Course Assistants and staff

Similar documents
CAPT Jody Grady, USN USCYBERCOM LNO to USPACOM

CYBER SECURITY PROTECTION. Section III of the DOD Cyber Strategy

Cyber Strategy & Policy: International Law Dimensions. Written Testimony Before the Senate Armed Services Committee

LAB4-W12: Nation Under Attack: Live Cyber- Exercise

Revising the National Strategy for Homeland Security

THE MILITARY STRATEGY OF THE REPUBLIC OF LITHUANIA

Senate Select Committee on Intelligence. July 3, 2018

Chapter Nineteen Reading Guide American Foreign & Defense Policy. Answer each question as completely as possible and in blue or black ink only

SACT s remarks to UN ambassadors and military advisors from NATO countries. New York City, 18 Apr 2018

NATO MEASURES ON ISSUES RELATING TO THE LINKAGE BETWEEN THE FIGHT AGAINST TERRORISM AND THE PROLIFERATION OF WEAPONS OF MASS DESTRUCTION

United States General Accounting Office. DISTRIBUTION STATEMENT A Approved for Public Release Distribution Unlimited GAP

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release January 17, January 17, 2014

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

President Obama and National Security

This report is a product of the Defense Science Board (DSB). The DSB is a Federal Advisory Committee established to provide independent advice to the

Department of Defense DIRECTIVE

SPRING 2018 DSS CLASS SCHEDULE

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE-4. Subject: National Strategy to Combat Weapons of Mass Destruction

Ⅰ Introduction Ⅱ Positioning of cyber domain in cross-domain operation. Ⅲ Cyber domain seen in China's strategy. Ⅳ Approach to Cyber Domain in Japan

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Prepared Statement of GEN (Ret) Keith B. Alexander*

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 7 R-1 Line #198

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #199

Terrorism, Asymmetric Warfare, and Weapons of Mass Destruction

Foreign Policy and National Defense. Chapter 22

In order to cross the walls of the city, not a single act of violence was needed. All that was needed was the good faith and naivety of the enemy.

Bridging the Security Divide

National Security & Public Affairs

December 21, 2004 NATIONAL SECURITY PRESIDENTIAL DIRECTIVE NSPD-41 HOMELAND SECURITY PRESIDENTIAL DIRECTIVE HSPD-13

Introduction to Homeland Security. The Intelligence Community (IC) Director of National Intelligence (DNI) National Intelligence Coord.

1. Purpose. To implement the guidance set forth in references (a) through (e) by:

An Interview with Gen John E. Hyten

AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY UNDERSTANDING THE UNIQUE CHALLENGES OF THE CYBER DOMAIN. Kenneth J. Miller, Major, USAF

Chapter 17: Foreign Policy and National Defense Section 3

Preventing Weapons of Mass Destruction Proliferation

COE-DAT Course Catalog. Introduction

We Produce the Future

National Defense University. Institute for National Strategic Studies

Challenges of a New Capability-Based Defense Strategy: Transforming US Strategic Forces. J.D. Crouch II March 5, 2003

Advance Questions for Vice Admiral Michael S. Rogers, USN Nominee for Commander, United States Cyber Command

The Iran Nuclear Deal: Where we are and our options going forward

Foreign Policy and National Defense. Chapter 22

On 21 November, Ukraine

The best days in this job are when I have the privilege of visiting our Soldiers, Sailors, Airmen,

National Security Cyber Trends ALAMO ACE Presentation

Issue Briefs. The UN Sanctions' Impact on Iran's Military

Department of Defense DIRECTIVE

Cyber operations poised to take centre stage in US

Cyber Attack: The Department Of Defense s Inability To Provide Cyber Indications And Warning

Intelligence Operations (HMSY 1340) Online. Credit: 3 semester credit hours (3 hours lecture)

Chapter 4 The Iranian Threat

Overview of Safeguards, Security, and Treaty Verification

Fiscal Year 2017 President s Budget Request for the DoD Science & Technology Program April 12, 2016

1 Nuclear Weapons. Chapter 1 Issues in the International Community. Part I Security Environment Surrounding Japan

Chapter 16: National Security Policymaking

The Joint Force Air Component Commander and the Integration of Offensive Cyberspace Effects

Department of Defense DIRECTIVE

9. Guidance to the NATO Military Authorities from the Defence Planning Committee 1967

March 10, Sincerely,

The State Defence Concept Executive Summary

2018 NASS IDEAS Award Application State of Colorado

STATEMENT OF JAMES R. CLAPPER FORMER DIRECTOR OF NATIONAL INTELLIGENCE BEFORE THE

United States Army War College. Strategic Cyberspace Operations Guide

MINISTRY OF DEFENCE REPUBLIC OF LATVIA. The State Defence Concept

Protecting US Military s Technical Advantage: Assessing the Impact of Compromised Unclassified Controlled Technical Information

Department of Defense INSTRUCTION

Student Guide: Introduction to Army Foreign Disclosure and Contact Officers

Cybersecurity of Voting Machines

Intelligence Preparation of the Information and Communications Environment

BIODEFENSE FOR THE 21 ST CENTURY

Towards a European Non-Proliferation Strategy. May 23, 2003, Paris

DOD STRATEGY CWMD AND THE POTENTIAL ROLE OF EOD

DEPARTMENT OF THE NAVY COUNTERINTELLIGENCE

2. Deterring the use of nuclear. 4. Maintaining information superiority. 5. Anticipating intelligent systems

RECORD VERSION STATEMENT BY LIEUTENANT GENERAL JOHN M. MURRAY DEPUTY CHIEF OF STAFF OF THE ARMY, G-8 AND

Department of Defense DIRECTIVE

LESSON ONE FUNDAMENTALS OF MILITARY OPERATIONS OTHER THAN WAR. MQS Manual Tasks: OVERVIEW

THINKING DIFFERENTLY ABOUT NETWORK RESILIENCE

Appendix II: U.S. Israel Science and Technology Collaboration 2028

Engaging the DoD Enterprise to Protect U.S. Military Technical Advantage

Statement by. Brigadier General Otis G. Mannon (USAF) Deputy Director, Special Operations, J-3. Joint Staff. Before the 109 th Congress

Iran Nuclear Deal: The Limits of Diplomatic Niceties

Electronic Warfare and Satellites Challenges in Assuring Space Capabilities

Postwar America ( ) Lesson 3 The Cold War Intensifies

Programme Curriculum for Master Programme in Entrepreneurship and Innovation

Chapter 17: Foreign Policy and National Defense Section 2

USCYBERCOM 2018 Cyberspace Strategy Symposium Proceedings

Preserving Investigative and Operational Viability in Insider Threat

USASMDC/ARSTRAT & JFCC IMD Update. Space and Missile Defense Capabilities for the Warfighter

INTELLIGENCE AND US NATIONAL SECURITY POLICYMAKING (RPAD 558)

GAO ECONOMIC ESPIONAGE. Information on Threat From U.S. Allies. Testimony Before the Select Committee on Intelligence United States Senate.

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

Statement of FBI Executive Assistant Director for Intelligence Maureen A. Baginski. Before the House Permanent Select Committee on Intelligence

SUBJECT: Directive-Type Memorandum (DTM) Law Enforcement Reporting of Suspicious Activity

Programme Curriculum for Master Programme in Entrepreneurship

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Cooperative Cyber Defence Centre of Excellence

Department of Defense INSTRUCTION

Air Force Science & Technology Strategy ~~~ AJ~_...c:..\G.~~ Norton A. Schwartz General, USAF Chief of Staff. Secretary of the Air Force

Transcription:

IGA-240: CYBER AND INFORMATION OPERATIONS: TECHNOLOGY, POLICY AND THE LAW Fall 2017/18, T/Th 8:45 10:00am L230 Instructor Eric Rosenbach eric_rosenbach@hks.harvard.edu L-362 Course Assistants and staff Corinna Fehst (Course Assistant) Caitlin Conley (Course Assistant) Melissa Kappotis (Faculty Assistant) corinna_fehst@hks18.harvard.edu caitlin_conley@hks18.harvard.edu melissa_kappotis@hks.harvard.edu Description: Today s leading democracies are digital: they depend on the internet and information technology for vital functions of the economy, infrastructure, media and government. Democracies rapid adoption of information technology has improved citizens lives and nations overall prosperity. But digital democracies are also increasingly vulnerable to interference from hostile actors who may use cyberattacks, information operations, or a sophisticated hybrid of both, to disrupt these societies. Russia s recent interference in elections in the United States and Europe highlight one aspect of the threat to digital democracies. Several other cases illustrate the emergence of attacks on other key sectors of digital democracies, such as the successful Russian attack on the Ukrainian power grid in 2016, the Islamic State s use of social media for radicalization, the 2014 North Korean hack of Sony Pictures and the 2011-13 Iranian cyberattacks on the US financial sector. The perceived success of these attacks will encourage increased malicious activity in the future. In parallel, the international community has seen an increasing weaponization of data and information obtained through cyber means, as well as the increasing use of offensive cyber tools by nation states to further national interests. Unfortunately, the leaders of most democratic nations are unprepared to address the complex technical, political, policy and legal issues associated with these types of malicious activities. The need for a new generation of technically-savvy policymakers is clear. This course will introduce students to the policy, technical and legal challenges faced by digital societies and push them to develop policy proposals to mitigate risk in the future. The course will assess the digitalization of today s leading democracies and the vulnerabilities that this creates, discuss the intent and foreign policy goals of hostile actors who seek to exploit these vulnerabilities, and review the features of intrusive attacks on digital democracies (including but not limited to the cases mentioned above). In addition sharpening students policy formulation skills, students will also learn to provide basic legal, technical and political analysis for each of the cases covered in the course. Understanding the technology of cybersecurity and big-data analysis is particular important; thus, the instructor will ensure all students have a basic understanding of the technical underpinnings of each case (e.g. how does ransomware work, how was the US DNC hacked, how do bots spread fake news).

The instructor recently served as the Pentagon Chief of Staff, and previously served as the Department of Defense Cyber Czar and Assistant Secretary of Defense for Global Security. As such, he personally worked on many of the cases that will be discussed in class. Instruction method: This class will be highly interactive and will rely heavily on the case method, supported by the Socratic Method/cold calling. Students should therefore come to class prepared to participate and contribute. Audience: This course is designed for future practitioners of cybersecurity and cyber policy, as well as for those who plan to work in national security and international affairs more broadly. Although parts of the course focus on the United States, information and cyber operations are global issues. International students are therefore highly encouraged to enroll. Initial classes in the course provide students with a solid foundation on networking, software and data, so no technical background is required for the course. Learning Objectives: By the end of the course, students will have: (1) the ability to think strategically about managing offensive and defense cyberattacks and information operations, taking into account policy, legal, technical and political considerations; (2) professional skills that allow them to effectively communicate through crisp policy recommendation memos and oral briefings; (3) a solid foundation of knowledge about specific recent cases of cyberattacks and cyber operations, and; (4) a more thorough understanding about how the US and other international governments, as well as the international community can work together to shape and address cyber threats. Expectations: This is a graduate-level course for future professionals. Thus, the instructor has high expectations of all students. Basic expectations are that students will: (1) attend all scheduled classes and show up on time; (2) complete assignments on time; (3) read all assigned materials in advance of class and come to class prepared to discuss them; and (4) contribute to the team assignments. Course Requirements: Each student will be required to: Complete two quizzes/assignments on the technology of cybersecurity and information operations Write two individual policy recommendation memos Write one short surprise memo (giving students 48 hours to complete this assignment after a significant real-world event) Complete two in-class simulation exercises Prepare for and participate in all class discussions Quizzes: There will be two quizzes/assignments on the technological foundations of cybersecurity and information operations. These will test students understanding of basic aspects of cybersecurity and information operations, as well as of the technical functioning of different types of cyberattacks. Individual Recommendation Memos: Each student will submit two three-page policy recommendation memos. The memos should provide a senior-level decision maker with analysis and recommendations on a cybersecurity / information operation issue covered in class. Students have the option to write on any two of the 8-10 assigned memo topics (full details will be posted at the start of term). Students must complete at least

one memo prior to the first simulation exercise. Policy recommendation memos should include: policy objectives, basic legal analysis, identification of various policy options and a final recommendation. The instructor will provide more details about the memo format in class. Surprise Memo: There will be a two page surprise memo assigned at some point during the semester. Students will assess a current event cybersecurity or information operations issue and present recommendations to a senior leader, such as the UN Secretary General, National Security Advisor, Secretary of Defense, or Minister of Foreign Affairs. Students have 48 hours to complete this assignment. Simulation Exercises: The class will participate in two (fun!) simulation exercises focusing on cyberattacks and/or information operations. These team-based exercises will simulate a national security environment, such as e.g. a Senate Intelligence Committee meeting or a Principles Committee meeting of the National Security Council. Preceding the exercise, students will be assigned a role, such as a Senator or Secretary of State. Each student will be expected to familiarize him/herself with all aspects of the role. Students will be evaluated on their professionalism, decision-making and ability to communicate. The class will jointly derive lessons learned from each simulation. Class Participation: The quality (not quantity!) of class participation will determine a significant part of a student s overall grade. The instructor expects students to complete the readings for each class; each student should come to class prepared to debate the issue of the day. The instructor will use the Socratic Method to ensure that all students prepare for class and participate in the discussion. Because of the importance of class participation, students are required to bring their name placards to every class. The use of laptops and phones in class is prohibited. Attendance is mandatory unless excused. Standard Operating Procedures (SOPs) for Assignments: All written assignments must be uploaded to the course Canvas site to receive full credit. Students are required to upload their assignment by 08:00 of the due date. Additionally, students must hand in a hardcopy of their assignment at the beginning of class. All assignments must follow the formatting guidelines distributed in class. Grading: The instructor will follow HKS guidance regarding the curved distribution of grades. Final grades will be determined according to the following: Technical quizzes: 10% Policy Recommendation Memos: 40% Surprise Memo: 10% Simulations and Class Participation: 40% Office Hours: The instructor will hold office hours by appointment. You should schedule an appointment within these hours with Melissa Kappotis (melissa_kappotis@hks.harvard.edu). Readings and Required Books: This class will not rely on a single book instead specific readings are assigned for each class. In addition, the beginning of this course familiarizes students with the technical fundamentals of cybersecurity and cyber/ information operations. Students without a technical background will be expected to build up their technical knowledge quickly. To help them get started, the instructor strongly

recommends that students complete technical readings ahead of the start of term. Potential readings that students might wish to consider as a starting point are: Lawrence C. Miller, Cybersecurity for Dummies, 2014 (available online) Peter W. Singer and Allan Friedman, Cybersecurity and Cyberwar: what everyone needs to know, 2014 (available online).

Class Date Topic Objectives 1 31 st Aug A Cyber 9/11: Assess the risk of a catastrophic cyberattack to the US or other nations. Inevitable or Identify key issues of analysis necessary to determine whether a cyber 9/11 is possible. Hysterical? Preview of course structure and key features. Overview of the course s framework of analysis: 2 5 th Sept Technology Basics and Cyber Defense (part I) 3 7 th Sept Cyber Defense (part II) and Cyber Attacks 4 12 th Sept Cyber Actors: Russia, China and Cyber Criminals 5 14 th Sept Cyber Actors: Iran, North Korea and Cyber Terrorism 6 19 th Sept Organizing for Cyber: USG, Private Sector and International Organizations technology, policy and the law. Understand the functioning and basic components of the internet, networks, software, and hardware. Understand the inherent technical vulnerabilities of the internet, networks, software, hardware. Learn key concepts and strategies for identifying and defending an organization s key assets. Understand key technologies associated with defending networks, systems and information against cyberattacks and information operations. Technical Quiz 1 (to be completed within 24 hours of the class) Define information and cyber operations, and distinguish between the two. Understand how attackers exploit vulnerabilities in the internet, networks, software, hardware to conduct different types of information and cyberattacks. Technical Quiz 2 (to be completed within 24 hours of the class) Assess the strategies employed by Russia and China to advance their national interests via cyber and information operations. Review historic examples of Russian and Chinese cyber and information operations. Understand the organizational set-up supporting cyber/information operations in Russia and China. Understand motivations of cyber criminals, and key means by which they exploit networks and sensitive information. Understand different means of monetizing cyber and information attacks (e.g. sale of financial information, ransomware). Understand why cyber operations are a key tool for nations like Iran and North Korea. Review historic examples of Iranian and North Korean cyber and information operations. Understand the organizational set-up supporting cyber/information operations in Iran, North Korea. Understand motivations of cyber terrorist and asses how large the threat of cyber terrorism really is. Understand how the US government is organized to address challenges of cyber and information operations. Who are key actors and their responsibilities, how do they interact, what challenges exist in their operations and interactions? Understand the crucial role that the private sector plays in addressing cyber threats to national interests. Understand the crucial role that international organizations play in defining, deterring, and managing cyber and information operations (esp. NATO, UN, EU). 7 21 st Sept Cyber Strategy Learn to evaluate, prioritize, and articulate cyber policy goals and objectives within the framework

and Policy 8 26 th Sept The Law and Politics of Cyber 9 28 th Sept Chinese Theft of Intellectual Property 10 3 rd Oct Defending Networks: The OPM Case 11 5 th Oct Defending Services: Dyn DDoS, Iranian DDoS of Financial Sector of national interests. Apply the national interest framework to articulate a prioritized list of US policy objectives in cyberspace. Use this framework in future sessions to evaluate resource allocations and prioritization in actual US cyber policy. Outline key U.S. cyber strategy and policy documents. Consider the policy trade-offs generated by an emphasis on cybersecurity on other domestic and international US objectives (e.g. in terms of resources, relationships, intellectual focus). Review the key foreign policy considerations and frameworks that apply to information and cyber operations (e.g. deterrence, attribution challenges, arms race, applicability of law, advantages of cyber/info ops vs. traditional warfare). Understand the important role that the law plays in the formulation of cyber policy. Understand how the U.S. constitution, codes and caselaw influence US cyber policy. Understand how Congress is structured, its authority/ sources of power, and how this plays out on cyber policy. Understand which key international pieces of law affect US (and other players ) cyber/ information operations. Understand the role of non-binding efforts to establish rules in cyberspace, in particular the NATO CCD COE Tallinn Manual, and UN cyber norms process. Recognize how politics shapes (and sometimes distorts) the national security environment. Recognize the currently occurring fault lines and consider how to manage them. Be able to participate in a discussion on how future political trends will impact cyber security policy. Understand the strategic implications of intellectual property theft and how China uses cyber operations to bolster its overall economic strategy. Explore the U.S.-China 2015 agreement banning commercial cyber espionage. Assess its effectiveness, understand how this agreement was reached, review why it is so difficult to achieve such negotiated settlements in other areas of cyber/ information operations. Understand key events and technology employed in the OPM attack. Understand the intent and impact of the Chinese operation. Assess the US government s response to the attack and constraints on its potential reactions. Understand key events and technology employed in U.S. Financial sector and Dyn DDoSs Understand the significance of a denial of service attack, and how the response to them may differ from other cyberattacks. Assess the decision-making calculus of a private sector leader responding to a large cyberattack against his/her firm. Understand the increasing risk of DDoS from poorly secured Internet of Things devices. Be able to debate the potential need for cybersecurity regulation for IoT devices.

12 10 th Oct Defending Operational Networks: TransCom and Iranian attacks on the U.S. Navy 13 12 th Oct Defending Important Information: Snowden, Insider Attacks and Domestic Surveillance 14 17 th Oct Simulation I: Senate Hearing on a Cyber Attack (related to Wanna Cry) 15 19 th Oct Disrupting Terrorist Attacks: ISIS use of social media and San Bernadino 16 24 th Oct Defending Critical Infrastructure: Attacks on the Financial Sector: NASDAQ, 2015/16 SWIFT Understand the importance of operational networks to large organizations, such as the military or a large multinational corporation. Understand key events and technology employed in the TransCom and Iranian Navy attacks. Assess the intent of China and Iran to penetrate these networks. Assess the US military s response to the attack and the constraints on its potential reactions. Understand key events of the Snowden leaks, and their short- as well as long-term political and national security consequences. Understand the important role of that insiders are known or alleged to have played in other highprofile cyberattacks and information operations. Discuss political, moral, and security considerations surrounding insider leaks in the national security space. Is it ever justified to leak sensitive national security information from inside government? If so, under which conditions? Understand existing measures to prevent and manage insider risk within the U.S. government. Discuss legal/ political measures pursued since Snowden and whether/ how to further expand the use of such measures in the future. In-class simulation focused on key implications of WannaCry ransomware attack (including severity of threat it posed, attribution, retaliation options, vulnerability equities process/ PATCH Act and their implications for future U.S. intelligence gathering capabilities) Students need to have completed Individual Policy Memo 1 by this class Explore terrorists diverse uses of the Internet (e.g. for recruiting, financing/ payments, attack planning, everyday operation and coordination). Specifically, understand ISIS use of social media for recruiting. Assess how the U.S. and ally government, as well as social media/ tech companies seek to disrupt it. Understand FBI-Apple stand-off following the San Bernadino attack, and the resulting national security vs. privacy/civil liberties/ data security debate. Understand key events and technology employed in NASDAQ and SWIFT cyberattacks. Understand scope of disruption for global economic system from financial sector attacks. Understand attribution and political implications/ retaliation.

17 26 th Oct Defending Critical Infrastructure: Saudi Aramco and RasGas 18 31 st Oct Defending Critical Infrastructure: Ukraine Power Grid and US Infrastructure 19 2 nd Nov Defending Digital Democracy: Sony Pictures 20 7 th Nov Defending Digital Democracy: US 2016 Elections (I/II) Define critical infrastructure. Understand implications of CI cyberattacks in general and specifically for the oil/gas sector. Understand key events and technology employed in Saudi Aramco/ RasGas attacks (Shamoon). Understand operational and financial implications of these attacks. Understand attribution challenges and political implications/ retaliation. Understand key events and technology employed in Ukraine 2015 power grid attack, and its significance. Understand attribution and attribution challenges. Assess risk of attacks being similarly effective in the U.S./ European electric grids. Understand reactions by U.S. and international community (e.g. measures to improve security of electricity grids), and discuss what more could be done going forward (e.g. more compulsory cybersecurity and reporting regulation for CI private sector operators?) Understand key events and technology employed in 2014 Sony Pictures attack. Understand the financial, operational and reputational damage suffered by Sony Pictures. Understand attribution (marks formal emergence of the Lazarus Group); alternative attribution theories (e.g. role of insiders, hacktivists not related to DPRK). Discuss the potential of cyberattacks to interfere with the democratic right of free speech. Discuss the U.S. political reaction and response, and the limits on constraints it faced. Understand key events and info ops/ cyber ops technology employed in U.S. 2016 Elections, covering cyberattacks with information leaks (DNC and RNC hacks, Podesta mails) and fake news. Understand attribution to RUS: what is vs. is not publicly known, strength of evidence? Understand domestic political implications of the election interference (in particular: what do we know about the effect that this intervention may of may not have had on election outcomes. Understand foreign policy implications (sanctions, escalating tensions in US/RUS relations, raised the ongoing questions regarding the Trump administration s links to Russia). Distinguish between different level of attacks on elections (from fake news, to cyberattacks coupled with information leaks, to hacking of core election infrastructure such as voter registration systems). Understand how each attack type is executed and their respective likelihood and impact. Highlight key case of RUS election interference beyond the 2016 US elections (e.g. Macron campaign, Estonian and Ukrainian elections).

21 9 th Nov Defending Digital Democracy: US 2016 Elections (II/II) 22 14 th Nov Offensive Cyber Ops: Stuxnet 23 16 th Nov Offensive Cyber Ops: Counterterrorism 24 21 st Nov Offensive Cyber Ops: Military 25 28 th Nov Simulation II: National Security Council 26 30 th Nov Simulation II debrief & class wrap-up Discuss increasing weaponization of information (cyberattacks coupled with information leaks, and fake news). Understand what is already being done to prevent the weaponization of information, esp. fake news. Understand efforts to secure the different levels of election infrastructure going forward (e.g. paper audit trails at voting machines, increased pressure on social media companies) Understand key events and technology employed in Stuxnet attack. Understand the operational and foreign policy framework for analysis of offensive cyber operations. Assess the short and longer impacts of conducting offensive cyber operations. Review US CYBERCOM s offensive cyber campaign against ISIS: key components, legal status, effectiveness. Understand the potential for using offensive cyber and information operations during combat. Students simulate an NSC meeting dealing with an imminent, severe cyber attack. Debrief on Simulation II. Review of key concepts and lessons learnt in the class.