
The Alperovitch Institute offers a cybersecurity track within the MASCI degree, and provides cybersecurity and intelligence-related teaching to SAIS students in general.
Our courses are taught by leading practitioners and scholars in both the public and the private sectors. A sample of our classes is listed below. We are currently in the process of bringing online classes on security in critical infrastructure, cyber operations, hands-on cybersecurity, and artificial intelligence.
Intelligence II: Cybersecurity, Counterintelligence, and Covert Action (core MASCI class)
On a practical level, state-nexus cyberspace (“cyber”) operations have become a ubiquitous element of contemporary intelligence activities. To that end, this course presents cyber operations through a traditional intelligence tradecraft lens. This includes the specific role and function of cyber operations when they are employed to support intelligence collection, counterintelligence, covert action, and operational enablement activities. Students will also be exposed to how unique elements of cyber activity (such as cybercrime tactics) can and have been leveraged in an intelligence context, the ethics of cyber operations as an intelligence activity, and case studies regarding how different countries approach the conduct of such activities. Students who complete this course will be prepared to interpret state-nexus cyber operations in the context of traditional intelligence contests between states.
Disinformation
Disinformation—or Active Measures, in old-school intelligence terms—is as old as modern intelligence agencies. The rise of disinformation was linked to the ideological clashes that defined the 20th century, and the entire Cold War. As the Soviet Union went down, the internet went up. And after a short hiatus, disinformation was back with a vengeance. This class explores the history, evolution, and metamorphosis of disinformation over the past century. Note: No technical background is required.
Information Security
Cybersecurity is one of the 21st century’s top security concerns. Modern societies rely on the internet, connected devices, and computer-controlled systems, including infrastructure with life—critical applications. The class provides a solid foundation for tomorrow’s leaders to come to terms with one of the most challenging new areas of national security. INFOSEC I and II are offered as a two-term class (INFOSEC I a prerequisite for INFOSEC II). It covers cybersecurity from farm to table starting with the big-picture cyberwar debate; moves to “101” sessions on The Internet, Cryptography, Network Forensics, Industrial Control Systems, Mobile Security, and Open Source Intelligence; and then applies these new tools to higher-level discussions (Attribution, Commercial Espionage, Bulk Collection, Crypto Anarchy, Cyber Crime, Disinformation, Deterrence, and Legal Aspects). Moving from technical to political levels of analysis, this focus is a no-nonsense approach to the politics of cybersecurity and focuses on a triad of technical detail, history, and conceptual clarity. Optional technical labs are organized by students. Students translate between technical and political spheres, and will move into the digital forensics and threat intelligence fields after completing this class.
Global Cyber Threats
Who are the hackers that dominate headlines? This course will answer that question not just with broad terms like “Russia” and “China” but with more focused and nuanced analysis. The course explores known hacking groups, their methods, motivations, and relationship to greater geopolitical developments. The course focuses primarily on state-affiliated threats, though it also touches other realms of the cyberthreat ecosystem as well. Students completing this course will have a foundational knowledge of what nations are doing in cyberspace, an important step towards subject matter expertise. The course also examines many case studies of historic and contemporary adversary behavior, enabling students to gain strategic perspective by examining reporting that includes tactical, operational, and strategic insights.
Intelligence and Cyberspace
On a practical level, state-nexus cyberspace (“cyber”) operations have become a ubiquitous element of contemporary intelligence activities. To that end, this course presents cyber operations through a traditional intelligence tradecraft lens. This includes the specific role and function of cyber operations when they are employed to support intelligence collection, counterintelligence, covert action, and operational enablement activities. Students will also be exposed to how unique elements of cyber activity (such as cybercrime tactics) can and have been leveraged in an intelligence context, the ethics of cyber operations as an intelligence activity, and case studies regarding how different countries approach the conduct of such activities. Students who complete this course will be prepared to interpret state-nexus cyber operations in the context of traditional intelligence contests between states.
Threat Intelligence for Information Operations
This class is intended to give students experience in conducting and writing analysis of online information operations and disinformation campaigns, conveying practical skills for those seeking professional threat intelligence analysis or other similar roles. Throughout the semester, students will develop and conduct their own open source investigation of their choosing, culminating at the end of the semester in the completion of a polished threat intelligence report. While open source intelligence (OSINT) investigative techniques will be employed by students throughout the course, it is not intended to be an OSINT techniques course per se. Rather, focus will be placed on producing coherent, concise, accurate and insightful analysis. As part of this, heavy emphasis will be placed on analytic writing, and students will also be exposed to—and conduct—some basic quantitative data analytics. No prior exposure to information operations or disinformation campaigns is expected, as students will learn relevant concepts and lingo as the course progresses.
Information Conflict and International Order
This course is designed to place information conflict into historical and theoretical context, examining the degree to which technological innovation either reinforces or upsets power dynamics between and among states. It is designed to present students with several frameworks by which to examine how information is wielded and controlled, drawing on foundational insights from international relations scholarship, cybernetics and information theory, and communication and securitization studies. Students who complete this course will be better equipped to diagnose the impacts of emerging information and communications technologies on national security and the geopolitical landscape.
Influence Operations in the Digital Age
This course explores how global actors have weaponized false or misleading information and personas to shape public perceptions, achieve strategic geopolitical goals, make money, and pollute the information environment. Students will study the new tools being used by state and non-state actors and examine the reach/effectiveness of disinformation campaigns in shaping public dialogue. In particular, this course examines how the practice of influence operations has changed in the information age, how both state and non-state actors weaponize technology, social networks, and other tools for dissemination, and what makes human beings and societies vulnerable to influence operations. In addition to covering state- sponsored influence operations, this course also dives into financially motivated operations, the role of traditional media and state media, and the inadvertent spread of viral false information, otherwise known as misinformation. Students will study how to detect influence campaigns using open-source investigative techniques and discuss the difficulties of attribution particular to the influence operations space. Finally, course explores regulatory, diplomatic, technological, and societal mitigations and interventions aimed at protecting the information environment, assessing their effectiveness.
Cyber Operations
Long ago, scholars of war and conflict divided their subject into three segments: the strategic, the operational, and the technical. The most widely-discussed of these, strategy, focuses on big questions like deterrence. Technical analysis is also common in specialized courses and, in a topic like cybersecurity, requires a fair amount of computer science knowledge. But operational analysis is too rare. This course takes up this operational lens and uses it to understand how nations project power in cyberspace. Rather than beginning with strategic concepts, such as analogies to other forms of warfare, we will focus first on what actually has happened. We will establish a model for offensive and defensive cyber operations, introducing key terms and concepts that can be flexibly deployed to understand a wide range of incidents. Then we will use this model in analyzing a series of case studies. In each case, we will examine how different groups of government hackers performed their missions and what outcome resulted. With this solid foundation established, we will then use our operational understanding to re-examine strategic ideas like deterrence in a new light.