Detailed schedule and class resources

Class 1 (Tuesday, January 22): Password-cracking lab.

We take a brief look at the syllabus, but defer discussion until next time.

We discuss an overview of the course.

Most of the class is spent on the password-cracking lab.

Homework questions:

• Please see the password-cracking lab for today's homework questions.

Class 2 (Thursday, January 24): Password security

Required reading:

• The course syllabus
• Chapter 1 of Clarke and Knake. Make a few notes (say, 50-100 words) for discussion in Class 4. Retain your notes and submit them as part of homework assignment 1. (The notes may be handwritten.)

Optional reading:

• Skim over the following interesting blog post: PIN analysis, by Nick Berry, September 2012.

Lecture notes: password-security-v2.pdf.

Homework questions:

• For the purposes of these exercises, assume that a modern desktop computer can compute 10^5 password hashes per second. Also assume that the age of the universe is 10^18 seconds. (This is 13 billion years, rounded up to the nearest power of 10.)
• Homework exercise 2.1: (a) What is the SHA-256 hash value of the password "foo6wom3bat9"? (b) How about "foo6wom4bat9"?
• Homework exercise 2.2: How long would it take, on average, for a modern desktop computer to crack a numeric password that is the seven digits long, given a hash of the password?
• Homework exercise 2.3: How long would it take, on average, for a modern desktop computer to crack an alphanumeric password (including uppercase letters, lowercase letters, and digits) that is ten characters long, given a hash of the password?
• Homework exercise 2.4:A computer administrator decides that all passwords on a certain system must take longer to crack, on average, than the age of the universe (assuming the cracking is done by a modern desktop computer). Suppose that all users on the system will choose genuinely random alphanumeric passwords (including uppercase letters, lowercase letters, and digits). How long do the passwords need to be in order to meet the security guideline set by the administrator?
• Homework exercise 2.5:Suppose a college IT system has 5000 users. The vast majority of users choose strong passwords, but 1% of users use passwords that are present in a standard English dictionary of 50,000 words. A malicious hacker has obtained the password hashes of all 5000 users. How long would it take, on average, for the hacker to obtain one of the passwords on this system using a dictionary attack?

Class 3 (Tuesday, January 29): Information security basics

Required reading:

• Skim over the first six pages of A Graphical Introduction to the Structural Elements of Cyberspace, by Zimet and Skoudis (this is Chapter 4 of Cyberpower and National Security -- you only need to look at pages 91-96).
• Read carefully over Information Security Issues in Cyberspace, by Edward Skoudis (this is Chapter 7 of Cyberpower and National Security).
• Chapter 2 of Clarke and Knake. Make a few notes (say, 50-100 words) for discussion in Class 4. Retain your notes and submit them as part of homework assignment 1. (The notes may be handwritten.)

Lecture notes: info-security-basics-v3.pdf.

Homework questions (note: answer all questions in your own words, without looking at any material while you are typing out the answer; do not copy the answer from the reading or any other source):

• Homework exercise 3.1: In one sentence of your own words, describe what a botnet is.
• Homework exercise 3.2: In one or two sentences of your own words, describe the difference between spyware and malware.
• Homework exercise 3.3: In one or two sentences of your own words, explain why a firewall does not provide complete protection against malware.
• Homework exercise 3.4: Approximately how many hops are there between a computer on the Dickinson network and www.google.com? How did you determine this?
• Homework exercise 3.5: Give three examples of aspects of the Internet that were not designed with security in mind. For each of the examples, state the year in which that example was invented and/or standardized. (Use some brief web research to find this information; there's no need to cite your sources.) What is the average age of the technologies in your three examples?

Class 4 (Thursday, January 31): Cyber war overview, part 1

Required reading:

• Chapters 3 and 4 of Clarke and Knake (CK), and of course chapters 1 and 2 if you haven't read them already. You should bring a page or so of notes on chapters 1-4 to aid in our discussion. Retain your notes and submit them as part of homework assignment 1. (The notes may be handwritten.)

The class consists of a discussion of Chapters 1-4 of CK. Specifically, we will split into groups, and each group is assigned one of the four chapters. Each group will come up with a list of the main points from its chapter, together with any interesting questions about the chapter (and especially any points on which you disagree with the authors). The randomly-generated list of the discussion groups is available. The first person listed in each group (in bold) is responsible for chairing the discussion (20 minutes), and for presenting the results (10 minutes) to the class when we reassemble. If the group leader is absent, this responsibility goes to the next person on the list.

Homework questions:

• Homework exercise 4.1: Which Dickinson alum is mentioned in the introduction, and why? (Hint: this person's name appears on the summary schedule for this course.)
• Homework exercise 4.2: Stuxnet and the 2007 Estonia incident are two of the best-known instances of cyber attacks against a nationstate. List two other examples of specific cyber attacks mentioned in CK, giving a one-sentence description of each that includes the countries or entities involved and the year of the attack.
• Homework exercise 4.3: State one positive point, and one negative point, about the style in which this book is written.
• Homework exercise 4.4: In a few sentences of your own words, summarize the conclusions that can be drawn from the chart titled "Overall Cyber War Strength," near the end of chapter 4.
• Homework exercise 4.5: Submit your notes on chapters 1-4 of CK as the answer to this question. As stated above, these notes may be handwritten.

Some interesting optional reading: an article in yesterday's New York Times -- thanks to Andrew Chesley for pointing this out; as he says, it "detail[s] extensive hacking of their systems by Chinese hackers since they published their investigation into Wen Jiabao's family in October." Here's another recent news report that is highly relevant to today's class: US Cyber Command in 'fivefold' staff expansion (BBC)

Class 5 (Tuesday, February 5): Symmetric key cryptography

Required reading:

• The first five pages of Chapter 4 of "9 Algorithms That Changed the Future" (available on Moodle). Read up to, but not including, the section "Establishing a Shared Secret in Public."
• Chapter 5 of Clarke and Knake. Make a few notes (say, 50-100 words) for discussion in Class 9. Retain your notes and submit them as part of homework assignment 3. (The notes may be handwritten.)

Homework assignment 1 is due at the start of class today. This assignment consists of all homework questions for classes 1-4 inclusive. As stated on the syllabus, solutions must be typed and submitted in hard copy, except where stated otherwise.

Lecture notes for today: symmetric-key-crypto-v1.pdf.

Some resources for the class:

• A table for converting between characters and 8-bit binary
• Everpassword's online AES tool to demonstrate encryption and decryption.

Homework questions:

• Homework exercise 5.1:
  (a) Encrypt the (binary) message "1101 0011" using a one-time pad whose key is "1100 0011".
  (b) Decrypt the message "1011 1111" again using a one-time pad with the same key.
• Homework exercise 5.2:
  (a) Use Everpassword's online AES tool to encrypt the text "information" using the AES algorithm with key "456456". What is the result?
  (b) Use the same tool to decrypt the string "U2FsdGVkX1+TKwtblTuWDNtpl4AMpsCh3EBDvzaGo88=" using the AES algorithm, again with key "456456". What is the result?
• Homework exercise 5.3:
  (a) Using the XR block cipher discussed in class, with key "0001", encrypt the block "0101".
  (b) Decrypt the block "1111" using the same key and cipher.
• Homework exercise 5.4:
  (a) Using cipher-block chaining with the XR block cipher discussed in class, with key "0001", and initialization vector "1000", encrypt the message "0101 0101".
  (b) With the same cipher, key, and IV, decrypt the message "1000 1111".

Class 6 (Thursday, February 7): Public-key cryptography

Required reading:

• The remainder of Chapter 4 of "9 Algorithms That Changed the Future" (available on Moodle).
• First half of Chapter 6 of Clarke and Knake. Make a few notes (say, 50-100 words) for discussion in Class 9. Retain your notes and submit them as part of homework assignment 3. (The notes may be handwritten.)

Lecture notes for today: public-key-crypto-v1.pdf; additional examples are available on the public key crypto handout, cryptography-examples-v3.pdf.

YouTube video by Chris Bishop, demonstrating a key exchange algorithm using physical keys and padlocks. In fact, the algorithm demonstrated here is not analogous to the Diffie-Hellman scheme we study in class -- but it is a very interesting example of the surprising types of secure communication that are possible over a public channel.

Homework questions:

• Homework exercise 6.1:
  Using the paint-color analogy for Diffie-Hellman key exchange, suppose that Alice's private color is purple, Bob's private color is charcoal, and the public color is maroon.
  • (a) What mixture does Bob transmit to Alice during the key exchange?
  • (b) What mixture becomes the shared secret mixture?
• Homework exercise 6.2:
  Suppose Alice and Bob perform a Diffie-Hellman key exchange with modulus 7 and base 3. Alice's private number is 2, and Bob's private number is 6.
  • (a) What number does Alice transmit to Bob during the key exchange?
  • (b) What is the resulting shared secret key?
• Homework exercise 6.3:
  Alice and Bob use RSA cryptography, with the keys specified on the accompanying handout (see link above).
  • (a) Alice encrypts the plaintext number 9 for sending to Bob. What is the ciphertext?
  • (b) Bob encrypts the same plaintext number 9 for sending to Alice. What is the ciphertext?
  • (c) In a single sentence of your own words, explain why your answers to (a) and (b) are different, even though the plaintext message was the same in both cases.
• Homework exercise 6.4:
  Using the same system and keys as the previous question, Bob receives the ciphertext 3 from Alice. What was the plaintext?

Class 7 (Tuesday, February 12): Digital signatures

Required reading:

• Chapter 9 of "9 Algorithms That Changed the Future" (available on Moodle).
• Second half of Chapter 6 of Clarke and Knake. Make a few notes (say, 50-100 words) for discussion in Class 9. Retain your notes and submit them as part of homework assignment 3. (The notes may be handwritten.)

Lecture notes for today: digital-signatures-v1.pdf.

Homework questions:

• These questions use the keys on the public key crypto handout linked above. When a hash function is required, use the hash function h described on the handout. When a digital signature is required, use an RSA signature. Unless otherwise stated, any message should be hashed before it is signed. All messages are sent using 2-digit blocks, and signatures are appended as an additional 2-digit block.
• Homework exercise 6.1 7.1:
  Alice would like to send the message 15 to Bob, without any encryption or hashing, but with a digital signature. What is actually sent?
• Homework exercise 6.2 7.2:
  Bob would like to send the message 091406 to Alice, with encryption and a digital signature. What is actually sent?
• Homework exercise 6.3 7.3:
  Bob receives the unencrypted, signed message 02091813, claiming to be from Alice. (a) Did Alice send the message? (b) Was the message tampered with?
• Homework exercise 6.4 7.4:
  Bob receives the unencrypted, signed message 13291709, claiming to be from Alice. (a) Did Alice send the message? (b) Was the message tampered with?
• Homework exercise 6.5 7.5:
  Use some quick web research to find a news report about a Certificate Authority issuing a bogus certificate. You may not use the same incident described by the link at the end of today's lecture notes (a google.com certificate issued by TURKTRUST). Describe the incident you found in one or two sentences of your own words. There is no need to cite your source.

Class 8 (Thursday, February 14): Cryptography Lab

Today's class will take place in Tome 118, opposite our regular classroom.

Required reading:

• Chapter 7 of Clarke and Knake. Make a few notes (say, 50-100 words) for discussion in Class 9. Retain your notes and submit them as part of homework assignment 3. (The notes may be handwritten.)

Today's class is devoted to the cryptography lab.

Lab partners have been assigned randomly. These pairings will be altered as necessary; please notify the instructor if you were assigned the same partner as in the previous lab or if your partner is absent.

Homework assignment 2a is due at the start of class today. This assignment consists of all homework questions for classes 5-7 inclusive. As stated on the syllabus, solutions must be typed and submitted in hard copy, except where stated otherwise.

Homework questions:

• The homework questions for this class are embedded in the cryptography lab, linked above.

Class 9 (Tuesday, February 19): Cyber war overview, part 2

Required reading:

• Chapter 8 and the appendix of Clarke and Knake (CK), and of course chapters 5-7 if you haven't read them already. (The appendix, "The Nuclear Worm," is available on Moodle, in case your version of the book does not include the appendix.) You should bring a page or so of notes on chapters 5-8 to aid in our discussion. Retain your notes and submit them as part of homework assignment 3. (The notes may be handwritten.)

There is another extraordinarily relevant article on the front page of the New York Times today!: Chinese Army Unit Is Seen as Tied to Hacking Against U.S..

Homework assignment 2b is due at the start of class today. This assignment consists of just the homework questions for class 8. As stated on the syllabus, solutions must be typed and submitted in hard copy, except where stated otherwise.

The class consists of a discussion of Chapters 5-8 and the appendix of CK. Specifically, we will split into groups, and each group is assigned one of the four chapters. Each group will come up with a list of the main points from its chapter, together with any interesting questions about the chapter (and especially any points on which you disagree with the authors). The randomly-generated list of the discussion groups is available. The first person listed in each group (in bold) is responsible for chairing the discussion (20 minutes), and for e-mailing the results to the instructor (group leaders will not present results at the whiteboard this time). If the group leader is absent, this responsibility goes to the next person on the list.

Notes summarizing the second half of the book are available: cyberwar-overview-II-v1.pdf.

Homework questions (all refer to Clarke and Knake; explain each answer with a one- or two-sentence justification):

• Homework exercise 9.1:
  Of the three policies in the authors' recommended "Defensive Triad," which do you believe is the most important? Give a one- or two-sentence justification of your answer.
• Homework exercise 9.2:
  Read the following New York Times article, from June 1, 2011: Pentagon to Consider Cyberattacks Acts of War. Based on the information in this article, do you believe the US government has followed the authors' recommendation of implementing a policy of "cyber equivalency"?
• Homework exercise 9.3:
  Read the following New York Times article, from February 13, 2013: Obama Order Gives Firms Cyberthreat Information. Based on the information in this article, do you believe the US government has followed the authors' recommendation of implementing "smart regulation" to improve the cyber security of the electric grid and other critical infrastructure?
• Homework exercise 9.4:
  Why do the authors believe that banning cyber espionage via an international treaty is not in the best interests of the US?
• Homework exercise 9.5:
  Why do the authors recommend banning first-use of cyber weapons against civilian targets, but not military targets?

Class 10 (Thursday, February 21): Theory of cyber power

Required reading:

• Chris C. Demchak and Peter Dombrowski, Rise of a Cybered Westphalian Age, Strategic Studies Quarterly, Spring 2011, pp32-61.
• You should of course read the entire article by Demchak and Dombrowski, but each student is assigned one section of the article to study in detail: see the table of section assignments. You will be called on in class to summarize and/or comment on your assigned section.

Lecture notes for today: demchak-notes-v1.pdf.

Homework question: Give a one- or two-paragraph answer of 100-150 words to the following question.

• Homework exercise 10.1:
  The so-called "great firewall of China" prevents Chinese residents from seeing certain international web content. What are the similarities and differences between this Chinese firewall and and the "Westphalian" borders of cyberspace envisaged by Demchak and Dombrowski?

Class 11 (Tuesday, February 26): Exam 1

Exam 1.

Class 12 (Thursday, February 28): deterrence of cyber attacks

Required reading:

• Deterrence of Cyber Attacks, by Richard Kugler. This is Chapter 13 of our reader, Cyberpower and National Security, pages 309-340.

Lecture notes for today: deterrence-notes-v1.pdf.

Homework questions:

• Homework exercise 12.1:
  Make a plan for your midterm paper, approximately 100-200 words in length, and submit it as the answer to this homework exercise. This exercise will be graded on completeness only, so the style and content of your plan are up to you. Feel free to use ordinary prose, bullet-point notes, some potential quotations, and/or any other methodology useful for planning your paper.

Class 13 (Tuesday, March 5): Cyber terrorism

Required reading:

• Cyber terrorism: menace or myth?, by Irving Lachow. This is Chapter 19 of our reader, Cyberpower and National Security, pages 437-464.

Optional reading:

• Against cyberterrorism, by Maura Conway. Communications of the ACM, 54(2), 2011. Pages 26-28.
• Some recommended reading about hackers, from Dan Apello

Homework questions (these questions all relate to the required reading above, by Irving Lachow):

• Homework exercise 13.1:
  According to Lachow, does the definition of "cyber terrorism" include "physical attacks on information technology systems"? Why or why not? (Answer in one or two sentences, supporting your answer with a brief quotation from the reading.)
• Homework exercise 13.2:
  In 1-3 sentences, explain the difference between "cyber terror" and "hacktivism."
• Homework exercise 13.3:
  In 1-3 sentences, summarize how terrorists make use of the Internet to further their goals.
• Homework exercise 13.4:
  Please turn in your notes on Clarke and Knake chapters 4-8 as the solution to this exercise. (Note: this exercise was added at 2pm on 3/6/13. Because of the late notice, you may turn in these notes at the first class after spring break without penalty, if desired.)

Class 14 (Thursday, March 7): Software vulnerabilities I

No required reading.

Lecture notes for today: vulnerabilities-v2.pdf.

Example programs accompanying today's lecture: vulnerabilities-examples.zip.

Homework questions:

• Homework exercise 14.1:
  Suppose you wanted to mount an attack on calculator.py that would delete the file "important-info.docx". What input would you provide?
• Homework exercise 14.2:
  Suppose you wanted to mount an attack on calculator.py that would tell you whether or not the file "secret-stuff.txt" exists. What input would you provide? (Hint: there is a Python function called "exists()" which returns True if the given file exists and False otherwise.)
• Homework exercise 14.3:
  (a) A program written in the C programming language allocates a buffer of size 10 characters to store a user's account number. It then asks the user to input his or her account number. Give an example of an input that might cause this program to crash. (b) In one or two sentences of your own words, describe how a skilled attacker could craft this input to cause the program to execute some arbitrary code instead of simply crashing.
• Homework exercise 14.4:
  A professor has written a simple system to store and display students' grades, using a web front-end and a database backend. A student can enter his or her user-ID on the web page, and the corresponding grades are displayed. The grades are stored in a database table called "grades-INST290". Using the technique described in class, give a string that could be entered as the user-ID that would result in the deletion of all grades in the database.

Class 15 (Tuesday, March 19): Software vulnerabilities II

No required reading:

Lecture notes for today: vulnerabilitiesII-v2.pdf.

Homework questions:

• Homework exercise 15.1:
  A professor has written a simple system to store and display students' grades, using a web front-end and a database backend. A student can enter his or her user-ID on the web page, and the corresponding grades are displayed. The grades are stored in a database table called "grades-INST290". Using the technique described in class, give a string that could be entered as the user-ID that would result in the deletion of all grades in the database.
• Homework exercise 15.2:
  What is the general principle of Web browser security that is violated by a cross-site scripting attack?
• Homework exercise 15.3:
  Typically, is an XSS vulnerability caused by a flaw in a web browser, or in a web server? Explain your answer in one or two sentences.

Class 16 (Thursday, March 21): Software vulnerabilities lab

No required reading.

Class will consist of working through the software vulnerabilities lab.

Homework questions for today are all embedded in the lab linked above.

Class 17 (Tuesday, March 26): Cyber security of critical infrastructure

Required reading:

• Cyberspace and Infrastructure, by William D. O'Neil. This is chapter 5 of our reader, Cyberpower and National Security, pages 113-146.

Lecture notes for today: infrastructure-notes-v1.pdf.

At the start of class, please fill out the midsemester survey.

Here are links to the two YouTube clips shown in class:

• SCADA system for a wood-processing plant
• a successful attack on a SCADA system

Homework questions (all refer to today's reading by O'Neil):

• Homework exercise 17.1:
  In 1-3 sentences, explain why O'Neil claims that use of COTS systems for SCADA/EMS increases vulnerability of these systems.
• Homework exercise 17.2:
  In your opinion, what are the most important two policy recommendations in the final section of the reading? Justify your answer in one or two sentences.

Class 18 (Thursday, March 28): Ed Amoroso visit

Today's class consists of a presentation by Dr. Ed Amoroso (author, Dickinson alum and Chief Security Officer for AT&T).

No required reading.

Homework questions:

• Homework exercise 17.1 18.1:
  In your opinion, what was the most surprising point made in Dr. Amoroso's presentation? Explain and justify your answer in a short paragraph of 50-100 words.

Class 19 (Tuesday, April 2): Robotic warfare

Required reading:

• Arkin, R.C., "Ethical robots in warfare," Technology and Society Magazine, IEEE, vol. 28, no. 1, pp.30-33, Spring 2009.

Optional:

• View P. W. Singer's 2009 TED talk about robotic warfare.

Homework questions:

• Homework exercise 19.1:
  State whether you believe the US should increase its use of military robots. In one or two sentences, explain the primary reason for your belief.
• Homework exercise 19.2:
  Start thinking about your final paper. Make a list of one or two potential topics, together with a potential thesis statement for each topic.

Class 20 (Thursday, April 4):

No class.

Class 21 (Tuesday, April 9): Operating system and file security

Required reading: none.

Lecture notes for today: os-security-notes-v2.pdf.

Homework questions:

• Homework exercise 21.1:
  (a) How many processes are running on the computer you are using? (b) How many of these processes are being executed by you (i.e. the username associated with the process is your username)?
• Homework exercise 21.2:
  (a) Attempt to open some file on your computer that you do not have permission to read or write. What error message is displayed? (b) This time, open some file for which you have read permission but not write permission. Try to edit and save the file. What error message is displayed?
• Homework exercise 21.3:
  Pick one of the two general principles of security discussed in today's class, and describe it in one or two sentences of your own words.
• Homework exercise 21.4:
  Develop an outline for your final paper. At a minimum, this outline should include: 1. Title; 2. Thesis statement (one sentence); 3. A very brief annotated bibliography -- that is, a list of several scholarly sources that could be useful, together with one-sentence descriptions of the content of each source; 4. A list of the main points to be made in your paper (one sentence each).

Class 22 (Thursday, April 11): Network security

Required reading: none.

Lecture notes for today: network-security-notes-v1.pdf.

Homework questions:

• Homework exercise 22.1:
  Consider the programs you regularly use on computers, and the tasks or activities you regularly perform on computers. Many of these programs, tasks, or activities transmit or receive information over the internet. (a) Give an example of one of these programs, tasks, or activities that does not offer any security. (b) Give an example of one of these programs, tasks, or activities that does offer security.
• Homework exercise 22.2:
  What is the name of a protocol that offers security at the network layer?
• Homework exercise 22.3:
  Why is security more commonly offered at the transport layer, rather than the application layer? (Answer in one sentence of your own words.)
• Homework exercise 22.4:
  It is possible, in principle, for a single message to be encrypted four or more times (once at each layer discussed in class). In one sentence each, briefly state an argument (a) for, and (b) against, this multiple encryption. (Make sure to mention the fundamental security principle that is one reason in favor of multiple encryption.)
• Homework exercise 22.5:
  Suppose you are using an unsecured wireless connection from your laptop to access a website whose address begins with https://. Also suppose a malicious hacker is able to observe all of the wireless traffic between your laptop and wireless access point. Can the hacker obtain the plaintext of your interactions with the website? Explain your answer briefly, in one or two sentences.

Class 23 (Tuesday, April 16): File and network security lab

Required reading: none.

Homework questions: the homework questions are embedded in today's lab.

Class 24 (Thursday, April 18): Cyber crime

Required reading:

• Clay Wilson, Cyber Crime. This is Chapter 18 of our reader, Cyberpower and National Security, pages 415-436.
• James Fallows, Hacked!, The Atlantic, November 2011.

No notes from today's class are available, but the class discussions will be based on the above readings together with the following papers, which can be regarded as optional reading:

• Kanich, C., Chachra, N., McCoy, D., Grier, C., Wang, D., Motoyama, M., ..., Voelker, G. M. (2011). No plan survives contact: Experience with cybercrime measurement. Proc. of 4th USENIX CSET.
• Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74-81.
• Jansen, B. J. (2007). Click fraud. Computer, 40(7), 85-86.
• Zhang, Q., Ristenpart, T., Savage, S., & Voelker, G. M. (2011). Got traffic?: an evaluation of click traffic providers. In Proceedings of the 2011 Joint WICOW/AIRWeb Workshop on Web Quality (pp. 19-26). ACM.
• Anderson, R., Barton, C., B�hme, R., Clayton, R., van Eeten, M. J., Levi, M., ..., Savage, S. (2012). Measuring the cost of cybercrime. In 11th Workshop on the Economics of Information Security.

Our shared document listing types of cyber crime.

Homework questions:

• Homework exercise 24.1:
  List five different activities that are commonly regarded as cyber crime.
• Homework exercise 24.2:
  Consult the original text of the International Convention on Cyber Crime. From the treaty, choose one of the numbered Articles that interests you, and summarize its provisions in one or two sentences of your own words.
• Homework exercise 24.3:
  Briefly (in one sentence each) describe two ways in which a criminal who controls a botnet can profit financially from the botnet.

Class 25 (Tuesday, April 23): International law issues

Required reading:

• Thomas Wingfield, International Law and Information Operations. This is Chapter 22 of our reader, Cyberpower and National Security, pages 525-542.

Homework questions:

• Homework exercise 25.1:
  Article 2.4 of the UN charter prohibits the "threat or use of force... in any... manner inconsistent with the Purposes of the United Nations." In one or two sentences, describe the relevant "Purposes" referred to in this Article.
• Homework exercise 25.2:
  Suppose country X has conducted a cyber attack on country Y. In one or two sentences of your own words, describe Wingfield's recommended approach to determining whether country Y is justified in mounting a military response.
• Homework exercise 25.3:
  Consider cyber attacks consisting of deceptive forged e-mail messages sent to an opposing military commander. Give one example each of a type of message that would be (a) legal and (b) illegal, under the international laws of war according to Wingfield.

Class 26 (Thursday, April 25): Exam 2

Exam 2.

Class 27 (Tuesday, April 30): Final paper workshop, media discussion, and course overview

Required reading: none, but you must bring to class your latest draft and/or outline of your final paper, so that one of your classmates can read your work and offer suggestions on it.

Paper workshop partners

Homework questions:

• We will do a graded in-class homework exercise worth 5 points, which will be incorporated as part of homework assignment 5.

Class 28 (Thursday, May 2): Final paper workshop, media discussion, and course overview

Required reading: none, but you must bring to class your latest draft and/or outline of your final paper, so that one of your classmates can read your work and offer suggestions on it.

Homework questions:

• We will do a graded in-class homework exercise worth 5 points, which will be incorporated as part of homework assignment 5.