Carnegie Mellon University

Course 90-802 (Information Security: Comparison of US and European Policies)

Units: 12

At the beginning of the nineties information security was still an arcane subject for computer scientists and security engineers. And most experts thought that information and network security was an important issue for system engineers and computer scientists, but not something policy makers in governments and unknowledgeable politicians should deal with. A decade later "cybersecurity" became the object of a whole variety of governmental policies. Why and how this happened and what the crucial elements of these cybersecurity policies are, we will explore in this course from a comparative perspective.

We will look at strategies of the US, the European Union, and Asian countries to gain control and secure communication and information flows in cyberspace. First we will develop a better understanding of different concepts of security and then we will analyze why information and network security become a public policy issue. In a second step we will discuss the critical choices policy makers face in their efforts to develop strategies to secure cyberspace. Finally we will ask how national governments deal with the limited reach of territorially bound rules and regulation in a network of networks without bounds. Scholars and politicians in the realist mode of international politics argue that nation states -- at least the powerful ones like the US -- are very well able to shape the architecture of the Internet as a global network of networks and control its use. Others, like the EU and governments in Asia, assume that even the most powerful states will have to enter into new forms of international cooperation in order to secure cyberspace.

We will not solve the dispute, but we will try to better understand the (un)intended consequences of these two policy options.