Plenty of colleges have popular cybersecurity courses for young students looking to find a career, but even employees who don’t work in IT need to have knowledge of basic cybersecurity principles these days. There aren’t many such educational resources for people not looking to go into the cyber field, or who are already in the workforce.
That’s where the National Security Agency comes in.
They worked with Penn State University, as part of a broader initiative from the Department of Homeland Security, to develop a free online course to educate people on cybersecurity operations, law and policy.
“The NSA asked us to design a law course about cyber operations that can be taught to non lawyers, and really no requirement of any technical background or expertise,” Ann Toomey McKenna, a professor at Penn State’s Institute for CyberScience and one of the three professors who wrote the course, said on Agency in Focus: Intelligence Community. “They wanted a course that can be designed to be taught as a whole comprehensively, or in modules; smaller units of the course could be taken and taught independently. So in a very unusual way we went about this and we created a course designed to be taught in whole or part, and designed to be taught by anyone who might be interested.”
Toomey said you don’t have to be a professor, or even a cybersecurity, legal or policy expert to teach this course. Anyone from educators to federal employees to private sector managers can use the materials provided and educate others about this topic.
The course is offered for free through the Clark Center, operated by Towson University in Maryland. And Toomey’s isn’t the only course offered there; there’s a whole range of cybersecurity offerings as part of this program.
The course starts with a quick, introductory overview of how the U.S. government and legal system operate, so that everyone understands the legal framework around cyber operations and cybersecurity.
“I think folks need to be aware when they’re engaged in something that involves U.S. law, when are they engaged in something that could be considered a problem under the Computer Fraud and Abuse Act? When are we engaged in operations that implicate national security?” Toomey said.
The course does the same for technology concepts, such as the fundamentals of communications and cellular technologies. And then it goes into the legal foundations for modern cyber law and policy. That focuses on the Constitution and Bill of Rights, and how they’re applied to these concepts. For example, how does the Fourth Amendment and the right to privacy inform the Electronic Communications Privacy Act, or electronic surveillance?
“And then really the final module is where we get into cyber operations, and that’s sort of the meat of this from the standpoint of what we consider today an offensive operation and defensive operations,” Toomey said. “And we did it through sort of a cyber threat response framework, where we looked at operations by and against private actors, and how our domestic law comes into play and that intersection with international law and international norms in cyber operations. And then we really went through the international right to conduct cyber operations. And one thing we did to keep students engaged is use real-world case examples. So we talked about Estonia, we talked about different situations that folks can look at and read about in real news articles and think ‘okay, here’s how this played out. Here’s how the law works.’ And here’s how we intersect that technology, domestic law and national security.”