Real-Time Forensic
Analysis
Forensic analysis in real time is an investigative approach used
in cybersecurity that is related to situational awareness and
continuous monitoring.
(SFS)
SFS scholarships fully fund students' educations at National
Centers of Academic Excellence in Information Assurance
Education (CAE/IAE) institutions with qualifying programs.
SFS
scholarship students, in return, serve in a cybersecurity role in
the federal government for a length of time equal to the duration
of their scholarships or for one year, whichever is longer.
United States
Computer Emergency
Readiness Team (US-
CERT)
United States Computer Emergency Readiness Team (US-
CERT) is a part of the DHS and coordinates and manages the
nation's cybersecurity requirements and associated risks.
Course Objective:
Assess cybersecurity technologies and policies that can

effectively counter cyber attacks at the enterprise, national, and
international levels. Where appropriate highlight cybersecurity
laws, regulations and legal concepts.
Competencies:
Systems Thinking, Information Literacy/Research Skills
Problem Solving
Ethical Leadership
Individual Assignment #1
Write an 18 page (approximately 5500 words) policy paper in
which you assess emerging cyber security approaches and
technologies and government efforts to nurture them. Your
paper must include: Cover Page, Table of Contents,
Introduction, Section Headings and Subheadings, Conclusions,
in-text citations and list of References, and page numbers. The
paper must be formatted according to the mandatory paper
format guidelines. The page count begins with the Introduction
and ends with the Conclusions and does not include any figures
or tables. Prepare your paper in Word (.doc or .docx). Include a
minimum of 8 credible, external sources. At least 75% of
references should be based on official reports, scholarly studies,
or peer-reviewed journal articles. The latest edition of Strunk &
White is the authoritative reference for grammar questions for
the assignment.
1.How do these emerging cybersecurity technologies and
prioritized research and development improve cybersecurity?
A. Clearly define these emerging technologies and their main
features.
B. Clearly define how an organization would use these
technologies.
C. Describe real-world examples of the use of these
technologies.
2.Discuss the role of the federal government in the support and

nurturing of these cyber security technologies.
A. Clearly discuss what benefits or drawbacks government
efforts to support new cybersecurity technologies may create.
B. Describe real-world examples that help support your
position.
A title page, table of contents and the reference pages are
required. The page count starts with the Introduction and ends
with the Conclusions. However, the page count DOES NOT
include figures and tables. Prepare your paper in Word (.doc or
.docx). Include a minimum of 8 credible, external sources. At
least 75% of references should be based on official reports,
scholarly studies, or peer-reviewed journal articles. The
citations and the reference list in the paper should be formatted
in accordance with APA 6th edition guidelines. The assignment
is due at the end of Week 3, by Sunday 11:59PM U.S. Eastern
Time.

UMUC Cybersecurity Capstone CSEC670 © UMUC 2012 .docx

Recommended

Recommended

More Related Content

Similar to UMUC Cybersecurity Capstone CSEC670 © UMUC 2012 .docx

Similar to UMUC Cybersecurity Capstone CSEC670 © UMUC 2012 .docx (20)

More from willcoxjanay

More from willcoxjanay (20)

Recently uploaded

Recently uploaded (20)

UMUC Cybersecurity Capstone CSEC670 © UMUC 2012 .docx