Thomas Rid
Director of the Alperovitch Institute for Cybersecurity Studies
Professor of Strategic Studies
The rise of computer network operations is an increasingly well-known story. This course explores the missing flip-side of cyber espionage: the neglected twenty-year story of one of the most momentous and radical shifts in the entire history of intelligence—the rise of digital counterintelligence. This hidden revolution was powered by a tripod of forces, all coming to the fore in the mid-2010s: the explosive growth of digital espionage; the extraordinary rise of an alternative, entrepreneurial investigative community that cut across sectors and borders; and by the drip-drip of three vast, unprecedented, and unique intelligence leaks. The class traces the evolution of some of the core conceptual frameworks and essential tools of threat intelligence and digital forensics, such as the “advanced persistent threat,” the cyber kill chain, indicators of compromise, network monitoring, malware analysis, and attribution. The class will, unlike any other class anywhere, illustrate and contrast the rise of private sector APT hunting with a detailed chronological look at how Five Eyes intelligence agencies pioneered “counter computer network exploitation.” We will explore core intelligence concepts of passive collection, active-passive integration, signals intelligence development, implant frameworks, and fourth party collection.