Identify a recent incident in cyber(in)security, investigate it in detail and write up a report on it using the following structure. Please see below for ineligible incidents.
Maximum 2000 words. This does not include references. Provide citation of sources using any recognized format.
The paper must contain the following two sections:
- Apply the Diamond model
Use the framework of the model to identify Adversary, Victim, Infrastructure and Capability. Pay special attention to what the paper calls “the Social-Political meta-feature determining the Adversary-Victim relationship, and the Technology meta-feature enabling both the infrastructure and capabilities.”
- Policy assessment
Identify at which level of organization this problem is best addressed. Does this incident, in your judgment, reflect the need for some kind of public policy change at the national (9) or transnational (10) level? Or is it best handled at the organizational (8) or industry level (8.5)? In making this assessment, consider how common these types of incidents are, what kinds of risks they pose, and what kind of legal, technical or policy tools could combat them.
Grading will be based on the following criteria:
- Thoroughness of background research
- Demonstrated understanding of and correct application of the diamond model
- Demonstrated understanding of the different “layers” of governance and the reasoning underlying your policy recommendations
- Clarity and organization of the writing
Ineligible Incidents
The below incidents can not be used for this assignment. The reason is that some incidents have already been analyzed in class, or there are already too many materials floating around on the web that could be copied. Here is a list of incidents that are not allowed:
- Banrisul (Brazilian bank) (2016)
- Capital One (2019)
- Equifax (2017)
- Marriott (2018)
- Solarwinds (2020)
- Target (2013)
- TJX (2007)
- Ukraine electrical power grid (2015/2016)
- US Office of Personnel Management (2014)
- Yahoo (2014/2016)