Carnegie Mellon University

Minor in Cybersecurity and International Conflict

The minor in cybersecurity and international conflict analyzes the role of cyber warfare and cybersecurity in international politics—past, present, and future. Cyber attacks by nation-states and their proxies have the potential to reshape how wars are fought in the twenty first century. As such, the complexity and policy challenge of cyber-engagements is immense and altogether without precedent. The minor addresses the role of deterrence, dissuasion, and attribution in cyber conflict, while also studying the nuances of key components of modern warfare—from the security dilemma to escalation management.

Courses in this minor focus on the existing gaps in our understanding of cybersecurity and international conflict, such as whether or not cyberspace is offense or defense dominant and which factors are most important in determining the answer to this, and other relevant questions, including how nation-states, their primary adversaries, and a bevy of nonstate actors engage online and in the virtual and information environments. Accordingly, the minor exposes students to basic technology concepts, methods of attack and defense, potential strategy and goals for cyber-engagement, and response and forensics for cyber-engagements.

Alongside conventional methods of warfare, cybersecurity has rapidly developed into a centerpiece of state’s ability to project power and impose its will in order to achieve its national priorities and strategic objectives. As the United States and other emerging cyber powers craft and implement doctrine in this nascent domain, there is likely to be a rapid increase in activity, from efforts to disrupt the online activities of global terrorist networks like the Islamic State to near daily raids on foreign networks designed to cripple states’ cyberweapons before they can be deployed.

In the shifting landscape of cyber capabilities, how will laws, authorities, and policies keep pace? What are the implications and consequences of actions that may be considered “short of war” by some countries but “above the threshold” of conflict by others? Will a more aggressive defensive posture with respect to cybersecurity inadvertently increase the risk of conflict with states that sponsor malicious hacking groups? What is the proper balance between offense and defense in cybersecurity and how are cyber operations best integrated into a country’s overall military strategy?

Unlike other kinds of conflicts, the attribution of attacks presents significant challenges. Indeed, in many cases, it can be difficult to determine whether the attacker is a nation-state, a nonstate actor, a criminal gang, or a lone hacktivist. Investigators must combine technical and traditional methods to identify potentially responsible parties and to understand their intent. If the aggressor’s identity cannot be confirmed, how can a counterattack be launched?  Some attackers may seek to mount “false flag” attacks and deception, for example, that misdirect defenders to counter-attack in the wrong direction. Additionally, what are appropriate responses to attacks made on civil infrastructure and private business operations, such as in the areas of financial services, transportation, energy, entertainment, and health care? In other words, what are the appropriate rules of engagement for national systems, infrastructural systems, businesses, and individuals? When, for example, is a counterattack or a “kinetic” response permissible?

These questions have major implications for the study of war and peace. More than at any time in the past, those who seek to start war may be harder to find and their motives more difficult to discern. Many of the technical challenges posed by cyberspace activities will be addressed in the School of Computer Science’s new security and privacy concentration for SCS students.  The SCS program, available to non-SCS students as a minor, requires a high degree of math and quantitative training. The cybersecurity and international conflict minor proposed herein tackles the social-scientific dimensions of cybersecurity with a focus on the implications of the cyber age for modern statecraft, warfare, elections (local, state, and national), and politics, more generally.


Curriculum

Foundational Course

Students must take one of the following two foundational courses (9 units):

84-275 Comparative Politics
84-326 Theories of International Relations

Core Courses

Students must take all of the following core courses (24 units):

84-387  Technology and Policy of Cyber War
84-388 Concepts of War and Cyber War (6 unit mini)
84-405  The Future of Warfare

Elective Courses

Students must take three courses from the following list of elective courses (27 units). At least one course (9 units) must be taken from the Institute for Politics and Strategy and have an 84-number.

79-298 Mobile Phones & Social Media in Development & Human Rights: A Critical Appraisal
79-301 History of Surveillance: From the Plantation to Edward Snowden
79-302 Killer Robots: The Ethics, Law, and Politics of Lethal Autonomous Weapons System
80-249  AI, Humanity, and Society
84-319  U.S. Foreign Policy and Interventions in World Affairs
84-325 Contemporary American Foreign Policy
84-370 Global Nuclear Politics
84-372 Space and National Security
84-380 Grand Strategy in the United States
84-386 The Privatization of Force
84-389 Terrorism and Insurgency
84-390 Social Media, Technology, and Conflict
84-414 International and Subnational Security
17-200 Ethics and Policy Issues in Computing
17-303 Cryptocurrencies, Blockchains and Applications
17-331 Information Security, Privacy, and Policy
17-333  Privacy Policy, Law, and Technology
17-334 Usable Privacy and Security
17-702 Current Topics in Privacy

Students are permitted to double count a maximum of two courses between the minor in cybersecurity and international conflict and another major or minor.