Skip to content

Courses

Students of the first MASCI cohort during an al-fresco presentation.

The Alperovitch Institute offers a wide array of cybersecurity courses as part of the MASCI degree, and provides cybersecurity and intelligence-related teaching to SAIS students in general.

Our courses are taught by leading practitioners and scholars in both the public and the private sectors. A sample of our classes is listed below. We are currently in the process of bringing online more classes on security in critical infrastructure, cyber operations, hands-on cybersecurity, and artificial intelligence.

Intelligence II: Cybersecurity, Counterintelligence, and Covert Action (core MASCI class)

On a practical level, state-nexus cyberspace (“cyber”) operations have become a ubiquitous element of contemporary intelligence activities. To that end, this course presents cyber operations through a traditional intelligence tradecraft lens. This includes the specific role and function of cyber operations when they are employed to support intelligence collection, counterintelligence, covert action, and operational enablement activities. Students will also be exposed to how unique elements of cyber activity (such as cybercrime tactics) can and have been leveraged in an intelligence context, the ethics of cyber operations as an intelligence activity, and case studies regarding how different countries approach the conduct of such activities. Students who complete this course will be prepared to interpret state-nexus cyber operations in the context of traditional intelligence contests between states.

Disinformation

Disinformation—or Active Measures, in old-school intelligence terms—is as old as modern intelligence agencies. The rise of disinformation was linked to the ideological clashes that defined the 20th century, and the entire Cold War. As the Soviet Union went down, the internet went up. And after a short hiatus, disinformation was back with a vengeance. This class explores the history, evolution, and metamorphosis of disinformation over the past century.  Note: No technical background is required.

Information Security

Cybersecurity is one of the 21st century’s top security concerns. Modern societies rely on the internet, connected devices, and computer-controlled systems, including infrastructure with life—critical applications. The class provides a solid foundation for tomorrow’s leaders to come to terms with one of the most challenging new areas of national security. INFOSEC I and II are offered as a two-term class (INFOSEC I a prerequisite for INFOSEC II). It covers cybersecurity from farm to table starting with the big-picture cyberwar debate; moves to “101” sessions on The Internet, Cryptography, Network Forensics, Industrial Control Systems, Mobile Security, and Open Source Intelligence; and then applies these new tools to higher-level discussions (Attribution, Commercial Espionage, Bulk Collection, Crypto Anarchy, Cyber Crime, Disinformation, Deterrence, and Legal Aspects). Moving from technical to political levels of analysis, this focus is a no-nonsense approach to the politics of cybersecurity and focuses on a triad of technical detail, history, and conceptual clarity. Optional technical labs are organized by students. Students translate between technical and political spheres, and will move into the digital forensics and threat intelligence fields after completing this class.

Foundations of Cybersecurity

Foundations of Cybersecurity covers the basics of the field, in a unique way, by using three things in every session: concepts, tools, and history. What is computer networking? What is artificial intelligence? What is encryption? What are digital forensic artifacts? How has the geolocation challenge evolved? What makes threats “advanced and persistent”? What are influence operations? What are truly advanced, technical intelligence capabilities? What’s the state-of-the-art in attribution? How has threat intelligence changed? Foundations is an entry gateway into an entire field. The class lays the conceptual, practical, and case-study groundwork that will enable students to get the most out of other cybersecurity-related classes down the line. We will use ChatGPT (and other AI tools) as accelerants and assistants, especially for coding and command-line exercises.

Global Cyber Threats

Who are the hackers that dominate headlines? This course will answer that question not just with broad terms like “Russia” and “China” but with more focused and nuanced analysis. The course explores known hacking groups, their methods, motivations, and relationship to greater geopolitical developments. The course focuses primarily on state-affiliated threats, though it also touches other realms of the cyberthreat ecosystem as well. Students completing this course will have a foundational knowledge of what nations are doing in cyberspace, an important step towards subject matter expertise. The course also examines many case studies of historic and contemporary adversary behavior, enabling students to gain strategic perspective by examining reporting that includes tactical, operational, and strategic insights.

USG Cyber Landscape, Strategy, and Security Policy

This class will explore the different economic, political, and civil tensions that have shaped cyber policy over the last 20 years. Too many practitioners of cyber policy and operations have not thought deeply about the underlying assumptions and history that current policies are based on. Similarly, there is minimal appreciation for how other countries experience the US-dominated approach to the development of the internet economy and how this shapes their own approach to cyber policy. Students will finish the class with an understanding of the fundamental principles of US cyber policy that have remained constant and emerging trends that are leading the US and other countries to assert greater dominance. The class will dive deeper into the accepted wisdom of established cyber norms and principles and determine whether the assumptions these are based on are flawed. Students will also gain a deeper understanding of the domestic and international dynamics that shape Russian and Chinese approach to cyber policy. 

Intelligence and Cyberspace

On a practical level, state-nexus cyberspace (“cyber”) operations have become a ubiquitous element of contemporary intelligence activities. To that end, this course presents cyber operations through a traditional intelligence tradecraft lens. This includes the specific role and function of cyber operations when they are employed to support intelligence collection, counterintelligence, covert action, and operational enablement activities. Students will also be exposed to how unique elements of cyber activity (such as cybercrime tactics) can and have been leveraged in an intelligence context, the ethics of cyber operations as an intelligence activity, and case studies regarding how different countries approach the conduct of such activities. Students who complete this course will be prepared to interpret state-nexus cyber operations in the context of traditional intelligence contests between states.

Critical Infrastructure for Threat Intelligence

Critical infrastructure protection is becoming increasingly important in the 21st century, but the people in charge of defending and regulating the different sectors often do not know enough about the systems themselves to make proper decisions. The course aims to provide students with foundational understandings of what critical infrastructure is and how it relates to cyber- threat intelligence for decision makers. The course material is designed to give students the tools they need to think critically about cyber threats to critical infrastructure and the assignments are designed to give students flexibility on the what to dig into.

Intelligence and Cyber Policy

The US cyber apparatus is an oft-discussed but little understood instrument of US national power. This course will define the defensive and offensive cyber elements of the USG and private sector and explain the historical evolution of the terms and concepts. This will include a basic overview of the evolution of the internet, the concepts of computer network exploitation vs computer network attack, and a study of nation state and non-nation state cyber threats. This baseline understanding will then allow students to understand the economic, military, and counter-intelligence threat posed by adversary cyber actors and methods for the USG and private sector to counter these threats. Finally, with this knowledge on-hand, students will debate the efficacy of recently published National Cyber Strategy and associated policies and pending legislation.

Cybercrime and Cybercriminals

This course explores cybercrime’s complex and rapidly evolving world. The course is designed to provide students with a solid foundation in investigative techniques for understanding cybercriminals’ actions, including their motives, tactics, and strategies. Students will gain a thorough understanding of the various roles and functions within cybercriminal organizations. In addition, they will learn the methods used to monetize stolen data and other ill-gotten gains. Through lectures, case studies, and hands-on exercises, students will develop the skills to investigate cybercrime threat actors and assess intelligence reports’ reliability and relevance. Upon completing this course, students will understand the inner workings of the cybercrime landscape. They will also be able to make informed decisions when faced with complex cyber threats. This course is ideal for graduate students interested in cybersecurity, law enforcement, or intelligence analysis. 

The National Security and Critical and Emerging Technology Practicum

The National Security and Critical and Emerging Technology Practicum is an innovative program that gives students extensive, in-depth, real world experience working with external client organizations on projects addressing cybersecurity, mis/disinformation, artificial intelligence, and national security and geopolitical tensions of foreign investment in the technology sector. The practicum provides quality research and analysis to the client, while students develop their research advisory skills and apply concepts learned in the classroom to critical problems. This course is by application only. Past clients included Google, and several divisions within the U.S. State Department.

Data, Tech, and Conflict

This course is designed to interrogate the ways in which data and technology have altered the way we think about conflict – whether over territory, dollars, clicks, or votes. It is designed to enable students to critically interrogate the limits of quantifiable metrics, computable data, and advanced automation in various fields, and examine how data and technology upend longstanding notions of what constitutes “knowing.” Students who complete this course will be better able to distinguish between threat, opportunity, hype, and speculation in an increasingly AI-dominated future.

Introduction to Applied Machine Learning for Threat Intelligence Analysis

This course is designed to provide students with a practical introduction to applied machine learning (ML) to support cyber (and other) threat intelligence investigations and analysis. Students will learn fundamental machine learning concepts, approaches, and best practices, including topics on classification, clustering, and model building and evaluation, and apply them in a practical setting throughout the semester using Python. Where feasible, practical work will focus on substantive examples within the realm of intelligence investigations and analysis to help students become familiar with how such approaches might be put to use in their future analytic endeavors. The course is geared towards students who have no, or very little, prior exposure to coding. Nonetheless, this will be a tough course, and to do well students will be expected to do substantial work to develop their Python skills. Python and introduction to ML are typically taught as two separate classes, so tackling them both in a single course will be an ambitious undertaking for you, but a rewarding one. If you’ve ever wondered what ML is and how it actually works, you will likely find this course interesting.

Threat Intelligence for Information Operations

This class is intended to give students experience in conducting and writing analysis of online information operations and disinformation campaigns, conveying practical skills for those seeking professional threat intelligence analysis or other similar roles. Throughout the semester, students will develop and conduct their own open source investigation of their choosing, culminating at the end of the semester in the completion of a polished threat intelligence report. While open source intelligence (OSINT) investigative techniques will be employed by students throughout the course, it is not intended to be an OSINT techniques course per se. Rather, focus will be placed on producing coherent, concise, accurate and insightful analysis. As part of this, heavy emphasis will be placed on analytic writing, and students will also be exposed to—and conduct—some basic quantitative data analytics. No prior exposure to information operations or disinformation campaigns is expected, as students will learn relevant concepts and lingo as the course progresses.

Evolution of Cyber Policy

This class will explore the different economic, political, and civil tensions that have shaped cyber policy over the last 20 years. Too many practitioners of cyber policy and operations have not thought deeply about the underlying assumptions and history that current policies are based on. Similarly, there is minimal appreciation for how other countries experience the US-dominated approach to the development of the internet economy and how this shapes their own approach to cyber policy. Students will finish the class with an understanding of the fundamental principles of US cyber policy that have remained constant and emerging trends that are leading the US and other countries to assert greater dominance. The class will dive deeper into the accepted wisdom of established cyber norms and principles and determine whether the assumptions these are based on are flawed. Students will also gain a deeper understanding of the domestic and international dynamics that shape Russian and Chinese approach to cyber policy.

Information Conflict and International Order

This course is designed to place information conflict into historical and theoretical context, examining the degree to which technological innovation either reinforces or upsets power dynamics between and among states. It is designed to present students with several frameworks by which to examine how information is wielded and controlled, drawing on foundational insights from international relations scholarship, cybernetics and information theory, and communication and securitization studies. Students who complete this course will be better equipped to diagnose the impacts of emerging information and communications technologies on national security and the geopolitical landscape.

Influence Operations in the Digital Age

This course explores how global actors have weaponized false or misleading information and personas to shape public perceptions, achieve strategic geopolitical goals, make money, and pollute the information environment. Students will study the new tools being used by state and non-state actors and examine the reach/effectiveness of disinformation campaigns in shaping public dialogue. In particular, this course examines how the practice of influence operations has changed in the information age, how both state and non-state actors weaponize technology, social networks, and other tools for dissemination, and what makes human beings and societies vulnerable to influence operations. In addition to covering state- sponsored influence operations, this course also dives into financially motivated operations, the role of traditional media and state media, and the inadvertent spread of viral false information, otherwise known as misinformation. Students will study how to detect influence campaigns using open-source investigative techniques and discuss the difficulties of attribution particular to the influence operations space. Finally, course explores regulatory, diplomatic, technological, and societal mitigations and interventions aimed at protecting the information environment, assessing their effectiveness.

Semiconductors: Industry, Security, and Geopolitics

Semiconductors are the quintessential foundational, and therefore geostrategic, technology. They are simultaneously essential for (a) military and defense technology, weaponry, and equipment; (b) broader geopolitically significant science and technology, such as biosecurity and Artificial Intelligence (AI); and (c) the critical infrastructure and services upon which the daily functioning of societies rest, such as 5G networks. It is this breadth of use-cases that has raised the semiconductor industry from ‘important’ to the level of ‘national security imperative’. This course will take students beyond the buzzwords to examine the technology (and technologies) in question, the supply chains underpinning them, the use-cases they enable, and the evolving and diverging security and economic interests animating the global policy landscape.

Cyber Operations

Long ago, scholars of war and conflict divided their subject into three segments: the strategic, the operational, and the technical. The most widely-discussed of these, strategy, focuses on big questions like deterrence. Technical analysis is also common in specialized courses and, in a topic like cybersecurity, requires a fair amount of computer science knowledge. But operational analysis is too rare. This course takes up this operational lens and uses it to understand how nations project power in cyberspace. Rather than beginning with strategic concepts, such as analogies to other forms of warfare, we will focus first on what actually has happened. We will establish a model for offensive and defensive cyber operations, introducing key terms and concepts that can be flexibly deployed to understand a wide range of incidents. Then we will use this model in analyzing a series of case studies. In each case, we will examine how different groups of government hackers performed their missions and what outcome resulted. With this solid foundation established, we will then use our operational understanding to re-examine strategic ideas like deterrence in a new light.