ECS 289M: Insider Threats and Attacks on Critical Systems (Spring 2011)

Basic Course Details:

  • Instructor: Professor Sean Peisert
    • Email:
    • Office Location: 2111 Watershed (directions)
    • Office Hours: Tu/Th 10:45a--11:45a, or by appointment

  • Meeting place and time:
    • Tu/Th 4:40p-6:00p (110 Hunt)
    • No class on Tuesday, May 24 or Thursday, May 26 (Oakland conference)

  • CRN: 30960

  • Prereqs: ECS 150, 153, 235A, or permission of instructor.

  • Concept: We will discuss concepts and papers at each class session. Students will volunteer (or be volunteered) to rotate presenting papers to the class. Over the course of the quarter, students will gather ideas to do a course project, which will be due in lieu of a final exam on the last day of class.

  • This course builds on a related course in 2010 but focuses less on tools and techniques and more on specific types of attacks to analyze, including insider threats and critical systems.

  • Grading:
    • Project/Homework: 60% of final grade
    • Paper presentation: 20% of final grade
    • General class participation: 20% of final grade

Course Outline and Reading (Rough)

Discussion Date Topic/Theme/Papers
Tuesday, March 29

Intro to the Class and a Case Study

no reading yet

Thursday, March 31 Insider Threats

Guest Speaker: Matt Bishop, UC Davis

Tuesday, April 5 Insider Threats

Christian W. Probst, Jeffrey Hunker, Matt Bishop, and Dieter Gollmann, Countering Insider Threats (Dagstuhl Seminar Proceedings), 2008.

Matt Bishop, Lizzie Coles-Kemp, Dieter Gollmann, Jeffrey Hunker, and Christian W. Probst, Insider Threats: Strategies for Prevention, Mitigation, and Response (Dagstuhl Seminar Proceedings), 2010.

Thursday, April 7 Insider Threats

Matt Bishop, Sophie Engle, Deborah A. Frincke, Carrie Gates, Frank L. Greitzer, Sean Peisert, and Sean Whalen, "A Risk Management Approach to the 'Insider Threat,'" Insider Threats in Cyber Security, pp. 115–138, Springer Verlag, 2010.

Frank L. Greitzer and Deborah A. Frincke, "Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation," Insider Threats in Cyber Security, pp. 85–113, Springer Verlag, 2010.

Tuesday, April 12


Insider Threats

Lizzie Coles-Kemp and Marianthi Theoharidou, "Insider Threat and Information Security Management," Insider Threats in Cyber Security, pp. 45–71, Springer Verlag, 2010.

A. Beautement, M. A. Sasse, and M. Wonham, "The compliance budget: Managing security behaviour in organisations," Proc. of NSPW 2008.

Thursday, April 14


Control Systems

R. Krishnan, "Meters of Tomorrow," IEEE Power and Energy Magazine, pp. 92-94, Mar. 2008.

A. Ipakchi and F. Albuyeh, "Grid of the future", IEEE Power and Energy Magazine, pp. 52-62, Mar. 2009.

H. Khurana, M. Hadley, N. Lu, and D.A. Frincke, "Smart-Grid Security Issues," IEEE Security & Privacy Magazine, 8(1):81–85, 2010.

Tuesday, April 19


Control Systems

M.D. Ilic, et al., "From hierarchical to open access electric power systems," Proceedings of the IEEE, 95(5):1060–1084, 2007.

The Smart Grid Interoperability Panel Cyber Security Working Group, Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security, Sept. 2010. Sections: 3.1–3.3, 3.7–3.25 (skim!)

Further reading:
L. D. Kannberg, M. C. Kintner-Meyer, D. P. Chassin, R. G. Pratt, J. G. DeSteese, L. A. Schienbein, S. G. Hauser, W. M. Warwick, "GridWise: The Benefits of a Transformed Energy System," p. 25, Nov. 2003. Pacific Northwest National Laboratory under contract with the United States Department of Energy.
S. Massoud Amin, "Securing the Electricity Grid," The Bridge, 40(1), 2010.
Thursday, April 21


Critical Systems

Guest Speaker: Christian Kreibich, ICSI

Tuesday, April 26


Control Systems

Symantec, "W32.Stuxnet Dossier (v.1.4)," February 2011.

Thursday, April 28


Control Systems

D. Salmon, M. Zeller, A. Guzman, V. Mynam, and M. Donolo, "Mitigating the Aurora Vulnerability With Existing Technology," Tech report, Schweitzer Engineering Lab, 2009.

M. Zeller, "Myth or Reality – Does the Aurora Vulnerability Pose a Risk to My Generator?" Tech report, Schweitzer Engineering Laboratories, Inc., 2010.

R. S. Boyer, M. W. Green and J S. Moore, "The Use of a Formal Simulator to Verify a Simple Real Time Control Program," Beauty is Our Business, Springer-Verlag, 1990, pp. 54-66.

Tuesday, May 3


Control Systems

Guest Speaker: Charles McParland, Berkeley Lab

Thursday, May 5


Critical Systems

Guest Speaker: Ed Talbot, Sandia National Laboratories

Tuesday, May 10


Control Systems

M. Pipattanasomporn, H. Feroze, S. Rahman, "Multi-Agent Systems in a Distributed Smart Grid: Design and Implementation," Proc. IEEE PES 2009 Power Systems Conference and Exposition, Mar. 2009.

R. Anderson and S. Fuloria, "Who controls the off switch?" Proc. of IEEE SmartGridComm, October 2010.

R. Anderson and S. Fuloria, "On the security economics of electricity metering," Proc. of WEIS, 2010.

Further reading:
H. Qi, W. Zhang, L. M. Tolbert, "A resilient real-time agent-based system for a reconfigurable power grid," Proc of the 13th International Conference on Intelligent Systems Application to Power Systems, Nov. 6-10, 2005.
M. Chen, C. Nolan, X. Wang, S. Adhikari, F. Li, H. Qi, "Hierarchical utilization control for real-time and resilient power grid," Proc of the 21st Euromicro Conference on Real-Time Systems (ECRTS), 2009.
Stephane Caron, George Kesidis, "Incentive-based Energy Consumption Scheduling Algorithms for the Smart Grid," 1st IEEE SmartGridComm 2010, October 2010
H. Qi, L. Tolbert, F. Li, X. Wang, K. Tomsovic, F. Z. Peng, P. Ning, M. Amin, "Securing the power grid with collaborative embedded intelligence," Proc. of the Workshop on New Research Directions for Future Cyber-Physical Energy Systems, June 2009.
Thursday, May 12


Control Systems

Guest Speaker: Steven Templeton, UC Davis

Tuesday, May 17


Control Systems

T. Denning, A. Borning, B. Friedman, B.T. Gill, T. Kohno, and W.H. Maisel, "Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices," Proc. of CHI, 2010.

W.H. Maisel and T. Kohno, "Improving the Security and Privacy of Implantable Medical Devices," New England Journal of Medicine, 362(13), April 2010.

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, "Experimental Security Analysis of a Modern Automobile," Proc. of IEEE Security & Privacy, Oakland, May 2010.

H. K. Prasad, J. A. Halderman, R. Gonggrijp, S. Wolchok, E. Wustrow, A. Kankipati, S. K. Sakhamuri, V. Yagati, "Security Analysis of India's Electronic Voting Machines," Proc. of ACM CCS, 2010.

Thursday, May 19


Red Teaming, Data Sanitization & Critical Systems

Guest Speaker: Matt Bishop, UC Davis

Tuesday, May 24

No Class: Oakland Conference
Thursday, May 26

No Class: Oakland Conference & GGCS Spring Research Forum
Tuesday, May 31


Student Presentations
Thursday, June 2


Student Presentations


Details TBA.