TU Delft
Education Type
Education print this page print this page     
2014/2015 Technology, Policy and Management Master Complex Systems Engineering and Management
Cyber Security Essentials
Module Manager
Name E-mail
Prof.dr.ir. J. van den Berg    J.vandenBerg@tudelft.nl
Name E-mail
Mr.dr.ir. S. Daskapan    S.Daskapan@tudelft.nl
Contact Hours / Week x/x/x/x
Education Period
Start Education
Exam Period
Course Language
Expected prior knowledge
Prerequisite to this course is a moderate understanding of computer network technologies and information security (essentials).
PRELIMINARY schedule of lectures around five THEMES:


1. Domain, Context and Terms of Reference.
a. setting the scene: cyberspace conceptualized
b. difference between information and cyber security
c. dependency of society on the internet and their threats
d. cyber -security, -crime, -warfare, etc
e. course organization

2. Refresh IT & Information security and dependability
a. risk (Threats,Vulnerabilities, impact, etc)
b. network security
c. dependability
d. technologies: IDS, firewalls, HTTPS, PKI, ...


3. A risk based approach to
a. various cyber subdomains: assets, vulnerability, threat identification (know your enemy),(counter)measures (including system monitoring & detection), crisis management
d. using standards and best practices, discussion of their limitations

4. Designing resilient and secure infrastructures
a. design of single secure systems
b. design of cooperative secure systems
c. Case + assignment


5. Critical infrastructures (CI)
a. Our dependence on CI: A geo-political view
b. The case of electricity, gas, transport, banking,,etc

6. Industrial control systems (SCADA/PLC)
a. Types/architectures
b. Security vulnerabilities
i. Stuxnet case

7. Critical information infrastructures (CII)
a. PKI (diginotar case),
b. Internet (DNS, BGP, …)
c. Logistics case: Casandra


8. Digital weaponry
a. Hacking methods and techniques
i. Process
ii. Typology of weapons (hacking tools): scanning, penetration,…
iii. Application: Demo
b. Case + assignment

9. Business intelligence and cyber security
a. Methods and techniques
b. Case + assignment

10. Digital forensics
a. Methods and techniques
i. Forensic process
ii. Tools
iii. application
b. Case + assignment

11. Developing malware
a. Methods and techniques
b. Tools
c. application
d. Case + assignment


12. Cyber security: an institutional view
a. Current political and (inter)national developments
b. actor responsibility analysis: which actor (government, ISPs, business partners, individual users, ..) is responsible for what?

13. Optional: An institutional case

14. Legal/ Ethical issues of cyber security/warfare
a. Role of government: safety vs privacy
b. Border crossing challenges

Course Contents
This course focuses on the theory and practice of cyber security and warfare (CSW). Students are introduced to the interdisciplinary field of CSW by discussing the evolution of information security into cyber security and the relationship of information security to nations, businesses, society, and people. Besides technologies also cyber capabilities of nation-states as well as non-state actors; and cyber-related challenges in critical infrastructures facing governments will be discussed. Students will be exposed to multiple cyber security technologies, processes, and procedures, learn how to analyze the threats, vulnerabilities and risks present in these environments, and develop appropriate strategies to mitigate potential CSW problems. This CSW course provides students interested in this field a broader understanding of the ESSENTIAL challenges and skills needed to secure our Internet-based society.
Study Goals
1. Creating awareness of the fundamental dependence of our critical infrastructures (CIs) on the Internet and their vulnerabilities to cyber attacks;
2. Getting knowledge and understanding of CSW risk management, i.e., of (i) the triad threats - incidents - risks in cyber space and (ii) preventative and repressive measures to mitigate risks to acceptable levels;
3. Getting knowledge and understanding of the cyberspace battlefield, their actors, motives and tools (‘weapons’);
4. Getting knowledge, understanding and skills around modeling cyberspace as a complex system of systems;
4. Getting knowledge, understanding and skills around monitoring situational awareness of cyberspace based on data analytics and forensics;
6. Getting knowledge and understanding of legal and ethical issues related to CSW.
Education Method
Around 14 lectures given by cyber security experts from the academia, the industry and the government. Several assignments (take home work) will be given: see further under Evaluation or Testing.
Literature and Study Materials
Will be made available on BlackBoard in July/August.
Based on a set of individual and group assignments supplemented with a final research assignment.