Syllabus
Last updated
Last updated
For individuals and organizations involved in political advocacy, cybersecurity threats are an increasingly common reality of operating in the digital world. Civil society has always been under attack from ideological, political, and governmental opponents who seek to silence dissenting opinions, but the widespread adoption of connected technologies by the individuals and organizations that make up civil society creates a new class of vulnerabilities.
Citizen Clinic at the Center for Long-Term Cybersecurity provides students with real-world experience assisting politically vulnerable organizations and persons around the world to develop and implement sound cybersecurity practices. Clinic students will participate in both a classroom and clinic component. In the classroom, students will study the basic theories and practices of digital security, the intricacies of protecting largely under-resourced organizations, and the tools needed to manage risk in complex political, sociological, legal, and ethical contexts. In the clinic component, students will work in teams supervised by the Clinic staff to provide direct cybersecurity assistance to civil society organizations. Students’ clinic responsibilities will include learning about an organization’s mission and context, assessing its vulnerabilities, and ultimately recommending and implementing mitigations to the identified security risks. The emphasis will be on pragmatic, workable solutions that take into account the unique operational needs of each partner organization. Weekly lectures will provide students with the background information and tools they will need to engage with partners. Coursework will focus on partner-facing, hands-on projects. Students will be expected to work an average of 10 hours per week, although the distribution of this workload may fluctuate based upon the availability and needs of the partner.
In the first half of the semester, class meetings will be a mix of lectures & discussions with project-oriented workshops. In the second half of the semester, these class times will be reserved for work with the teaching team and check-ins tailored to the specific needs of your partner organization.
Most assignments (some exceptions) are listed with a due date on the Sunday at 11:59 PM (Pacific). Readings are to be completed by the end of the week in preparation for the next week’s lectures.
Note: This schedule is tentative and may be adjusted - assignment dates may change, additional readings may be assigned, speakers/lectures may be shuffled, etc. The teaching team will announce when changes are made.
5/2 Lecture Week 1A:
● Introduction to Public Interest Cybersecurity
o Introductions
o Content and methods of the course
o What is Public Interest Cybersecurity?
Assignments Due (by Tuesday 11:59PM Pacific):
● (Review) Code of conduct: Posted in “files” section on 2U. [Individual]
● (Read) pages 7 - 21 & 48 - 52 of (Shannon Vallor, The Markkula Center for Applied Ethics)
Prepare answers to questions on pages 13-15 and page 53 for in-class discussion (don’t submit anything).
5/3 Assignments Due (by Wednesday 11:59PM Pacific):
● (Submit) Signed code of conduct: [Individual]
5/4 Lecture Week 1B:
● Ethical Considerations.
● Citizen Clinic “Rules of the Road”
o Citizen Clinic Code of Conduct.
o Personal Risk of Citizen Clinic.
o How to talk about Citizen Clinic.
o Security Response Plan.
Read (by next week):
5/9 Lecture Week 2A:
● Problem Diagnosis and Reframing
5/11 Lecture Week 2B:
● Guest Speaker: “How to inventory cyber security assets”
Read:
5/16: Meet the first client
● Guest Speaker: Client
Week 4: Threats to Civil Society’s Cybersecurity
5/18 Lecture Week 4A:
● Current Event Brief
● Contextual Brief
o SAFETAG
o PESTLE
Read:
● Example Risk Assessment shared via email.
5/23 Assignments Due (by Tuesday, 11:59PM Pacific):
● Communication Plan and Collaboration Plan (Break-out Groups) [Team]
o In Class Collaborative Plan [Team]
o Due After Class (11:59pm Pacific) Communication Plan [Team]
5/25 Lecture Week 4B:
● Current Event Brief
● Contextual Brief
● Bounding Risk Assessments – Alex’s presentation
o Review Teams’ Communication Plans [Team]
Read:
5/30 Week 8A:
● Contextual Brief
● Current Event Brief
● Social Engineering & Phishing Simulations
6/1 Week 8B:
● Contextual Brief
● Current Event Brief
Read:
6/6: Lecture Week 5A:
● Current Event Brief
● Contextual Brief
o Adversary Persona Development
● Threat Scenario Development
● Open Source Research Methods, Safety, and Tools
o Virtual Machines, Networks, & Identities
o Manual Searches & Google Hacking
o Automated Tools
6/8 Lecture Week 5B: continued
Read:
6/12 Assignments Due (by Sunday, 11:59PM Pacific):
● Draft Midterm Report and Work Plan [Team]
6/13 Lecture Week 6A:
● Contextual Brief
● Legal and Policy Factors For Non-Profits’ Cybersecurity
6/15: Lecture Week 6B:
● Misinformation & Harassment
o Definitions & Risks
Read:
6/19Assignments Due (by Sunday, 11:59PM Pacific):
● Work Plan Updated & Finalized [Team]
● Slides for Midterm Class Presentation [Team]
6
6/20 Lecture Week 7A:
No class – holiday
6/22 Lecture Week 7B:
● MIDTERM PRESENTATION
Read:
6/26 Assignments Due (by Sunday, 11:59PM Pacific):
● Team Evaluation 1 [Individual]
6/27 Week 9A:
● Briefings
6/29 Week 9B:
● Briefings
7/4 Holiday
7/6 Week 10A: Clinic Core Hours / Team Check-in
“Clinic Core Hours” refers to the required student attendance of official class meeting hours that will be reserved for instruction specific to partner needs, feedback and guidance from the teaching team, and ad-hoc lectures. Each team member will provide a ~5 minute update on the progress of their assigned partner work.
7/11 Week 11A: Clinic Core Hours / Team Check-in
7/13 Week 11B: Clinic Core Hours / Team Check-in
7/18 Week 12A: Clinic Core Hours / Team Check-in
7/20 Week 12B: Clinic Core Hours / Team Check-in
7/24 Assignments Due (by (by Sunday, 11:59PM Pacific):
● Final Partner Report (for Teaching Team Review) [Team]
7/25 Week 13A: Physical and Electronic Security demo
7/27 Week 13B: Cell Phone cybersecurity
7/31 Assignments Due (by Tuesday, 11:59PM Pacific):
● Project Presentations to the class [Team]
8/1 Assignments Due (by Friday, 6:00PM Pacific):
● Team Evaluation 2 [Individual]
8/3 Week 14A:
Presentation to Client
Workload.
This is a 3-unit, 14-week class. Coursework will primarily focus on partner-facing projects while weekly lectures will be used to inform and engage with students’ hands-on experiences. Students are expected to work an average of 10 hours per week on this course; however, the distribution of this workload may fluctuate based on the availability and needs of the partner.
Evaluation.
Assignments will largely be evaluated on the following rubric that emphasizes (1) sound rationale in assessments, recommendations, and reflections, (2) “partner-ready” work products which reflect professional quality, and (3) completing the instructions of the assignment or the requirements agreed upon work plan with the partner.
General Grading Rubric*
Component
0 points
5 points
10 points
Rationale
Does not meet partner needs, introduces serious harms to partner, shows limited or inappropriate consideration for context
Addresses most of partner needs, some oversight of potential harms to partner, mostly appropriate for given context.
All partner needs are met, feasible & effective rationale that addresses all major threats, appropriate for given context.
Professionalism
Hard to understand, full of jargon, serious writing/format errors present, tone / design unsuitable for its audience
Writing is mostly understandable; minor writing/format errors (typos), mostly appropriate tone / design
“Partner-ready,” clear and concise writing, almost no writing/formatting errors, appropriate tone & design for its audience
Requirements
Some requirements in assignment or work plan not met; no insights or connections to readings/lectures; for group work: no evidence of group work
Most requirements met, some evidence for connections with readings/lectures; for group work: some evidence of group work
All requirements met, with clear, thoughtful insights and multiple cited connections to relevant readings/lectures; for group work: full evidence of strong, equitable collaboration
*Note: Students taking the course for P/NP or S/U are expected to participate in classes and complete all work to the same level of quality as students taking the course for a letter grade.
Assignments.
1. Partner Deliverables - 60%
The largest portion of graded evaluation will be based upon your team’s work and support for its assigned partner. These deliverables may include assessments, recommendations, and guides, each tailored towards the partner’s needs. Each team will also deliver a final report summarizing work performed with their partner.
2. Individual Assignments - 10%
Two individual assignments will be given:
Current Event Discussion Lead (5%): Each student will sign up to lead one 15 minute discussion at the beginning of most lectures. Students will be expected to locate and share about a recent, current event relevant to the day’s lecture topic. Topic leaders will emphasize interesting or relevant points while other students are expected to ask questions and comment.
Contextual Briefs (5%): Each student is expected to share findings of their contextual research in one 10 + 5 minute presentation (no more than 10 minutes of content saving at least 5 minutes for Q&A) during the first half of the semester. Students will share relevant, up-to-date, sourced information on one or more PESTLE factors and, importantly, provide an analysis on those factors’ impact on their partner’s security. Briefers will emphasize why their research is relevant to their partner organization while other students are expected to ask questions and comment.
3. Team Case Study - 10%
We want students to be able to discuss and share their experience in the course with others, including future employers. We also want our partners to remain confidential and protected. This being said, each student team will submit a write-up of work performed and takeaways with sensitive information removed. The teaching team will review to ensure your experience is captured in an effective & safe manner.
4. Participation - 10%
We consider “participation” in two major components: participating in regular class discussions and participating in team & partner meetings outside of class hours.
a. You are expected to attend each official class meeting and contribute substantially to class discussions. The teaching team should be notified in advance of absences from class meetings (including Clinic Core Hours). You do not need to share the reason for the absence. Not showing up to team check-ins will also negatively impact this grade.
b. As a rule, two people from your team must attend any partner meeting or call. While you may not be able to attend every team meeting and partner engagement outside of normal class hours, you are expected to attend and contribute to your team’s effort as often as possible.
5. Team Evaluations - 10%
Throughout the course, you will submit confidential evaluation forms which ask you to evaluate the contributions of each team member including yourself. Your final course grade will be adjusted, higher or lower, if you are contributing more or less than those within your group. If there are difficulties with any team member, discuss the matter within your team and seek resolution. If you cannot resolve the problem, immediately contact any faculty member, so that we can make an appointment to discuss the situation individually or with the entire group as needed.
Late assignments.
As we want to respect the time of our partners and ensure a high level of quality control (the teaching team will review deliverables before it reaches the partner), we expect students to adhere to timelines and due dates. Each day an assignment is late will result in a letter grade deduction. Recognizing that emergencies arise and partners may require schedule adjustments, exceptions will be made on a case-by-case basis.
Code of Conduct.
Each student enrolled in the course must agree in writing to the Citizen Clinic’s Code of Conduct (to be distributed) for maintaining a safe and secure learning experience and partner relationship. This Code of Conduct will be respected by all students, the teaching team, and CLTC staff and it is the responsibility of all personnel to report possible violations of the Code of Conduct to the teaching team.
Disability Accommodation.
If you need disability-related accommodations in this class, if you have emergency medical information you wish to share with us, or if you need special arrangements in case the building must be evacuated, please inform us as soon as possible.
● (Read) Sandro Contento, Toronto Star,
● (Explore & use) .
● (Skim)
● Citizen Lab.
● Access Now.
● Silver & Elgin.
● Arthur Turner.
● Thomas Wedell-Wedellsborg.
● (Optional) Joseph Cox.
● (Optional) Stephen Arnold.
● Electronic Frontier Foundation, - know the definitions of underlined terms.
● Jorge Luis Sierra
● Le Blond et al.
● Skim to Section 2.2, then read Section 2.2 and Section 2.3.
● (Read and Explore Examples) (use an ad-blocker!)
● (Optionally Watch) CLTC / TechSoup. Webinar.
● NIST SP 800-37 Chapter 2 only.
● (Skim) NIST SP 800-39 Chapter 2 only.
● (Skim) NISTIR 8062
● Julian Cohen.
● and related blog posts.
● Bill Marczak and John Scott-Railton.
● Amnesty International.
● Sarah Jeong, Charlie Warzel, Brianna Wu, Joan Donovan. New York Times. - Read all of the four essays.
● Angela Chen. The Verge.
● Sam Dubberley & Michele Grant. First Draft.
● (Explore) .
● Protective Intelligence.
● Protective Intelligence.
● Ian Barwise.
● (Explore)
● (Explore)
● (Explore)
● (Try)
● Netgain
● The Engine Room. - read Full Report.
● APF et al.
● Abu-Salma et al.
● Micah Lee.
● (Watch) Rachel Tobac.
● Weidinger et al.
● EFF.
● EFF.
● (Skim) Weidinger et al.
● IFTF . Read pages 3 to 21 & 45 to 51.
● Cindy Otis. USA Today.
● InterAction
● Reply All podcast. Listen to or read transcript.
● (Optional) Tahmina Ansari. First Draft.
Additionally, we expect all students to abide by the Berkeley Student Code of Conduct (see ) and act with honesty, integrity, and respect for others. (See also ). The consequences for failing to act within these standards may include failing an assignment, a referral to the Center for Student Conduct and Community Standards, a failed grade in the course, and even immediate expulsion. A note on plagiarism: even in the scope of providing a partner with a walkthrough for securing a certain account or system, you are expected not to copy material from another guide, website, article or book (word-for-word or paraphrased) without citing the source - it’s a small community and we should give credit where it is due. Other examples of unacceptable conduct include turning in deliverables created by students not currently in the course, work found on the Internet, or created by a commercial service.