This course is designed to introduce students to the complexities of cybersecurity policy. Most popular literature treats cybersecurity risks as a technical problem, with threats and vulnerabilities appearing often seemingly at random. This course will refocus student’s attention on the interplay of technical, economic and political factors that create demand for cybersecurity policies, and influence the deployment of solutions – both in the public and private sectors.
The undoubted prominence of cybersecurity in media and political debates in recent years has not produced widespread public understanding of the risks and opportunities involved of cyberspace. While individual products (e.g., Smart Phones) and digital services (delivered via the Internet) are adopted – with market fashion and trends influencing global technology development, vulnerabilities and their exploitation by hackers, criminals or agencies of nation-states are often treated as hidden factors – potentially unknowable and of little interest to customers.
There is an unavoidable US–centric aspect to this course. The literature on cybersecurity policy is dominated by US scholars and approaches, current and former government officials and industry technology suppliers and business – oriented commentators. Important contributions, however, are made by scholars and researchers from elsewhere in the world. An effort is made to integrate some of this work in selected readings that expand the core reading list presented below. These added resources are signified by the addition of an asterisk (*) adjacent to the reference item. It is of course the case that many countries have begun to develop national approaches to cybersecurity policy and strategy. Later in the course we examine some of these approaches from the vantage point of a better understanding of US approaches over the last 2 decades. This provides a basic baseline for comparison, and an added appreciation of the unique factors in different national security and economic circumstances that impact the approaches adopted by both nation states and private sector organizations.
This course will provide students with a conceptual framework for understanding the emergence of the cybersecurity policy issue set, with parallel economic, technical, and political factors influencing the policy setting. Equipped with a better grounding in policy supply and demand, students will then be exposed to the challenges involved in reconciling sometimes competing policy goals such as privacy protection, national security, economic growth, and open access to information and education.