This course provides an understanding of the risks associated with political competition and conflict in cyberspace. The course is organized in three parts. Drawing on information studies, game theory and arms control, as well as on the conflict resolution literature, Part I aims to enable students to understand cyberconflict, analyze risk associated with state actions in cyberspace, and develop cyberconflict mitigation strategies. Beginning with a review of actors, weapons, and targets as well as the evolving architecture of the internet from a geopolitical perspective, the course deploys game theory as a methodological framework for cyberconflict. A double session focuses on data-based political manipulation as a critical but distinct cyber front. Part I then concludes with a session comparing national cyber strategies of the US, EU, China, Iran, and Russia.

Having established a basis for analysis, Part II next examines risk mitigation strategies. This segment begins by evaluating efforts to establish norms for state behavior in cyberspace as well as legal frameworks, domestic and extra-territorial, in the US and EU. The following session focuses on the politics of and compliance with the 2015 US-China accord as the most important bilateral cyber restraint agreement to date. An in-class examination ensures students’ grasp of the basics of cyber risk and stability in cyberspace. A more technical session evaluating the risk management industry’s engagement in cyber, including an introduction to cyber insurance and risk modeling, follows the examination.

Part III applies the historical knowledge and conceptual approaches studied in Parts I and II to key cyber conflict arenas. A course review concludes the seminar.