Semester Schedule

In the first half of the semester, class meetings will be a mix of lectures & discussions with project-oriented workshops. In the second half of the semester, these class times will be reserved for work with the teaching team and check-ins tailored to the specific needs of your partner organization.

Most assignments (some exceptions) are listed with a due date on the Sunday at 11:59 PM (Pacific). Readings are to be completed by the end of the week in preparation for the next week’s lectures.

Navigation

Readings List

Week 1: Introduction / What is Public-Interest Cybersecurity?

Lecture Week 1A: Introduction

• Introduction to Public Interest Cybersecurity
  • Introductions
  • Content and methods of the course
  • What is Public Interest Cybersecurity?
• Assignments Due (by Tuesday 11:59PM Pacific):
  • (Review) Code of conduct [Individual]
  • (Read) pages 7 – 21 & 48 – 52 of “An Introduction to Cybersecurity Ethics” (Shannon Vallor, The Markkula Center for Applied Ethics)
  • Prepare answers to questions on pages 13-15 and page 53 for in-class discussion (don’t submit anything).
  • (Read) Sandro Contento, Toronto Star, “How these Toronto sleuths are exposing the world’s digital spies while risking their own lives”
  • (Explore & use) Citizen Lab’s Security Planner
  • (Skim) Tactical Tech’s Annual Report
• Assignments Due (by Wednesday 11:59PM Pacific):
  • (Submit) Signed code of conduct: [Individual]

Lecture Week 1B: Ethical Considerations

• Citizen Clinic “Rules of the Road”
  • Citizen Clinic Code of Conduct
  • Personal Risk of Citizen Clinic
  • How to talk about Citizen Clinic
  • Security Response Plan
• Read (by next week):
  • Citizen Lab. “Bittersweet: Supporters of Mexico’s soda tax targeted with NSO exploit links”
  • Access Now. “Spyware in Mexico: an interview with Luis Fernando García of R3D Mexico”
  • Silver & Elgin. “Torture in Bahrain Becomes Routine With Help From Nokia Siemens”
  • Arthur Turner. “Consulting Is More Than Giving Advice.”
  • Thomas Wedell-Wedellsborg. “Are You Solving the Right Problems?”
  • (Optional) Joseph Cox. “I Gave a Bounty Hunter $300. Then He Located Our Phone”
  • (Optional) Stephen Arnold. “Telestrategies – An Interview with Dr. Jerry Lucas”

Week 2: Threats to Civil Society’s Cybersecurity

Lecture Week 2A: Problem Diagnosis and Reframing

• Guest Speaker: “How to inventory cyber security assets”
• Read:
  • Electronic Frontier Foundation, “Surveillance Self-Defense: Your Security Plan” – know the definitions of underlined terms.
  • Jorge Luis Sierra “Digital and Mobile Security for Mexican Journalists and Bloggers”
  • Le Blond et al. “A look at targeted attacks through the lense of an NGO”
  • SAFETAG Guide. Skim to Section 2.2, then read Section 2.2 and Section 2.3.
  • (Read and Explore Examples) About PESTLE (use an ad-blocker!)
  • (Optionally Watch) CLTC / TechSoup. Webinar. “Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making Practical Improvements.”

Lecture Week 2B:

Week 3: Meet the First Client!

Week 4: Threats to Civil Society’s Cybersecurity

Lecture Week 4A:

• Current Event Brief
• Contextual Brief
  • SAFETAG
  • PESTLE
• Read:
  • NIST SP 800-37 “Risk Management Framework for Information Systems and Organizations.” Chapter 2 only.
  • (Skim) NIST SP 800-39 “Managing Information Security Risk.” Chapter 2 only.
  • (Skim) NISTIR 8062 “An Introduction to Privacy Engineering and Risk Management in Federal Systems.”
  • Example Risk Assessment shared via email.
  • Julian Cohen. “Playbook Based Testing.”
  • MSFT’s STRIDE and related blog posts.
  • Bill Marczak and John Scott-Railton. “Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents”

Week 5: Risk Assessment

Lecture Week 5A:

• Current Event Brief
• Contextual Brief
• Bounding Risk Assessments – Alex’s presentation
  • Review Teams’ Communication Plans [Team]
• Read:
  • Amnesty International. “Digitally dissecting atrocities – Amnesty International’s open source investigations.”
  • Sarah Jeong, Charlie Warzel, Brianna Wu, Joan Donovan. New York Times. “Everything is GamerGate” – Read all of the four essays.
  • Angela Chen. The Verge. “Moderating content doesn’t have to be so traumatic”
  • Sam Dubberley & Michele Grant. First Draft. “Journalism and Vicarious Trauma”
  • (Explore) The EFF’s Security Education Companion

Assignments Due (by Tuesday, 11:59PM Pacific):

• Communication Plan and Collaboration Plan (Break-out Groups) [Team]
  • In Class Collaborative Plan [Team]
  • Due After Class (11:59pm Pacific) Communication Plan [Team]

Week 6: Digital Security Training & Recognizing PTSD (post-traumatic stress disorder)

Lecture Week 6A:

• Current Event Brief
• Contextual Brief
• Social Engineering & Phishing Simulations

Lecture Week 6B:

• Current Event Brief
• Contextual Brief
• Read:
  • Protective Intelligence. “Part I: An Introduction To OSINT Research For Protective Intelligence Professionals”
  • Protective Intelligence. “Part 2: An Introduction To OSINT Research For Protective Intelligence Professionals”
  • Ian Barwise. “Open-Source Intelligence (OSINT) Reconnaissance”
  • (Explore) OSINT Framework
  • (Explore) OSINT.link
  • (Explore) Awesome OSINT
  • (Try) SECALERTS – Automated Security Audit

Week 7: Information Gathering and Analysis

Lecture Week 7A:

• Current Event Brief
• Contextual Brief
  • Adversary Persona Development
• Threat Scenario Development
• Open Source Research Methods, Safety, and Tools
  • Virtual Machines, Networks, & Identities
  • Manual Searches & Google Hacking
  • Automated Tools

Lecture Week 7B: 

• Read:
  • Netgain “Digital Security and Grantcraft Guide”
  • The Engine Room. “Ties That Bind: Organizational Security for Civil Society” – read full report
  • APF et al. “Improving SSL Warnings: Comprehension and Adherence”
  • Abu-Salma et al. “Obstacles to the Adoption of Secure Communication Tools”

Week 8: Improving Baseline Digital Security (Part 1)

Lecture Week 8A:

Lecture Week 8B:

• Contextual Brief
• Legal and Policy Factors For Non-Profits’ Cybersecurity

• Misinformation & Harassment
  • Definitions & Risks
• Read:
  • Micah Lee. “It’s Impossible To Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.”
  • (Watch) Rachel Tobac. “How I would Hack You: Social Engineering Step-by-Step”
  • Weidinger et al. “How To Give A Digital Security Training”
  • EFF. “Am I the Right Person?”
  • EFF. “How to Teach Adults”
  • (Skim) Weidinger et al. “Digital Security Training Resources for Security Trainers, Fall 2019 Edition

Assignments Due (by Sunday, 11:59PM Pacific): Draft Midterm Report and Work Plan [Team]

Week 9: Improving Baseline Digital Security (Part 2)

Lecture Week 9A: No Class

Lecture Week 9B:

• MIDTERM PRESENTATION
• Read:
  • IFTF “State-Sponsored Trolling: How Governments Are Deploying Disinformation as Part of Broader Digital Harassment Campaigns”. Read pages 3 to 21 & 45 to 51.
  • Cindy Otis. USA Today. “Americans could be a bigger fake news threat than Russians in the 2020 presidential campaign”
  • InterAction “Disinformation Toolkit.”
  • Reply All podcast. “#112 The Prophet” Listen to or read transcript.
  • (Optional) Tahmina Ansari. First Draft. “This Muslim journalist embraced social media until it ‘ruined’ his life”

Assignments Due (by Sunday, 11:59PM Pacific):

• Work Plan Updated & Finalized [Team]
• Slides for Midterm Class Presentation [Team]

Week 10: Disinformation & Harassment

Week 10A: Briefings

Week 10B: Briefings

Assignments Due (by Sunday, 11:59PM Pacific): Team Evaluation 1 [Individual]

Clinic Core Hours / Team Check-in

“Clinic Core Hours” refers to the required student attendance of official class meeting hours that will be reserved for instruction specific to partner needs, feedback and guidance from the teaching team, and ad-hoc lectures. Each team member will provide a ~5 minute update on the progress of their assigned partner work.

Week 11A

Week 11B

Week 12A

Week 12B

Week 13A

Week 14: Submission

Week 14A: Physical and Electronic Security demo

Week 14B: Cell Phone cybersecurity

Assignments Due (by (by Sunday, 11:59PM Pacific): Final Partner Report (for Teaching Team Review) [Team]

Week 15: Wrap-up & Project Presentations

Assignments Due (by Tuesday, 11:59PM Pacific): Project Presentations to the class [Team]

Assignments Due (by Friday, 6:00PM Pacific): Team Evaluation 2 [Individual]