Cyber Defence and Information Assurance MSc (Defence)

• To evaluate the context of the course and the wider programme of study,
• To review and update core vocabulary and concepts required as a foundation for other elements of the course,
• To develop academic skills,
• To examine the operational aspects of cyber, information assurance and security.

• Course structure and the cyber professional,
• Cyber overview,
• Enabling technologies and core terminology overview,
• Cyber strategy overview,
• Research methods, learning and study skills.

On successful completion of this module you will be able to:

• Appraise key concepts and language of Cyber foundation knowledge, research and practice,
• Critically evaluate published research,
• Conduct independent research,
• Write academically credible and professional documents.

The module develops an understanding of the importance of taking a risk-based approach to Cyber Security and Information Assurance.

Mapping the Landscape

• Definitions and terminology,
• History of hacking,
• Threat landscape.

Cyber Security Risk Management in Practice

• Basic principles,
• Legislation and standards,
• Risk management approaches,
• Strategies for managing risk.

Complexity

• Quantifying risk in a complex environment,
• Risk economics,
• Social dimension of risk,
• Risk communication.

On successful completion of this module you will be able to:

• Critically appraise a range of approaches for assessing risk in the complex cyber environment,
• Evaluate the factors that influence effective risk management in organisations,
• Critically assess the level of risk faced by an organisation.

To develop a broad understanding of the security technologies available to support Information Assurance and security requirements and vulnerabilities corresponding to attack vectors.

• Cyber activity
  • Different types of malware, how they are used and combined within a malicious event,
  • Approaches for modelling the attacker TTPs,
  • Lifecycles for infrastructure supporting cyber attacks,
  • Complexities of attribution,
  • The Insider threat.
• Attacks and vulnerabilities
  • The common approaches to reconnaissance prior to hostile cyber activity,
  • An exploration of the nascent vulnerabilities in network infrastructure, web applications and native code,
  • The attacks and exploits that target these vulnerabilities,
  • The approaches to understanding the business and mission effects from malicious activity.
• Defensive TTPs
  • Common tools, techniques and procedures that can be used to improve an organisations defensive posture,
  • Approaches to cyber threat hunting.

On successful completion of this module you will be able to:

• Assess cyber operations from a variety of threat actors,
• Evaluate the different cyber vulnerabilities and how they might impact an organisation,
• Appraise the strengths and weaknesses of various security technologies and their suitability for protecting an organisation,
• Develop a security strategy using appropriate technologies and techniques,
• Prioritise cyber threats and vulnerabilities based on their potential business impact.

To develop an understanding of the impact of social media, from the perspective of security, intelligence and cyber influence.

Overview

• What are social technologies and media,
• Development and horizon scanning,
• Social interaction, E-inclusion and the citizenship agenda & other uses of social media – education, scenario planning, simulation and design social technologies and security,
• Impact on productivity and working practices & understanding generational differences.

Social technologies and OSINT

• Security awareness and policies,
• Social networks and information exploitation,
• Personas, identity, privacy and anonymity,
• Information leakage,
• Social technologies and intelligence,
• Open source exploitation,
• Challenges for situational awareness,
• Operational security (OPSEC).

Social technologies and influence

• Social marketing,
• Mobility and pervasiveness,
• Persuasive technologies,
• Terrorism and social media,
• Social mobilisation,
• Two-way communication and dialogue,
• Second life and alternative worlds,
• Data analytics & big data driving behavioural profiling,
• Automated tools and techniques,
• Influence and Information Operations.

On successful completion of this module you will be able to:

• Assess the societal impact of social media,
• Appraise the security requirements concerning risk and social media,
• Evaluate the threats and opportunities provided by social media in relation to state activities and military operations, business practice, influence, intelligence and information assurance.

The aim of this module is to provide an understanding of the processes by which organisations and individuals can gain insight and actionable intelligence from data.

• Machine Learning and Artificial Intelligence,
• Data mining pipeline,
• Big Data models for exploring data,
• Data Science.

On successful completion of this module you will be able to:

• Assess and explain value of Artificial Intelligence solutions to an organisation,
• Appraise current practices for decision support in organisations,
• Contrast methods of analysing data to enable business intelligence,
• Assess the appropriateness of big data for organisational decision-making.

• Ian Owens

To enable you to identify and assess new and emerging technology to provide an on-going assessment of their relevance and potential to defence and security.

• Generic methods and tools:
  • Horizon scanning,
  • Predictive methods,
  • Strategic assessment of new technologies,
  • Evaluation,
  • Maintaining personal awareness.
• Emerging technologies: a selection of currently relevant technologies will be studied.

On successful completion of this module you will be able to:

• Appraise emerging technologies,
• Evaluate emerging technology that are likely to impact on national security and defence in the next five years,
• Contrast the methods available for identifying and managing the risks and benefits of the use of emerging technology,
• Exploit emerging technologies in relevant working practices,
• Compare and contrast emerging technologies appropriate to a particular scenario in order to assess potential business benefit.

This module will enable you to gain an understanding of threat detection and management at the macro and micro levels. The module will develop both the knowledge of strategic Business Continuity Management and introduce practical approaches to identifying, triaging and responding to threats and attacks.

Incident Identification

• The role of the Security Operations Centre,
• Intrusion detection methods and tools.

Incident Containment

• Intrusion management,
• Intrusion analysis, monitoring and logging,
• Evidence preservation.

Incident Management

• Backup management,
• Disaster recovery techniques,
• Business continuity management,
• Stakeholder management.

On successful completion of this module you will be able to:

• Understand the construction of evidence preservation procedures,
• Analyse, select and justify appropriate responses to detected intrusions,
• Formulate the assumptions and requirements for developing a business continuity strategy,
• Critically analyse, design and select appropriate technical solutions and processes for the identification, triage and response to cyber attacks and threats.

To equip you with the awareness and ability to critique different legal and ethical frameworks and factors that need to be considered when designing and delivering cyber operations against a range of adversarial actors or deploying cyber capabilities as part of a Full Spectrum Operation.

This module will consider the range of different legal regimes that need to be considered when planning or conducting offensive cyber operations. The module will look at the applicable legal framework for intelligence operations, military operations, information operations and propaganda. It will consider the obligations provided through customary international law, international humanitarian law and domestic legislation that need addressing when considering a cyber operation. The module will look at the implication of conducting cyber operations in a range of different contexts, considering cyber as part of a military campaign, prior to the declaration of war and against non-state actors. The applicability of the Laws of Armed Conflict will be explored when considering cyber operations. The applicable legal frameworks and issues will be considered from a range of different perspectives of those actors involved in dealing with cyber operations (both private and public sector). You will be introduced to a range of different concepts that could be considered when developing appropriate courses of action for cyber operations. The concepts include but are not limited to: sovereignty, right to self-defence, espionage, sabotage, subversion, intelligence, ius ad bellum, ius in bello, armed attack, threat or use of force, necessity, proportionality, distinction, targeting, perfidy, ruse and state responsibility. Finally, this module will allow you the opportunity to look at the various proposed legal frameworks for cyber operations and assess their suitability to support operational planners.

On successful completion of this module you will be able to:

• Describe the range of legal and ethical issues to be considered when conducting an offensive cyber operation,
• Summarise the legal frameworks to be considered when considering a cyber operation for intelligence, for military effect against a state adversary or against a non-state actor,
• Appraise the legal and ethical considerations when conducting a cyber operation, whether as part of a military campaign or not,
• Evaluate the longer-term consequences of adopting a particular course of action that causes tension against an existing domestic or international legal framework.

This module equips you with a critical understanding of the opportunities and vulnerabilities faced when planning Information Operations as part of an integrated operation to enhance the overall impact achieved through military action or in planning a full spectrum response an adversary.

This module approaches the domain of professional practice of Information Operations as the need to change the behaviour of target audiences through the coordination of multiple military and civilian capabilities including emerging cyber based activities.

This module will be built on three core foundations:

• That military actors cannot avoid communicating messages in some form by direct action or inaction,
• That when seeking to change the behaviour of a target audience, there is an implicit need to understand that target audience from their own stakeholder perspectives,
• In designing an Information Operation to modify the behaviour of a target audience the military planner should be aware of their own personal perspectives, assumptions and values around the target behaviours as well as the perspectives of their host organisation.

These three foundations underpin the module’s recognition of the unique context of seeking behaviour modification in a military context. This context is addressed in the module content through coverage of the following areas:

• Overview of the core concepts of Information Operations, military capabilities and different international approaches to this area of professional practice,
• Individual and Group Target Audience Analysis,
• Theories of behavioural and social change.

On successful completion of this module you will be able to:

• Elaborate the main elements and key management issues in the conduct of Information Operations,
• Evaluate theories of behavioural and social change relevant to Information Operations,
• Formulate the behaviour change effects sought through Information Operations,
• Recommend alternate courses of action based on self evaluation, evaluation of the target audience, and the needs of the primary decision makers in the planning process,
• Critically examine behavioural change techniques used in military and other domains, with respect to their implicit treatment of causation. Where ‘other domains may include; health education, marketing, offender rehabilitation, mine awareness campaigns, weapons amnesties, mass civilian evacuations, and crime prevention.

To equip you with the awareness and ability to employ cyber deception in both active network defence and computer network exploitation.

This module will address this important emerging discipline by moving beyond established practices of passive network defence such as firewalls and anti-virus patching. Consideration will be given to both the psychological and the technical aspects of exploiting deceptive assets on a network within a wider cyber deception campaign that leverages them. This module equips you with a critical understanding of the opportunities and vulnerabilities faced when considering the issues of managing deceptive activities to create active and proactive network defence capabilities. The module will emphasise the need for a systematic, human factors based approach to both technical and enterprise risk management in this area.

On successful completion of this module you will be able to:

• Distinguish the technical structures of information systems that facilitate successful cyber deception,
• Determine the human factors associated with attacking and defending computer systems exploiting principles of cyber deception,
• Formulate the technical basis for a successful cyber deception,
• Evaluate the threats and opportunities necessary to conduct a risk assessment for the use of cyber deception,
• Critically appraise the use of cyber deception in relation to concepts of Effects Based Operations and deterrence.

• Antoinette Caird-Daley

To understand the importance and contribution of human dimension when designing and implementing Cyber Defence and Information Assurance (CDIA) measures.

Individual level

• Human performance and error

Organisational/stems level

• Socio-technical context of use,
• System weaknesses and latent errors,
• Circumventing security.

Interventions

• Behaviour change,
• Awareness and training for cyber security,
• Designing security measures for and with the end user.

On successful completion of this module you will be able to:

• Apply appropriate theory to the identification, description and analysis of human performance and error in any given CDIA context,
• Identify and examine, from the perspective of the human dimension, socio-technical system weaknesses and their likely impact on system security in any given CDIA context,
• Critically evaluate, from the perspective of the human dimension, security policies and mechanisms such that they fit the task demands, needs and capabilities of the end user, and the organisation’s requirement for secure end-user behaviour, in any given CDIA context,
• Compare and contrast different approaches to behaviour change and their likely outcomes in CDIA contexts,
• Identify, select, and apply tools for engaging with stakeholders when designing security measures in any given CDIA context.

This module will examine the management and technical considerations relating to critical networks and control systems focusing on interdependence and resilience.

Critical national infrastructure

• Definitions and approaches to classifying national infrastructure and critical national infrastructure,
• The global, national and organisational view of national infrastructure,
• Frameworks for identifying and managing cyber risk in critical national infrastructure.

Cyber Physical Systems

• Characteristics of cyber-physical systems and the inherent security and privacy concerns.

SCADA and OT

• The differences between OT and IT,
• The technical and socio-technical elements to managing the cyber risk of SCADA systems.

IoT and smart technologies

• IoT devices and wider supporting ecosystems,
• Frameworks to support the identification and management of cyber risk associated with the Internet of Things deployed in smart homes, smart cities and smart grids.

Strategic effects

• How critical networks are targeted to deliver strategic outcomes by malicious actors.

On successful completion of this module you will be able to:

• Critically evaluate theories of criticality and interdependence in the context of security planning,
• Appraise the current state of best practice in network and security operations management in the security context,
• Assess the factors that facilitate or prevent effective risk management of interdependent systems in the context of critical national,
• Summarise the cyber risks associated with IoT devices and wider IoT ecosystems,
• Using appropriate frameworks evaluate the extent to which cyber risks of essential functions are managed effectively within the context of national infrastructure.

To provide the necessary skills and knowledge that enable professionals working in implementing information systems or critical cyber contexts to consider the wider context and adapt to continual change. It focuses on investigative methods, systems thinking and anticipating futures with a view to problem solving in a real-world context.

• Adapting to change in complex environments,
• Representing and navigating complexity,
• Systems methods including Soft Systems Methodology, the Viable Systems Model and Critical Systems Heuristics,
• Organisational dynamics and change,
• Monitoring and adapting,
• Anticipating future requirements,
• Dealing with disruptive and novel technologies, events and emergent changes.

On successful completion of this module you will be able to:

• Critically evaluate a range of approaches to understanding complex information system and cyber environments,
• Critically assess approaches to innovation in contested and competitive problem spaces,
• Appraise the techniques that can be used to design investigation, problem formulation and structuring, and interpretation of data,
• Design and apply methods to investigate problems in organisational contexts leading to their review and resolution,
• Analyse and scope a complex problem-space with a view to action and improvement.