Q&A: Tufts University Program Instills Solid Technical Background for Future Policymakers

The degree takes policy students and helps them gain important technology and cybersecurity knowledge. Similarly, it ensures computer science and cybersecurity majors gain important training in the principles of public policy.

Landau is also the founding director of Tufts’ Cybersecurity Center for the Public Good. She recently spoke to EdTech about the critical importance of protecting systems, democratic institutions and global citizenry from the grave threats posed by cybersecurity bad actors and harmful nation-states.

EDTECH: Please tell us about the genesis for these programs.

LANDAU: In 2020, Tufts launched a master’s degree in Cybersecurity and Public Policy, and I was the initial founding director, from 2019-2023. That’s a degree that takes either tech people or policy people; that could be somebody with an undergraduate degree in economics, political science or international relations, or even something further afield. We teach them some tech and some policy. They've gone off to jobs, sometimes in the government, sometimes in the private sector and some in the nonprofit sector as well. They understand both the policy side of cybersecurity and also the tech side of cybersecurity policy. I'm really pleased with the program.

When I was on sabbatical, I was asked to direct our new Cybersecurity Center for the Public Good. It’s a center in cybersecurity, not cybersecurity policy. We've supported a couple of workshops this past year: one in anonymity, one looking at potential governmental regulatory solutions to increase the security of network communications. I am planning a workshop for the fall on what cybersecurity for the public good actually means. That will involve some policy people and some technical people.

RELATED: Cyber ranges at these universities prepare students for cybersecurity careers.

EDTECH: The center has done a lot of work to support under-resourced nonprofits. Why nonprofits in particular?

LANDAU: Ming Chow, who leads the clinic, has done several consultations with very small nonprofits — five to 10 employees. The consulting course that Ming has designed is an essential part of any kind of representative democracy. These deal with what is, in a sense, the interface between legislators and the public, transmitting information both ways. It turns out that some of the bigger nonprofits Ming has helped are, in fact, the subject of attacks by nation-states, because that is a way to undermine democracy. They’re very important, but they don’t get the same kind of coverage by the press as business and industry do in terms of cyberattacks. And yet, the disruption it can cause to society is actually quite big. They’re all under-resourced.

Speaking as a researcher, not as the director of the center, one of the things that’s important is that there will be commercial solutions, essentially consumer solutions, and security that will make it possible for a journalist to communicate securely without having to get a custom solution built, for example. Many of these nonprofits don’t have a dedicated staff to create or develop this type of solution, and that’s an argument for consumer solutions.

EDTECH: It’s incredible how little common knowledge there is around these areas. How do these concepts touch everyday people?

LANDAU: It affects every aspect of their lives. They probably don’t have a solid understanding of the Fourth Amendment. The problem is that the technology has moved so quickly.

In my research role, I'm working on the Internet of Things at home. If you think about the fact that you can’t buy a TV that’s not a smart TV, which sends back data on what you’re watching, all of that reveals a fair bit about you. I have a smart TV at home, but it is not connected to the internet.

When I founded the master’s degree in cybersecurity and public policy, I wanted students to take away an ability to look at a technical problem and see the policy implications and the technical implications, and be able to explain it cogently to both sides. In the past, we've placed students to do cybersecurity policy internships in the summer. We weren't successful this year, but in the past, they went to The Citizen Lab in Toronto, the Electronic Privacy Information Center, Lawfare, R Street Institute, the Aspen Institute and many others. One who went to the Aspen Institute ended up following his boss to the National Governors Association, which advises the governors of the 50 states, where he did cyber work.

It’s an unusual thing that Tufts has: We have the only tech-informed cybersecurity policy program with an international focus.

EDTECH: From a policy standpoint, is there still a wide gap between those who understand the technology at hand and those who are making laws around it?

LANDAU: Our students either have a technical background, such as an undergraduate degree in computer science or maybe IT, or students with backgrounds economics, history or political science. All students have to take a course in international cyber conflict, a course in privacy in the digital age, and then they have a choice of cyber law and cyber policy or cyber in the civil sector.

The latter, of course, emphasizes why it’s hard to create cybersecurity. There are societal issues and context that makes it difficult: criminal activities, regulatory problems. On the technical side, if somebody comes in with a computer science degree, they skip the courses on how systems work or fail. We have a third technical course, “Cyber for Future Policymakers,” which looks at how the internet works, how encryption works and how encryption is used across the web. That’s not encryption policy, which is covered in cyber law, but where is encryption used to authenticate a person? Looking at applications, we look at digital identity management, quantum computing. And each of those is very brief, but we give them a flavor of the kinds of issues that policymakers ask about.

KEEP READING: How one college student is bringing Gen Z into the cybersecurity conversation.

We're mixing students with policy backgrounds and students with technical backgrounds, and I have a lot of fun. Once, in international cyber conflict class, somebody gave an explanation and someone else said, “That’s all Greek to me.” There was a military student there who said, "Well, I studied Greek, but it’s certainly Latin to me.” I had the technical student explain it again, three or four times, before the military student could understand the explanation. This was to teach the technical student how to explain things to nontechnical people. They do group projects; we always pair nontechnical and technical students because they learn from and teach each other.