Skip to main navigationSkip to main content
The University of Southampton

LAWS3133 Foundations in Cyber Security Law

Module Overview

Cyber security is one of the top priorities for governments in the 21st century. Security threats in the online environment are multiple, and stem from negligence from businesses dealing with customer data, to criminals (who have found a medium for perpetrating crimes with relative anonymity and on scale previously unseen), terrorists, and even other governments. States are only beginning to grapple with the technical, legal, and social implications of this new environment, and as internet penetration and internet-connected devices are increasing across the globe, so too is the need for swift international legal coordination and cooperation - a significant challenge given the pace of legal change, inter-State politics, and differing visions and values in relation to the Internet. The course provides a solid foundation into some of the key legal cyber security challenges facing us today. While there is a particular focus on UK and EU law, the nature of the topic demands consideration of the international legal rules and principles as they apply in this domain, and developments in other countries are sometimes drawn upon in order to inform analysis of this body of law. The course is divided into five key areas: regulatory challenges, privacy and data protection, cybercrime, cyber-war and cyber-terrorism, and surveillance and cybercrime investigations. This is a challenging course with a dynamic and evolving subject matter. Whilst detailed seminar outlines are provided, significant emphasis is placed on self-learning, enabling concentration on very specific topics and issues.

Aims and Objectives

Module Aims

• Offer an opportunity to explore the threat landscape and some of the security challenges posed with the advent of the Internet and information and communications technology, and their increasing role in our lives; • Encourage a critical understanding of the key features of cyber security law in five key areas (regulatory challenges, privacy and data protection, cybercrime, cyber-war and cyber-terrorism, and surveillance and cybercrime investigations.) • Examine the fundamental principles of law that impact upon regulation in an information society. • Present a context within which to investigate the inter-action between substantive law and other forms of regulation. • consider how fundamental rights operate in a networked environment.

Learning Outcomes

Knowledge and Understanding

Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:

  • Some of the key cyber security legal challenges, particularly those pertaining to regulatory theory, privacy and data protection, cybercrime, cyber-war and cyber-terrorism, and surveillance and cybercrime investigations.
  • The multijurisdictional nature of the cyber security threat landscape and how international legal rules and norms can empower, but also constrain, security responses.
  • The challenges and opportunities for national law in regulating a transnational medium.
  • The interaction between law and alternative mechanisms for regulating activities in a networked environment.
  • Debates concerning any possible reconciliation of the values of privacy and security.
Subject Specific Intellectual and Research Skills

Having successfully completed this module you will be able to:

  • Demonstrate practical and legal awareness of key cyber security challenges.
  • Construct clear and coherent arguments about cyber security law, in writing, and orally (in seminar discussion and activities).
  • Evaluate critically the application and effectiveness of law in relation to key cyber threats
  • Critically analyse the interaction between law and alternative regulatory mechanisms and actors.
  • Assess the importance of international coordination and legal cooperation in the field.
Transferable and Generic Skills

Having successfully completed this module you will be able to:

  • Undertake critical analysis of legal material.
  • Research, formulate and propose appropriate reforms of the law.
  • Deploy analytical and evaluative skills in relation to complex situations and issues, and construct clear and coherent arguments as to how the law should apply.
  • Communicate and discuss complex ideas and arguments.
  • Exercise time management skills.


Cyber Security law is dynamic in nature and an element of flexibility must be preserved vis-à-vis the syllabus which must and will continue to evolve. However, the syllabus comprises five key areas (regulatory challenges, privacy and data protection, cybercrime, cyber-war and cyber-terrorism, and surveillance and cybercrime investigations.) under which discrete topics will be interrogated. Exemplars of these topics are given below, but these topics may change year-by-year, reflecting current developments and allowing syllabus evolution. • Regulatory theory. • Regulators in cyberspace. • The role and liability of ISPs • The Right to Privacy and Data Protection I and II. • Cybercrime I and II • State surveillance I and II. • Cybercrime investigations

Learning and Teaching

Teaching and learning methods

You will be taught by means of a weekly two-hour seminar. The seminars will commence with a brief synthesis of some of the critical issues within the topic under consideration, after which significant emphasis is placed on interactive learning. This may take the form of small group discussion, structured class debates, and guided open forum discussion. You are provided with module materials via blackboard. A detailed document is distributed for each seminar, containing a brief outline of the issues to be covered in the session, a reading list, and a set of discussion questions. You are expected to have read all of the advance readings, and prepared all of the set tasks/questions, for each class. You will also be provided with an opportunity to receive feedback on a formative essay question. Learning activities include • Directed Reading (as per distributed reading lists) • Preparing and writing a formative essay and self-reflection on that process. • Preparation and delivery of oral presentations. • Class discussion (including small group work).

Preparation for scheduled sessions60
Wider reading or practice10
Completion of assessment task40
Follow-up work10
Total study time150

Resources & Reading list

Talinn Manual on the International Law Applicable to Cyber Warfare. 

Richard Clark and Robert Knake (2010). Cyber War. 

Andrew Murray (2013). Information Technology Law. 

Graham J H Smith Bird & Bird (2007). Internet Law and Regulation. 

Ian Lloyd (2015). Information Technology Law. 

Tom Chen, Lee Jarvis, and Stuart Macdonald (eds) (2014). Cyberterrorism: Understanding, Assessment, and Response. 

Thomas Rid (2013). Cyber War Will Not Take Place. 

Lawrence Lessig (2006). Code: Version 2.0. 

Chris Reed (2012). Computer Law. 

Rosemary Jay (2012). Data Protection law and Practice. 

Scott Shackelford (2014). Managing Cyber Attacks in International Law, Business, and Relations. 

Peter Carey (2009). Data Protection: A Practical Guide to UK and EU Law. 

Marco Roscini (2014). Cyber Operations and the Use of Force in International Law. 

Misha Glenny (2011). Darkmarket. 

Ian Walden (2016). Computer Crimes and Digital Investigations. 





MethodPercentage contribution
Essay  (5000 words) 100%


MethodPercentage contribution
Essay  (5000 words) 100%

Repeat Information

Repeat type: Internal & External

Share this module Share this on Facebook Share this on Twitter Share this on Weibo

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.