Cybersecurity Law

9.3. Incidents and cyber-operations - case studies (BÁTRLA)

Resources for the lecture

The aim of this lecture is for you, students, to have a better understanding of various aspects of cyber incidents and operations. Various perspectives illustrated on a real-world case studies will include a selection from policy, strategic-operational-tactical, even to a bit of technical and business facets of cybersecurity. 

While one lecture is never sufficient to cover these, I hope to give you some pointers for whichever field you would like to delve more into.  

Please, use resources below to help you prepare for the lecture, including questions and discussion points you would like for us to cover. Also do not hesitate to ask about anything you could not understand from resources below, because it is completely normal to do so, given how broad cybersecurity is. :-) 

Darknet Diaries (Podcast)

When it comes to describing cyber incidents, there is somebody who "won the Internet" (for the time being at least). That someone would be Jack Rhysider from Darknet Diaries podcast. So for a very interesting yet informative coverage of notable recent incidents and their impact, please check some episodes I selected below. They are mostly focused on state or state-supported threat actors, however help illustrate the real-world techniques, outcomes and damages we are talking about here. As well as how much expertise and preparation (especially when it comes to physical impact of cyber operations) is oftentimes required, compared to the Hollywood-style impression of cyberattacks we often come across.

NOTPETYA  

Brief overview of the case: https://cyberlaw.ccdcoe.org/wiki/NotPetya_(2017)  

Darknet Diaries EP 54: https://darknetdiaries.com/episode/54/ , transcript https://darknetdiaries.com/transcript/54

(Optional, for broader context. EP 53: SHADOW BROKERS: 

TRITON

Brief overview: https://cyberlaw.ccdcoe.org/wiki/Triton_(2017) 

Darknet Diaries EP 68: , transcript https://darknetdiaries.com/transcript/68/


(Optional) Other interesting episodes include: 

EP 48: OPERATION SOCIALIST https://darknetdiaries.com/episode/48/, also covered in the text below. 
EP 50: OPERATION GLOWING SYMPHONY https://darknetdiaries.com/episode/50/ for behind the scenes on running a state cyber operation


Ross Anderson - Security Engineering 3rd. ed - "Who is the Opponent?" 

Cybersecurity is multi-disciplinary field and often requires bridging the gaps into other areas. This text is indeed for security engineers, who are designing and building secure systems, thus a bit more technical in some parts. However, for us it serves as a great introduction to how broad cybersecurity actually is, shows most important actors and types of attacks we need to consider. This builds greatly on the more storytelling approach of Darknet Diaries and helps round the insights from individual cases into a broader concept.   

Please, note that the following text is an online version for review that is copyrighted by Ross Anderson and Wiley publishing. Please, use it only for educational purposes in this course. For other available chapters, additional resources and full previous editions of the book (still worth reading!), visit: https://www.cl.cam.ac.uk/~rja14/book.html

do not cite do not distribute SEv3 ch2 7sep
PDF to download