Cyberspace Operations MSc

• To evaluate the context of the course and the wider programme of study,
• To review and update core vocabulary and concepts required as a foundation for other elements of the course,
• To develop academic skills,
• To examine the operational aspects of cyber, information assurance and security.

• Course structure and the cyber professional,
• Cyber overview,
• Enabling technologies and core terminology overview,
• Cyber strategy overview,
• Research methods, learning and study skills.

On successful completion of this module you will be able to:

• Appraise key concepts and language of Cyber foundation knowledge, research and practice,
• Critically evaluate published research,
• Conduct independent research,
• Write academically credible and professional documents.

This module equips you with a critical understanding of the opportunities and vulnerabilities faced when planning to deploy cyber capabilities as part of an integrated operation to enhance the overall impact achieved through military action or in planning a full spectrum response against a deliberate cyber intrusion which was intended to cause damage, disruption or destruction against our systems.

• Current doctrine, policy and strategies - assessment

Doctrine to be considered could include that of the UK and her allies, along with National cyber security strategies and other national concepts of operation for Cyber and the associated organisation of Cyber capabilities.

• Constructs, concepts, cases of – critical review

Concepts to be considered could include: Cyber domain and the Information Environment, Cyber power, Cyberwar, Computer Network Operations (CNO), Electronic warfare, Cyber Electromagnetic Activities (CEMA) Information warfare and operations, Cyber Influence, Command and control warfare, Media operations and public affairs, Cyber intelligence, Integrated planning, Defence in depth, Commander’s responsibilities

• Existing Academic Theories and their applicability In Cyberspace – assessment

Example theories could include: Asymmetric and Contested Warfare & threat actor motivations, Attribution, Collective Security, Defence, Deterrence, Deception (Military deception, cyber deception, camouflage, concealment & denial), Espionage, Sabotage and Subversion, Intelligence and Information Requirements, the Security Dilemma, Sense-making and decision-making, and Sovereignty.

• Military Planning Considerations and their applicability in Cyberspace – assessment

This could cover topics such as: Full Spectrum Operations, Hybrid Warfare, Fusion Warfare, Effects (for example: Cognitive effects and behaviour change, Deny, degrade, disrupt, destroy, deter, etc). The applicability of concepts in cyberspace such as Attack, Defend and Exploit, Manoeuvre & Lethality, Legality, Ethics, proportionality & collateral damage, Target Systems Analysis, Target Audience Analysis, Targeting and Intelligence.

• Evolving Technologies & Cyberspace Landscape

Covering topics such as Autonomy and Artificial Intelligence, Active Defence, Offensive Cyber, SCADA and communications systems, Anonymity, Ubiquity, Scale and Reach.

On successful completion of this module you will be able to:

• Assess the main elements and key management issues in the planning and conduct of Cyberspace Operations as part of a Full Spectrum Approach,
• Assess the implications of the changing operational environment for those conducting Full Spectrum Operations in the Information Age,
• Assess the applicability of existing academic theories, national strategies, policy doctrine and planning considerations for cyber operations,
• Assess how existing military and intelligence planning considerations apply in cyberspace,
• Evaluate and recommend appropriate courses of action to a primary stakeholder for cyberspace operations.

To equip you with the awareness and ability to critique different legal and ethical frameworks and factors that need to be considered when designing and delivering cyber operations against a range of adversarial actors or deploying cyber capabilities as part of a Full Spectrum Operation.

This module will consider the range of different legal regimes that need to be considered when planning or conducting offensive cyber operations. The module will look at the applicable legal framework for intelligence operations, military operations, information operations and propaganda. It will consider the obligations provided through customary international law, international humanitarian law and domestic legislation that need addressing when considering a cyber operation. The module will look at the implication of conducting cyber operations in a range of different contexts, considering cyber as part of a military campaign, prior to the declaration of war and against non-state actors. The applicability of the Laws of Armed Conflict will be explored when considering cyber operations. The applicable legal frameworks and issues will be considered from a range of different perspectives of those actors involved in dealing with cyber operations (both private and public sector). You will be introduced to a range of different concepts that could be considered when developing appropriate courses of action for cyber operations. The concepts include but are not limited to: sovereignty, right to self-defence, espionage, sabotage, subversion, intelligence, ius ad bellum, ius in bello, armed attack, threat or use of force, necessity, proportionality, distinction, targeting, perfidy, ruse and state responsibility. Finally, this module will allow you the opportunity to look at the various proposed legal frameworks for cyber operations and assess their suitability to support operational planners.

On successful completion of this module you will be able to:

• Describe the range of legal and ethical issues to be considered when conducting an offensive cyber operation,
• Summarise the legal frameworks to be considered when considering a cyber operation for intelligence, for military effect against a state adversary or against a non-state actor,
• Appraise the legal and ethical considerations when conducting a cyber operation, whether as part of a military campaign or not,
• Evaluate the longer-term consequences of adopting a particular course of action that causes tension against an existing domestic or international legal framework.

To equip you with the awareness and ability to employ cyber deception in both active network defence and computer network exploitation.

This module will address this important emerging discipline by moving beyond established practices of passive network defence such as firewalls and anti-virus patching. Consideration will be given to both the psychological and the technical aspects of exploiting deceptive assets on a network within a wider cyber deception campaign that leverages them. This module equips you with a critical understanding of the opportunities and vulnerabilities faced when considering the issues of managing deceptive activities to create active and proactive network defence capabilities. The module will emphasise the need for a systematic, human factors based approach to both technical and enterprise risk management in this area.

On successful completion of this module you will be able to:

• Distinguish the technical structures of information systems that facilitate successful cyber deception,
• Determine the human factors associated with attacking and defending computer systems exploiting principles of cyber deception,
• Formulate the technical basis for a successful cyber deception,
• Evaluate the threats and opportunities necessary to conduct a risk assessment for the use of cyber deception,
• Critically appraise the use of cyber deception in relation to concepts of Effects Based Operations and deterrence.

The module develops an understanding of the importance of taking a risk-based approach to Cyber Security and Information Assurance.

Mapping the Landscape

• Definitions and terminology,
• History of hacking,
• Threat landscape.

Cyber Security Risk Management in Practice

• Basic principles,
• Legislation and standards,
• Risk management approaches,
• Strategies for managing risk.

Complexity

• Quantifying risk in a complex environment,
• Risk economics,
• Social dimension of risk,
• Risk communication.

On successful completion of this module you will be able to:

• Critically appraise a range of approaches for assessing risk in the complex cyber environment,
• Evaluate the factors that influence effective risk management in organisations,
• Critically assess the level of risk faced by an organisation.

To develop a broad understanding of the security technologies available to support Information Assurance and security requirements and vulnerabilities corresponding to attack vectors.

• Cyber activity
  • Different types of malware, how they are used and combined within a malicious event,
  • Approaches for modelling the attacker TTPs,
  • Lifecycles for infrastructure supporting cyber attacks,
  • Complexities of attribution,
  • The Insider threat.
• Attacks and vulnerabilities
  • The common approaches to reconnaissance prior to hostile cyber activity,
  • An exploration of the nascent vulnerabilities in network infrastructure, web applications and native code,
  • The attacks and exploits that target these vulnerabilities,
  • The approaches to understanding the business and mission effects from malicious activity.
• Defensive TTPs
  • Common tools, techniques and procedures that can be used to improve an organisations defensive posture,
  • Approaches to cyber threat hunting.

On successful completion of this module you will be able to:

• Assess cyber operations from a variety of threat actors,
• Evaluate the different cyber vulnerabilities and how they might impact an organisation,
• Appraise the strengths and weaknesses of various security technologies and their suitability for protecting an organisation,
• Develop a security strategy using appropriate technologies and techniques,
• Prioritise cyber threats and vulnerabilities based on their potential business impact.

To develop an understanding of the impact of social media, from the perspective of security, intelligence and cyber influence.

Overview

• What are social technologies and media,
• Development and horizon scanning,
• Social interaction, E-inclusion and the citizenship agenda & other uses of social media – education, scenario planning, simulation and design social technologies and security,
• Impact on productivity and working practices & understanding generational differences.

Social technologies and OSINT

• Security awareness and policies,
• Social networks and information exploitation,
• Personas, identity, privacy and anonymity,
• Information leakage,
• Social technologies and intelligence,
• Open source exploitation,
• Challenges for situational awareness,
• Operational security (OPSEC).

Social technologies and influence

• Social marketing,
• Mobility and pervasiveness,
• Persuasive technologies,
• Terrorism and social media,
• Social mobilisation,
• Two-way communication and dialogue,
• Second life and alternative worlds,
• Data analytics & big data driving behavioural profiling,
• Automated tools and techniques,
• Influence and Information Operations.

On successful completion of this module you will be able to:

• Assess the societal impact of social media,
• Appraise the security requirements concerning risk and social media,
• Evaluate the threats and opportunities provided by social media in relation to state activities and military operations, business practice, influence, intelligence and information assurance.

The aim of this module is to provide an understanding of the processes by which organisations and individuals can gain insight and actionable intelligence from data.

• Machine Learning and Artificial Intelligence,
• Data mining pipeline,
• Big Data models for exploring data,
• Data Science.

On successful completion of this module you will be able to:

• Assess and explain value of Artificial Intelligence solutions to an organisation,
• Appraise current practices for decision support in organisations,
• Contrast methods of analysing data to enable business intelligence,
• Assess the appropriateness of big data for organisational decision-making.

• Ian Owens

To enable you to identify and assess new and emerging technology to provide an on-going assessment of their relevance and potential to defence and security.

• Generic methods and tools:
  • Horizon scanning,
  • Predictive methods,
  • Strategic assessment of new technologies,
  • Evaluation,
  • Maintaining personal awareness.
• Emerging technologies: a selection of currently relevant technologies will be studied.

On successful completion of this module you will be able to:

• Appraise emerging technologies,
• Evaluate emerging technology that are likely to impact on national security and defence in the next five years,
• Contrast the methods available for identifying and managing the risks and benefits of the use of emerging technology,
• Exploit emerging technologies in relevant working practices,
• Compare and contrast emerging technologies appropriate to a particular scenario in order to assess potential business benefit.

This module will enable you to gain an understanding of threat detection and management at the macro and micro levels. The module will develop both the knowledge of strategic Business Continuity Management and introduce practical approaches to identifying, triaging and responding to threats and attacks.

Incident Identification

• The role of the Security Operations Centre,
• Intrusion detection methods and tools.

Incident Containment

• Intrusion management,
• Intrusion analysis, monitoring and logging,
• Evidence preservation.

Incident Management

• Backup management,
• Disaster recovery techniques,
• Business continuity management,
• Stakeholder management.

On successful completion of this module you will be able to:

• Understand the construction of evidence preservation procedures,
• Analyse, select and justify appropriate responses to detected intrusions,
• Formulate the assumptions and requirements for developing a business continuity strategy,
• Critically analyse, design and select appropriate technical solutions and processes for the identification, triage and response to cyber attacks and threats.

• Antoinette Caird-Daley

To understand the importance and contribution of human dimension when designing and implementing Cyber Defence and Information Assurance (CDIA) measures.

Individual level

• Human performance and error

Organisational/stems level

• Socio-technical context of use,
• System weaknesses and latent errors,
• Circumventing security.

Interventions

• Behaviour change,
• Awareness and training for cyber security,
• Designing security measures for and with the end user.

On successful completion of this module you will be able to:

• Apply appropriate theory to the identification, description and analysis of human performance and error in any given CDIA context,
• Identify and examine, from the perspective of the human dimension, socio-technical system weaknesses and their likely impact on system security in any given CDIA context,
• Critically evaluate, from the perspective of the human dimension, security policies and mechanisms such that they fit the task demands, needs and capabilities of the end user, and the organisation’s requirement for secure end-user behaviour, in any given CDIA context,
• Compare and contrast different approaches to behaviour change and their likely outcomes in CDIA contexts,
• Identify, select, and apply tools for engaging with stakeholders when designing security measures in any given CDIA context.

This module will examine the management and technical considerations relating to critical networks and control systems focusing on interdependence and resilience.

Critical national infrastructure

• Definitions and approaches to classifying national infrastructure and critical national infrastructure,
• The global, national and organisational view of national infrastructure,
• Frameworks for identifying and managing cyber risk in critical national infrastructure.

Cyber Physical Systems

• Characteristics of cyber-physical systems and the inherent security and privacy concerns.

SCADA and OT

• The differences between OT and IT,
• The technical and socio-technical elements to managing the cyber risk of SCADA systems.

IoT and smart technologies

• IoT devices and wider supporting ecosystems,
• Frameworks to support the identification and management of cyber risk associated with the Internet of Things deployed in smart homes, smart cities and smart grids.

Strategic effects

• How critical networks are targeted to deliver strategic outcomes by malicious actors.

On successful completion of this module you will be able to:

• Critically evaluate theories of criticality and interdependence in the context of security planning,
• Appraise the current state of best practice in network and security operations management in the security context,
• Assess the factors that facilitate or prevent effective risk management of interdependent systems in the context of critical national,
• Summarise the cyber risks associated with IoT devices and wider IoT ecosystems,
• Using appropriate frameworks evaluate the extent to which cyber risks of essential functions are managed effectively within the context of national infrastructure.

To provide the necessary skills and knowledge that enable professionals working in implementing information systems or critical cyber contexts to consider the wider context and adapt to continual change. It focuses on investigative methods, systems thinking and anticipating futures with a view to problem solving in a real-world context.

• Adapting to change in complex environments,
• Representing and navigating complexity,
• Systems methods including Soft Systems Methodology, the Viable Systems Model and Critical Systems Heuristics,
• Organisational dynamics and change,
• Monitoring and adapting,
• Anticipating future requirements,
• Dealing with disruptive and novel technologies, events and emergent changes.

On successful completion of this module you will be able to:

• Critically evaluate a range of approaches to understanding complex information system and cyber environments,
• Critically assess approaches to innovation in contested and competitive problem spaces,
• Appraise the techniques that can be used to design investigation, problem formulation and structuring, and interpretation of data,
• Design and apply methods to investigate problems in organisational contexts leading to their review and resolution,
• Analyse and scope a complex problem-space with a view to action and improvement.