Carnegie Mellon University

Minor in Cybersecurity and International Conflict

The minor in cybersecurity and international conflict analyzes the role of cyber warfare and cybersecurity in international politics—past, present, and future. Cyber attacks by nation-states and their proxies have the potential to reshape how wars are fought in the twenty-first century. As such, the complexity and policy challenge of cyber-engagements is immense and altogether without precedent. The minor addresses the role of deterrence, dissuasion, and attribution in cyber conflict, while also studying the nuances of key components of modern warfare—from the security dilemma to escalation management.

Courses in this minor focus on the existing gaps in our understanding of cybersecurity and international conflict, such as whether or not cyberspace is offense or defense dominant and which factors are most important in determining the answer to this, and other relevant questions, including how nation-states, their primary adversaries, and a bevy of nonstate actors engage online and in the virtual and information environments. Accordingly, the minor exposes students to basic technology concepts, methods of attack and defense, potential strategy and goals for cyber-engagement, and response and forensics for cyber-engagements.

Alongside conventional methods of warfare, cybersecurity has rapidly developed into a centerpiece of state’s ability to project power and impose its will in order to achieve its national priorities and strategic objectives. As the United States and other emerging cyber powers craft and implement doctrine in this nascent domain, there is likely to be a rapid increase in activity, from efforts to disrupt the online activities of global terrorist networks like the Islamic State, to cybersecurity threats in the Russia-Ukraine war, to near daily raids on foreign networks designed to cripple states’ cyberweapons before they can be deployed. 

In the shifting landscape of cyber capabilities, how will laws, authorities, and policies keep pace? What are the implications and consequences of actions that may be considered “short of war” by some countries but “above the threshold” of conflict by others? Will a more aggressive defensive posture with respect to cybersecurity inadvertently increase the risk of conflict with states that sponsor malicious hacking groups? What is the proper balance between offense and defense in cybersecurity and how are cyber operations best integrated into a country’s overall military strategy?

Unlike other kinds of conflicts, the attribution of attacks presents significant challenges. Indeed, in many cases, it can be difficult to determine whether the attacker is a nation-state, a nonstate actor, a criminal gang, or a lone hacktivist. Investigators must combine technical and traditional methods to identify potentially responsible parties and to understand their intent. If the aggressor’s identity cannot be confirmed, how can a counterattack be launched?  Some attackers may seek to mount “false flag” attacks and deception, for example, that misdirect defenders to counter-attack in the wrong direction. Additionally, what are appropriate responses to attacks made on civil infrastructure and private business operations, such as in the areas of financial services, transportation, energy, entertainment, and health care? In other words, what are the appropriate rules of engagement for national systems, infrastructural systems, businesses, and individuals? When, for example, is a counterattack or a “kinetic” response permissible?

These questions have major implications for the study of war and peace. More than at any time in the past, those who seek to start war may be harder to find and their motives more difficult to discern. The cybersecurity and international conflict minor outlined herein tackles the social-scientific dimensions of cybersecurity with a focus on the implications of the cyber age for modern statecraft, warfare, elections (local, state, and national), and politics, more generally. 


Curriculum

60 units

Foundational Course

Students must take one of the following two foundational courses (9 units):

84-275 Comparative Politics 9
84-326 Theories of International Relations 9
Core Courses

Students must take all of the following core courses (24 units):

84-387 Technology and Policy of Cyber War 9
84-388 Concepts of War and Cyber War 6
84-405 The Future of Warfare 9
Elective Courses

Students must take three courses from the following list of elective courses (27 units). At least one course (9 units) must be taken from the Institute for Politics and Strategy and have an 84-number.

84-200 Security War Game Simulation 6
84-312 Terrorism in Sub-Saharan Africa 6
84-317 Defense Resourcing: From Strategy to Execution 6
84-319 Civil-Military Relations 9
84-323 War and Peace in the Contemporary Middle East 9
84-325 Contemporary American Foreign Policy 9
84-327 Repression and Control in Dictatorships 9
84-328 Military Strategy and Doctrine 9
84-370 Nuclear Security & Arms Control 9
84-372 Space and National Security 9
84-373 Emerging Technologies and the Law 9
84-380 US Grand Strategy 9
84-383 Cyber Policy as National Policy 6
84-386 The Privatization of Force 9
84-389 Terrorism and Insurgency 9
84-390 Social Media, Technology, and Conflict 9
16-735 Ethics and Robotics 12
17-200 Ethics and Policy Issues in Computing 9
17-303 Cryptocurrencies, Blockchains and Applications Var.
17-331 Information Security, Privacy, and Policy 12
17-333 Privacy Policy, Law, and Technology 9
17-334 Usable Privacy and Security 9
17-702 Current Topics in Privacy Seminar 3
79-301 History of Surveillance: From the Plantation to Data Capitalism 6
79-302 Killer Robots:The Ethics, Law, and Politics of Lethal Autonomous Weapons Systems 6
80-249 AI, Society, and Humanity 9
95-444 Cybersecurity Policy and Governance I 6

Students are permitted to double count a maximum of two courses between the minor in Cybersecurity and International Conflict and another major or minor.