After completing these activities you should be able to:
This course provides an introduction to the technical foundations of the cyber domain, focusing on cyber security. It is technical, hands-on, academic, and (intended to be) fun and interesting.
On the first day of class your instructor will define the cyber domain and discuss why cyber security (security in the cyber domain) is important. So here we will briefly address the hows and whys of studying cyber security here at USNA. The Navy recognizes the need to have employees (Officers, Enlisted Sailors, and civilians) who are familiar with the fundamentals of cyber security. To this end, the Naval Academy formulated a plan to add cyber security content to the curriculum. This course is the first step, but your exposure to cyber security will not end with your plebe year (or with your time at USNA)!
The cyber domain is a big field that overlaps many disciplines. The August 2009 initial report of the Dean's Cyber Warfare Ad Hoc Committee included the following:
SI110 is an introduction to the technical core described in the excerpt. The material we cover is organized into three sections:
This portion of the course will teach you about the basic components that constitute what is generally called cyberspace. Starting with digital data, the physical computer, operating systems, and programs; and continuing with the Web, the Internet, and both wired and wireless networks.
There are some theoretical underpinnings to what it is we are protecting (or attacking) in the cyber domain, and how we make rational decisions about security in the cyber domain (cyber security). Additionally, there are a few broad categories of tools — firewalls, encryption, hashing, policies and procedures — that we combine in different ways to meet different security goals.
In this portion of the course we study digital forensics, cyber reconnaissance, cyber attack, and cyber defense. The last three labs actually have you and your classmates conducting cyber operations in a controlled environment — i.e. actually mapping out an opponent's network, actually performing and defending against cyber attacks.
You are responsible for the material on this website. You should consult the course calendar for every class meeting. There you will find lecture notes, homework assignments, and resources.
In class you need to: bring your laptop sufficiently charged or your laptop battery charger, participate fully in discussions and activities, and pay attention during lecture. Expect that you will be able to understand the material, and when you don't, stop the instructor and ask questions. This course was designed without the need for any prior computing knowledge, beyond having used a computer before; you are capable of succeeding in this course.
Outside of class you need to:
If you are able to complete a question on an assignment on your own (without having to discuss with others, or referring to the course notes), then you have sufficient knowledge to succeed in this course.
Based on your current understanding what do you think comprises the cyber domain? Based on you being here you probably agree that your laptop is a part of the cyber domain, and you are correct. But are there other aspects of the cyber domain beyond computers? The answer is yes. The cyber domain is comprised of much more than just computers connected to a network. The cyber domain also consists of physical systems connected to computers. The location of the those systems is a part of the cyber domain — is the system of interest on the USNA grounds, is the system in the U.S., is the system in Australia , is the system in Turkey, is the system in China.
There is a human factor to the cyber domain, and it is not just the geopolitical aspect of the cyber domain. We continually see that the human is the weakest link in the cyber domain. Human nature has driven many technological advances, but human nature has also been the initial attack vector in many cyber security incidents.
The cyber domain is comprised of the users (generally humans at this point) [persona], devices and software that users interact with [interface], logic used by devices and software systems [logic], circuits that provide paths for logic to flow [circuit], and location of the circuits, physical systems, and users [geographic].
The cyber domain is founded in technical principles. The cyber domain is a part of our world. We must be able to operate in cyber domain as individuals, as organizations, and as defenders of nations. As we become more interconnected we become more dependent on the cyber domain.
Persona Aspects represent users that have a role (persona) in the cyber domain. At different times a single person may have multiple personas in the cyber domain. By the nature of you reading and interacting with this website you are a part of the cyber domain.
Interface Aspects represent the hardware devices and software that users interact with to provide input into other components in the cyber domain. Historical interface devices included keyboards and mice, today touch screens, microphones, and even cameras are common place. In the future the interface may be long term implants inside our bodies.
Logic Aspects represent the information that is stored within the information systems; i.e. the meaning of the raw data that are flowing between or stored in systems in the cyber domain.
Circuit Aspects represent the paths that data flow across between systems or systems that store data; i.e. the raw data.
Geographic Aspects represent the physical location of the user, system, or data paths. Geographic aspects include natural boundaries and geopolitical boundaries (borders separating human defined regions).
In a standard layer model there are clearly defined interactions between adjacent layers, and typically a layer only interacts with the layer directly above or below it. The cyber domain is more complex than a simple layer model. In the cyber domain entities associated with one aspect can have many simultaneous interactions with adjacent aspects. Additionally, interactions can skip traditional layers and interact with non-adjacent aspects.
Furthermore the interactions between the aspects are continually changing in number of interactions, and how the interactions are occurring. The same interaction that was safe yesterday might not be safe today. None the less, we must operate in the cyber domain.
The cyber domain is too complex and large to cover all of the areas in a single course, much less all of the areas in great detail. In this course we will focus on the technical foundations from a cyber security view point. Primarily Persona Aspects, Interface Aspects, and Logic Aspects. There will be times when we discuss Circuit Aspects and Geographic Aspects, but future courses in your time at the Naval Academy will cover those aspects in greater detail.