A detailed, cross-disciplinary syllabus for a "Cybersecurity Law and Policy" graduate course

University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science.


It's an ambitious and far-reaching interdisciplinary approach to a critical subject; Chesney's accompanying article on Lawfare describes the approach he took to developing the syllabus, which is detailed and "functions a bit like a casebook."

Also of interest: this Twitter thread where Chesney engages with cyberlawyers, security experts, and other practitioners who are suggesting improvements and raising questions.


This blended audience introduces a pedagogical challenge: When covering materials from a particular discipline, how do you make them interesting for the students who hail from that background without making it too hard for the others? There is no easy answer, though the problem has not seemed too significant in practice. It calls for extra care in explaining to the students what they are meant to extract from the readings, and as you will see below I sought to do that in part by including extensive questions-for-consideration in connection with each reading.

At any rate, the problem in practice proves to be much less acute with legal and policy materials than it would be in the reverse situation in which law and policy students might be dropped into a grad-level course in computer science or engineering. The latter is a very serious challenge. We address that problem at UT-Austin by having Matt Tait (@pwnallthethings on Twitter) teach a parallel Cybersecurity Foundations course introducing key technical concepts in a manner designed expressly for the non-technical grad students (law, policy, etc.).

Teaching 'Cybersecurity Law and Policy' Cybersecurity Foundations: Law, Policy, and Institutions [Bobby Chesney/U Texas Law School]