CHHS Helps Craft National Cybersecurity Curriculum

March 22, 2019

“Cybersecurity is no longer just an IT issue,” says Markus Rauschecker ’06, Program Director for the University of Maryland Center for Health and Homeland Security (CHHS). “There are a lot of people that need to get involved when it comes to protecting against cybersecurity incidents and also responding to cybersecurity incidents.”

Ben Yelin and Markus Rauschecker

A quick scan of recent ominous headlines warning about data breaches, ransomware, worms, and viruses shows that cybercrime is on the rise. The impact of cybercrime can clearly be seen in the numbers. According to the 2019 Official Annual Cybercrime Security Report by Cybersecurity Ventures, cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015.

While technology professionals are certainly in demand to fill the growing need for cybersecurity experts, there is also explosive growth in the need for cybersecurity law and policy experts capable of advising companies about the legal ramifications and responsibilities surrounding cybersecurity.

“There’s a huge need for cybersecurity professionals in this country and there’s a significant shortage in the amount of qualified people who can fill those open positions,” says Rauschecker. In fact, new cybersecurity workforce research issued by the Information Systems Audit and Control Association, a globally recognized IT governance association, found that 69 percent of respondents say their cybersecurity teams are understaffed.

The workforce shortage is one of the reasons the NSA National Cybersecurity Curriculum Program (NSA NCCP) put out a call for proposals in 2017 to develop a free, open-source cybersecurity curriculum with the goal of building a cyber-skilled workforce that can contribute to the security of the nation in both the public and the private sectors.

Rauschecker and Ben Yelin ’13, Senior Law and Policy Analyst at CHHS, both experts in cybersecurity, answered the call and were awarded a grant in 2017 to develop a cybersecurity law curriculum for the NSA NCCP.

The University of Maryland Francis King Carey School of Law was at the forefront of the cybersecurity crisis wave when it offered its first cyber law course in back 2012 followed by the creation of the Cybersecurity and Crisis Management Law Program in partnership with CHHS in 2016. The cutting edge program combines theoretical study and practice-based learning on legal and policy issues in cybersecurity, homeland security, public health, and emergency management to help prepare graduates in providing effective counsel to government and private sector organization.

“We thought we could fill in an important gap,” says Yelin describing the law and policy focus of their curriculum. “Most educational institutions were going to contribute technical models; lessons on how to protect your network; how to protect your company from ransomware. There was this void when it came to the law and policy issues related to cybersecurity.”

Rauschecker agreed, adding, “Here at Maryland Carey Law we are one of the few schools in the country that really focuses on the legal policy issues in cybersecurity and we’ve done that for a number of years now. We have an advantage over other institutions in that we have such an established program already.”

After the team was awarded the grant in the summer of 2017 they quickly got to work developing a user-friendly curriculum they wanted to be accessible to learners ranging from fellow law professors to mid-career professionals. They spent a year-and-a-half refining and developing three course modules on law and policy issues in cybersecurity which are now available on the Cybersecurity Curriculum Program website “CLARK.”  

The courses are:

  • Cybersecurity Law and Policy
  • Law and Policy of Cyber Crime
  • National Security, Electronic Surveillance and the Fourth Amendment

The courses are broken into 14 micromodules designed to be studied a la carte or as a suggested 8-week course, depending on the user’s level of knowledge. Micromodules in the Law and Policy of Cybercrime course include Warrant Requirements in Cyberspace and Preparedness and Response to Cybercrime Incidents. Other micromodules include Electronic Surveillance Jurisprudence, History and Overview of the Fourth Amendment, and Legal Framework for the Collection of Bulk Metadata.

Yelin says the target audience is mid-career professionals who have no background in law and policy issues and also professors who may be designing their own curricula. “It gives people who are already experts on the technical side an ability to get a foundation of knowledge on all types of law and policy subjects,” he states.

As cybercrime continues to proliferate across the globe, there will be an ever increasing need for lawyers who understand the accompanying complex legal issues. Rauschecker says cybersecurity law is a growing field that is full of opportunities to do meaningful work.

“I always tell my students that this is an area of law that’s still in its formative phase,” he says. “There’s still a lot of open-ended questions that haven’t been answered yet so that means there has to be a lot of robust debate. I think that just makes it a very exciting field to be in. A field where you can really contribute a lot.”