������Ƶ

In
January 2011, Aaron Barr, the CEO of HBGary Federal, a company that sold
digital security services to the federal government, thought he had discovered
a goldmine. Less than two months later, his life, his company, and his reputation
lay in shambles. “Cascades,” a three-part case study produced by ������Ƶ’s Open
Technology Institute (OTI), tells the story of what transpired in between. details how, amid substantial financial difficulty, Barr and his firm attempted
to uncover the leaders of Anonymous, a prominent hacktivist collective.
explores how Anonymous retaliated by exploiting numerous gaps in HBGary’s IT
defenses to release tens of thousands of the firm’s e-mails; deface the
company’s website; and post online Barr’s social security number, telephone
number, and home address. concludes by detailing the aftermath of the
attack and examining its implications for hacktivism, digital security, and
public policy.

 In narrating this cascading crisis,
the case—which draws on interviews with academic experts, journalists, and
policymakers—aims to animate student discussion around several core questions.
Chiefly: Why is the Internet so difficult to
secure? How can technological and human/cultural flaws “cascade” to create
crises? And what can society as a whole and policymakers specifically do to
mitigate some of these risks.

More broadly, the narrative attempts to fill a gap in U.S.
public policy schools’ curricula. Over the last decade, threats to online
personal safety—ranging from stolen credit card information to compromised
social media accounts—have become frighteningly commonplace. At the same time, many
high-profile organizations—including Sony, Chick-fil-A, and the U.S. Postal
Service—have recently experienced serious data breaches.[1] Nonetheless, the U.S.
government is just beginning to grasp the gravity of online threats and how to
respond to them, and U.S. public policy schools are lagging behind in educating
future leaders about how to prepare for and deal with these risks.

“Cascades” is part of a
������Ƶ strategy, titled “Bridging the Tech-Policy Divide,” to create a
curriculum focused on the intersection of information technology and public
policy that can be federated at schools across the country. The first case
study in this curriculum, Riding the Wave, detailed how
Congressman Seth Moulton’s 2014 campaign leveraged social media to advance its
efforts; in other words, an example of how information technology enabled an
organization to achieve its goals. This case, by contrast, illuminates how
modern technology can just as easily facilitate an organization’s downfall. The
takeaway is that information technology is powerful but—like most innovations—can
be used for enormous good or evil. Future policy leaders must study this tool
so that they can ensure that its positive qualities hold sway.

the Teaching Note for this case study

[1] “Data Breach
Tracker: All The Major Companies That Have Been Hacked,” Money, October 30, 2014, available at (accessed on
January 2, 2016).