Minor in Cybersecurity and International Conflict
The minor in cybersecurity and international conflict analyzes the role of cyber warfare and cybersecurity in international politics—past, present, and future. Cyber attacks by nation-states and their proxies have the potential to reshape how wars are fought in the twenty-first century. As such, the complexity and policy challenge of cyber-engagements is immense and altogether without precedent. The minor addresses the role of deterrence, dissuasion, and attribution in cyber conflict, while also studying the nuances of key components of modern warfare—from the security dilemma to escalation management.
Rationale
The minor in cybersecurity and international conflict analyzes the past, present, and future role of cyber conflict and cybersecurity in international politics. Cyber attacks by nation-states and their proxies have an important impact upon conflict. The complexity and policy challenges of cyber-engagements is immense. This minor addresses the role of deterrence, dissuasion, and attribution in cyber conflict, while also studying the nuances of key components of modern warfare—from the security dilemma to escalation management.
Courses in this minor focus on the existing gaps in our understanding of cybersecurity and international conflict, such as whether cyberspace is offense or defense dominant (or over time fluid between the two), and which factors are important in determining the answer to this. Other relevant questions include how nation-states, their primary adversaries, and a bevy of nonstate actors engage online and in the virtual and information environments. Accordingly, the minor exposes students to basic technology concepts, methods of attack and defense, potential strategy and goals for cyber-engagement, and response and forensics for cyber-engagements.
Alongside conventional methods of warfare, cybersecurity has rapidly developed into a centerpiece of a state’s ability to project power. As the United States and other emerging cyber powers craft and implement doctrine in this domain, there is likely to be a rapid increase in activity, from efforts to disrupt the online activities of global terrorist networks, to cybersecurity offense and defense in the Russia-Ukraine war, to near daily raids on foreign networks designed to cripple states’ cyberweapons before they can be deployed. In addition, the impact of cyberattacks on critical infrastructure, theft of intellectual property, pervasive identity theft, and hacking of sensitive databases have accumulated, gradually wearing down civilian networks and achieving strategic effects over time.
In the shifting landscape of cyber capabilities, how will laws, authorities, and policies keep pace? What are the implications and consequences of actions that may be considered “short of war” by some countries but “above the threshold” of conflict by others? Will a more aggressive defensive posture with respect to cybersecurity inadvertently increase the risk of conflict with states that sponsor malicious hacking groups? What is the proper balance between offense and defense in cybersecurity and how are cyber operations best integrated into a country’s overall military strategy?
Unlike other kinds of conflicts, attribution of attacks presents significant challenges. Indeed, in many cases, it can be difficult to determine whether the attacker is a nation-state, a nonstate actor, a criminal gang, or a lone hacktivist. Investigators must combine technical and traditional methods to identify potentially responsible parties and to understand their intent. If the aggressor’s identity cannot be confirmed, how can a counterattack be launched? Some attackers may seek to mount “false flag” attacks and deception, for example, that misdirect defenders to counter-attack in the wrong direction.
Additionally, what are appropriate responses to attacks made on civil infrastructure and private business operations, such as in the areas of financial services, transportation, energy, entertainment, and health care? In other words, what are the appropriate rules of engagement for national systems, infrastructural systems, businesses, and individuals? When, for example, is a counterattack or a “kinetic” response permissible?
These questions have major implications for the study of war and peace. Those who seek to start a war may be harder to find and their motives more difficult to discern. The cybersecurity and international conflict minor tackles the social-scientific dimensions of cybersecurity with a focus on the implications of the cyber age for modern statecraft, warfare, elections (local, state, and national), and domestic and international politics.
Curriculum
Curriculum (60 units)
Foundational Course
Students must take one of the following three foundational courses (9 units):
| 84-104 | Decision Processes in American Political Institutions | 9 |
| 84-226 | International Relations | 9 |
| 84-275 | Comparative Politics | 9 |
Core Courses
Students must take all of the following core courses (24 units):
| 84-387 | Remote Systems and the Cyber Domain in Conflict | 9 |
| 84-388 | Concepts of War and Cyber War | 6 |
| 84-405 | The Future of Warfare | 9 |
Elective Courses
Students must take three courses from the following list of elective courses (27 units). At least one course (9 units) must be taken from the Carnegie Mellon Institute for Strategy & Technology (CMIST) and have an 84-number.
| 84-200 | Security War Game Simulation | 6 |
| 84-312 | Terrorism in Sub-Saharan Africa | 6 |
| 84-317 | Defense Resourcing: From Strategy to Execution | 6 |
| 84-319 | Civil-Military Relations | 9 |
| 84-323 | War and Peace in the Contemporary Middle East | 9 |
| 84-325 | Contemporary American Foreign Policy | 9 |
| 84-327 | Repression and Control in Dictatorships | 9 |
| 84-328 | Military Strategy and Doctrine | 9 |
| 84-329 | Asian Strategies | 6 |
| 84-365 | The Politics of Fake News and Misinformation | 9 |
| 84-370 | Nuclear Security & Arms Control | 9 |
| 84-372 | Space and National Security | 9 |
| 84-373 | Emerging Technologies and International Law | 9 |
| 84-374 | Technology, Weapons, and International Conflict | 9 |
| 84-380 | US Grand Strategy | 9 |
| 84-383 | Cyber Policy as National Policy | 6 |
| 84-386 | The Privatization of Force | 9 |
| 84-389 | Terrorism and Insurgency | 9 |
| 84-390 | Social Media, Technology, and Conflict | 9 |
| 16-735 | Ethics and Robotics | 12 |
| 17-200 | Ethics and Policy Issues in Computing | 9 |
| 17-303 | Cryptocurrencies, Blockchains and Applications | Var. |
| 17-331 | Information Security, Privacy, and Policy | 12 |
| 17-333 | Privacy Policy, Law, and Technology | 9 |
| 17-334 | Usable Privacy and Security | 9 |
| 17-702 | Current Topics in Privacy Seminar | 3 |
| 79-301 | History of Surveillance: From the Plantation to Data Capitalism | 6 |
| 79-302 | Killer Robots:The Ethics, Law, and Politics of Lethal Autonomous Weapons Systems | 6 |
| 80-249 | AI, Society, and Humanity | 9 |
| 95-444 | Cybersecurity Policy and Governance I | 6 |
Students are permitted to double count a maximum of two courses between the minor in Cybersecurity and International Conflict and another major or minor.