Handbook

This course provides an introduction to the rapidly growing field of cyber security and to the role played by law and legal professionals in regulating it. This multi-disciplinary course is an opportunity for law students to develop an understanding of the role played by law in cyber policy and operation, and then to work alongside future security engineers solving cyber security challenges. Law students will focus on the role of regulation, while engineering students (COMP6441/COMP6841 Security Engineering and Cyber Security) will cover more technical computing material, with all students coming together in tutorials to analyse policy and practical challenges. Law students are the ‘legal experts’ in interdisciplinary spaces, engaging with engineering students in collective problem-solving. Over the course of the Term, students will gain confidence in working collaboratively with engineers.

The course is not a typical law course in its structure or assessment. Law students attend a two hour lecture on the foundations of cyber security (with Engineering students), a two hour law seminar, and a two hour tutorial (with Engineering students) each week. While there are few readings (mostly statutes and policy documents, some cases), there are online law and engineering activities to complete each week. These sometimes take law students outside their comfort zone, encouraging "security thinking" and an "attacker mindset." Students should expect to commit approximately 15 hours a week to the course including attendance, self-directed research, completion of on-line modules, preparation for tutorials and seminars, and completion of assessment.

Foundational security topics to which law students are introduced include insiders, privacy, cybercrime, social engineering, risk, secrets, authentication, physical security, weakest link, supply chain, cognitive biases, organisational change, incident response, security analysis, open source intelligence and reconnaissance. These are introduced through case studies, focusing on recent developments. Legal topics include relevant aspects of tort law, contract law, consumer law, directors duties, privacy law, telecommunications regulation, critical infrastructure regulation, criminal law, national security and law enforcement powers, and international law. The focus is on Australian law, but comparative material is included where relevant. Other regulation (such as national policy and standards) are also discussed. The goal is understanding how the different strands of law apply to current policy problems in the field of cyber security, rather than being a comprehensive coverage of particular doctrinal domains covered elsewhere in the degree. Tutorials provide an interactive opportunity to tackle complex policy problems from a multi-disciplinary perspective.

The primary background needed is a keen, devious and analytical mind. Technical computing skills are not needed. However for those wishing to acquire or appreciate the technical aspects of cyber security – all engineering lectures, classes, and learning activities are open and available for law students to attend. This is entirely optional and non-examinable. It is for those who are curious. To get the most from this course, students will need to engage in independent study and research and be able to act as independent self-directed learners.