Professional Documents
Culture Documents
Unknowns of Cybersecurity
Education
Many universities are starting to include
cybersecurity as a course of study. While there is a
high degree of variation between the selected
readings of the syllabi of cybersecurity courses across
different universities, there is some thematic overlap.
By reviewing the syllabi of university cybersecurity
courses, the authors seek to systematically
evaluate this nascent field and advance its maturity.
Trey Herr, PhD, is director of the Atlantic Council’s Cyber Statecraft Initiative under the
Scowcroft Center.
Arthur PB Laudrain is a Rotary Global Scholar for Peace at the University of Oxford.
Dr. Max Smeets is a senior researcher at ETH Center for Security Studies and affiliate at
Stanford University CISAC.
Our review included thirty-two syllabi whose main focus is on cyber conflict,
cyberwarfare, cybersecurity, or offensive cyber operations and discusses in depth our
review criteria and other syllabi not included in the study. Twenty-seven of the
thirty-two syllabi were from the United States. The five exceptions included several
courses on cybersecurity and international relations at King's College London and
Charles University, governance of cybersecurity at Leiden University, and
cyberwarfare at the University of Nicosia.
This diversity defies an easy categorization of the ‘canonical’ or core literature of the
field of cyber conflict scholarship. Rather, the field is scattered across a disparate
range of topics and disciplines. Of the top thirteen readings across the surveyed
syllabi, all but two were published in the last seven years. These results are a
remarkable contrast with other fields, including international relations, which
exhibit a clear and relatively consistent core literature.
Even though we do not have comparative data from other fields of study, there
appears to be a relatively heavy reliance on literature from media outlets. Less than
half of the readings assigned are academic publications (47.2 percent). Combined,
news reports (15.9 percent) and government and policy reports (15.9 percent) make
up just below one third of the reading on syllabi. Think tank publications and
specialized blogs account for another 9.8 percent. Notably, just below 3.4 percent of
syllabi rely on reports from cybersecurity firms and other companies. Of these, most
only include two reports: Mandiant’s report on APT1 and Ralph Langer’s report on
Stuxnet. A more detailed overview of type of readings across syllabi can be found in
Figure 2.