Global Security, Conflict, and Cybercrime (GSCC1-GC)

The exponential expansion of computer technologies and the Internet have spawned a variety of new criminal behaviors and provided criminals with a new environment within which to operate. Cybercrime knows no physical, geographic boundaries as the Internet provides criminals with access to people, institutions, and businesses around the globe. The reach of the threat defies conventional notions of jurisdiction of sovereign nations, thus making the targeting of cybercriminals particularly challenging for authorities worldwide. This course delves into the complex subject of cybercriminology, looking in particular at: typologies of cybercrime; measurements of cybercrime; the impact of cybercrime on cybervictims and the roles of these victims in cybercrime; the reasons why offenders engage in cybercrime; cyberwitnesses’ roles and reactions to cybercrime; significant theories and perspectives of criminology and how they relate to specific cybercrimes; and the measures needed to control cybercrime.

This course will focus on the international law applicable to cyber operations. The first part of the course will examine cybercrime, discussing international theories of jurisdiction, unique challenges of investigating transnational cybercrimes, and the core international crimes. The second part of the course will examine peacetime cyber operations. Sovereignty, the prohibition on intervention, the prohibition on the use of force, and the principle of due diligence will be examined, as well as lawful State responses to internationally wrongful cyber acts, such as retorsion, countermeasures, the plea of necessity and self-defense in response to a cyber armed attack. The third part of the course will examine cyber operations that occur during armed conflict. Focus will be made on cyber targeting and international humanitarian law, including the requirement of distinction, proportionality, the prohibition on indiscriminate attacks, and precautions in attack.

Public and private cybercrime investigations differ in terms of the crimes that are involved, who conducts the investigation, and how the investigation is conducted. This course provides an in- depth analysis of national and international public and private cybercrime investigations: looking in particular at how they are conducted, formal and informal information sharing mechanisms, and the legal admissibility of digital evidence. The course will demonstrate how offender characteristics, motivation and modus operandi can be identified from the cybercrimes committed and the targets of the cybercrimes. Investigations involving computers, smartphones, gaming consoles and other digital technologies will be covered. In this course, particular emphasis will be placed on the barriers to the effective investigation of cybercriminals and enforcement of cybercrime laws, and the ways to overcome these barriers and deter cybercriminals from engaging in illicit activities.

Cyberpower is not about cybersecurity. Aside from all the obvious benefits of employing computers and network technology to compute, store, and transmit information, this course focuses on the exploitation of cyber insecurity to enable the attainment of state and non-state actors’ strategic objectives. Although the technical and tactical capabilities required to conduct offensive cyber operations are well understood, less clear are how state and private actors link them to strategic objectives. This course provides students with an understanding of the impact cyber operations have on global security and statecraft.

Critical infrastructures are vital to nations, to such an extent that damage to one sector can have a debilitating impact on the functioning of society. Given the numerous threats facing critical infrastructure, and the dependencies and interdependencies of critical infrastructures, it is imperative that the vulnerabilities of these sectors be examined. This course identifies the threats to and vulnerabilities of critical infrastructure sectors. It also highlights the importance of international critical infrastructure protection and examines lessons learned from national and international cybersecurity incidents targeting critical infrastructures. Furthermore, this course proposes ways to secure critical infrastructure both in the U.S. and abroad.

This course will focus on what can be done not only to protect operations from cyber disruptions but how businesses and organisations should prepare to continue their operations when they inevitably fall victim to a cyber incident. This course includes modules on what is a mission or operation, how to find an organisations cyber dependencies, cyber lexicon, vulnerabilities, threats, losses, hazards, analytic reduction, systems theory, the basics of cyber-attacks, and what a Primary, Alternate, Contingency and Emergency operations (PACE) plan should include. Successful completion of the course will allow the student to analyse the operations of an organisation, determine the cyber dependencies of the operations, create new resilient operations, determine appropriate controls to increase resiliency of current operations, develop a resilient PACE plan for a business’s operations.

Technology and the Internet have played a critical role in terrorism and counterterrorism. This course examines terrorists’ multiple use of technologies as weapons and methods to avoid detection, and the Internet as a means of communication, recruitment, radicalization, fundraising, spreading propaganda, and planning attacks. In addition, it considers the extent and risk of cyberterrorism and how the online strategies used by thieves to steal identities can be leveraged by terrorists. It also explores the efficacy of technologies used to combat terrorism and protect targets that terrorists may want to attack. It further explores the abilities of these technologies to identify terrorists before they act. The social, economic and political costs of technologies used to detect terrorists and prevent terrorism are explored as well including the need to improve existing technology, and create new counterterrorism technologies from research and development. Finally, the course identifies the obstacles involved in countering terrorists’ use of digital technologies and the Internet and recommends effective ways to combat terrorists’ use of these technologies and the Internet.

Social media has become indispensable to individuals, corporations, research organizations, educational institutions, and governments worldwide. It has also provided terrorists with a new platform within which to find and connect with one another, justify and intensify their anger, conduct campaigns to gain sympathy for their cause, train and recruit adherents, raise funds, and mobilize resources to arrange, direct, and subsequently conduct illicit activities. This course examines the role of social media in terrorists’ activities. It then examines the laws in place that could be used by law enforcement to target terrorists’ use of social media and the policies of social media sites. It then examines the juxtaposition of the policies of social media sites with law enforcement objectives. Additionally, it explores the existing relationship between social media and law enforcement in dealing with terrorists’ use of these sites to further their cause. Furthermore, it covers how social media sites make decisions on which content to retain and which to remove. Particular attention will be paid to the rights of users in posting online content and the Terms of Service of social media sites. The course further identifies the obstacles involved in countering terrorists’ use of social media. Finally, it considers existing countermeasures used by the public and private sector, and recommends effective ways to combat terrorists’ use of social media.

Internet connected devices are everywhere! The course is modeled around a fictional municipality considering designating public money for a contract to integrate connected technologies into the community. Before doing so, the mayor’s office convened a task force of government, industry, and community organizations to participate in the production of a connected communities strategy that will govern how the money is spent. This strategy will lay out the municipality’s priorities, challenges, principles, and values related to this deployment. The assignments in the course will be cumulative and result in the production of a connected communities strategy for the fictional municipality. The goal of this course is to provide students with hands-on experience in considering the disparate characteristics and challenges of a municipality and of creating a strategy based on differing equities.

Technology and the Internet provide criminals with access to individuals, organizations, and companies around the world. The anonymity afforded by the Internet provides perpetrators with an environment within which to operate with a low risk of detection. This course covers organized cybercrime and the activities of organized cybercriminals. Specifically, it explores organized cybercriminals engagement in the selling of illicit services, money laundering, human smuggling, human trafficking, drug trafficking, firearms trafficking, cigarette trafficking, and wildlife trafficking. Special emphasis is placed on the “underworld of cyberspace” (i.e., Darknet), and the trafficking crimes committed within this space and other areas of the World Wide Web. Furthermore, this course includes the ways in which organized cybercrime and various forms of trafficking can be controlled.

Intelligence is vital to national security, economic security and U.S. foreign policy. Intelligence is also valuable to businesses and is an integral part of their operations. Using a multi-disciplinary approach, this course examines open source intelligence obtained by searching and analyzing publicly available information through data mining, advanced web searches, and other information gathering strategies. It also explores the manner in which important information is identified, collected, analyzed, synthesized, and interpreted from a wide variety of sources. It then considers how this information is used to identify targets and vulnerabilities of targets, and to assess the capabilities of cybercriminals, terrorists, nations, and hostile elements. This course also covers social media forensics, looking in particular at: the type of data collected by social media sites; the type of evidence sought and its use by law enforcement and intelligence agencies for the purpose of data mining, intelligence gathering and investigating criminal activity; and the manner in which data can be gleaned from social media sites

Women worldwide are affected by the social, economic, political, and cultural conditions created by the Internet, computers, and related technology. Cyberfeminism examines the impacts of these conditions on women through the lens of feminism. This course explores two general schools of thought in cyberfeminism: cyberutopianism, which holds that cyberspace is a liberating environment for women, and cyberdystopianism that views cyberspace as another forum within which women can be oppressed. This course further considers the relationship between digital technology, cyberculture, and gender. Special attention is paid to various feminist ideologies and movements associated with cyberfeminism, the role of gender in cyberspace, and gendered perspectives on cyberspace.

This course provides both a big picture strategic overview and an in-depth tactical understanding of what every type of organization – business, nonprofit, government, international agency or university – and their leaders and managers need to do to build internal governance, culture, risk, business continuity and crisis and reputation management for organizational resilience, mission assurance and stakeholder protection and value creation in this era of cyber-uncertainty, insecurity and opportunity. Key interconnected themes examined include the role of governance (the board of directors) in cyber-risk oversight, the role of leadership (the CEO and executive management) in proactive cyber-security management, the roles and responsibilities of key experts (legal, risk, finance, compliance, audit, public relations/communications, strategy, technology, security, human resources) and the criticality of inter-disciplinary and public/private collaboration.

Constant cyber warfare, espionage, and theft of intellectual property are central instruments of statecraft for nation-states globally. Every geopolitical era has a central asset or idea that is being competed over and today, we are competing over emerging technology. The most valuable geopolitical assets today are intellectual property, source code, and data. Nations go to war to protect their interests and today national interests surround the development, operation, and economy of emerging technologies. In this course, we will discuss the impacts of artificial intelligence, quantum information science, space, and telecommunications on geopolitical decision making. We will do hands-on exercises on cyber intellectual property theft and hold mock National Security Council meetings to demonstrate how the policies that drive our national priorities are created. Students should expect to learn the policy and national security implications of critical emerging technologies, how those technologies are under threat from non-traditional and espionage collection, and how policy is made to confront those risks.

Cyber Threat Intelligence Analysis (CTIA) is a method-driven course that uses a holistic “human centered” approach beginning with the understanding of traditional analytics, ethics, and intelligence lifecycle applied in cyberspace. The course covers concepts from planning and building a threat intelligence project and using kill chain methodologies for discovery of cyber threats to developing CTI requirements and producing a collection plan. CTIA involves practitioner exercises and labs, to include threat modeling and development of a CTI report for dissemination, briefing, and sharing relevant data and information with stakeholders. These concepts are essential to building an effective cyber threat intelligence program and, when used properly, can secure an organization from future threats like espionage, cybercrime, and other disruptive cyber activities to include disinformation campaigns.

This elective is designed to examine the economic phenomena we see in the cyber environment today. The course will take an interdisciplinary approach to examine the initial basis for action or inaction with economics providing explanations for market behavior and outcomes. The purpose of this course will be to explain the role economics plays in cybersecurity, supply chains for cyber dependent systems, cryptocurrencies, and the measurement of cyber risk. Students will leave this course with a clearer understanding of various core topics of modern economics to include common market failures and behavioral economics. Insight from these topics can inform strategies to address the myriad of cyber issues plaguing the US today.

This course provides a structured approach for students without a technical background to understand technical, operational and strategic elements of cyberspace across a variety of technical ecosystems. In the first part of the course we will develop a foundational knowledge of the technical components of cyberspace, the missions they support, and frameworks used to secure technology from malign actors. Through lectures and readings on current events, students will gain an understanding of how vulnerabilities are exploited by threat actors, and the challenges defenders face in assuring an organization's core mission and processes. Throughout the course, students will work in small groups to analyze case studies of cyber breaches to deconstruct and evaluate specific operational impacts of cybersecurity lapses. Students will be equipped with the lexicon, grammar and logic necessary to analyze the full spectrum of cyber operations within strategic contexts.

Greece is at the epicenter of a region that has seen a staggering array of wars, revolutions, and coups since World War II. Greece’s geographic position in the Eastern Mediterranean and Aegean Sea makes it an important strategic ally of the United States both economically and geopolitically. The Eastern Med region contains substantial hydrocarbon reserves, which could transform the economy of countries like Egypt, Cyprus and Israel. But it also has a long history of conflict, and is an area of intense competition between great powers in the region including the US, Russia China as well as regional powers such as Greece and Turkey. Activities of these nation-states have been accompanied by a series of small-scale conflicts over control over telecommunications infrastructure, natural resources and military basing. As the region re-emerges as a significant theater of global and regional security, the balance of power among regional players is being disturbed. Within this context, the GFI Greece will help students better understand the global security, conflict and cyber challenges facing the world today.

This practicum provides students the opportunity to design and develop solutions aligned to real-world problems of a selected public or private sector entity. Students will apply their knowledge and skills gained throughout the MSGSCC curriculum to design solutions to mitigate, prevent, respond and recover from significant cyber incidents while assuring continuity of operations. Students will be mentored by members of the faculty and chosen organization, assume various job roles in the sector, and work collectively to solve a simulated cyber crisis. The ultimate goal of the course is for students to design and present, in teams, solutions utilizing industry standard cyber risk and assurance frameworks along with developing essential job transferable competencies in cyber crisis management.

The Independent Research Study should focus on an issue of interest to the student that directly relates to the student's area of specialization. In cases where the topic rests or touches on more than one field, a teamwork project may be substituted for the independent study. Members of the team will be required to contribute material on the selected topic from the vantage point of their respective concentrations. Students will have latitude in selecting their topic but all topics, whether for individual study or a team undertaking, will need faculty approval and will be conducted under the stewardship of one faculty person. The study may be a traditional research paper of a case study based on primary research, extensive interviews, and profiles of the protagonists, be they individuals or institutions and should reflect high standards of scholarship.