CARLISLE, Pa. — Carrying a smartphone, using a wearable device, opening an app, entering a search query, or checking the weather — things many people do throughout the day — potentially may open the user's data to collection and cybersecurity risks. The National Security Agency (NSA), recognizing an urgent need for nationwide education about cyber technology, policy and law, has worked with a trio of Penn State professors to develop a comprehensive, online, and nationally offered cyber law and policy course.

The professors, Anne Toomey McKenna, distinguished scholar of cyber law and policy at Dickinson Law and professor of practice for Penn State’s Institute for CyberScience; James W. Houck, director of Penn State’s Center for Security Research and Education and distinguished scholar at Penn State Law and the School of International Affairs; and Scott Sigmund Gartner, director of Penn State’s School of International Affairs and professor of international affairs, designed a course that examines cyber technology, cyber governance, cyber law, and cyber policy for nonlawyers.

“Principles of Cyber Law and Policy” went live on the Clark Center site this summer as part of a broader effort through the National Initiatives in CyberSecurity Education (NICE). The course educates the public, business professionals, and our workforce about cybersecurity, cyber risks, and the law. The course consists of four primary modules broken down into thirty lesson units that cover technology, domestic law, and national security, but the units can be taught as stand-alone lessons. It is designed so that undergraduate students, national security policy professionals, and law students and professors can all take or use parts of the course.

The course is different than a typical offering on cyber or national security law or policy, as it combines technology, domestic law, and national security law and policy cohesively together in one class, according to the team. McKenna has practiced law and taught and published extensively in the fields of electronic surveillance, cyber and privacy law, and she consults regularly with intelligence agencies and government and NGO institutions; Houck is the former Judge Advocate General of the U.S. Navy; and Gartner has published extensively on national security and is a senior advisor for a U.S. intelligence agency.

Their collective experience and unique expertise offers students a multi-faceted window into the complexities of cyber law and policy from a global perspective.

“Combining the expertise of domestic cyber law and national security professors gave the curriculum greater depth,” said Houck.

McKenna noted, “I’ve taught advanced law courses in cyber and privacy for years, but those only lightly touch upon international law in cyber operations. This course integrates all these aspects.”

“It’s important,” added Gartner, “to ensure students understand how law and policy go hand in hand. This course does that.”

The course starts with how the U.S. government is structured, and teaches the difference between federal and state court systems and explain U.S. systems of cyber governance.

“We designed the course as a good basic introduction to the topic of cyber operations, which is timely and complex,” said Houck. “We strove to capture as many elements as we could in one course. My objective was to help people understand that international cyber law is only beginning to develop and nations have a long way to go before they will agree on what it is.”

For her part, McKenna created much of the content that explains how technology and cyber communications platforms work and how they intersect with U.S. law. As she describes the course, “merging technology, domestic law, and national security law into one course was a tall order, but doing so is necessary to understanding cybersecurity today.”

McKenna, Houck and Gartner agree that self-education may equal self-protection as the digital era progresses.

“The more that people have a basic literacy of cyber law, the better off they are going to be,” Houck said.