Today’s headlines often feature the word ‘cyber’, reporting on threats related to the virtual world: online child abuse, stolen credit cards and virtual identities, malware and viruses, botnets and denial-of-service attacks on corporate or government servers, cyber-espionage, and cyber-attacks on critical infrastructure including nuclear facilities and power supply networks.
What are the real cybersecurity challenges? What is the role of diplomacy, international legal instruments, and regional and national policies in addressing these threats, and how efficient are they? How does international cooperation in cybersecurity work, and what are the roles of the various stakeholders?
The 10-week advanced thematic course in Cybersecurity covers policy challenges, actors, and initiatives related to cybersecurity, and specifically to cybercrime, security of the core infrastructure, cyberwarfare and cyberterrorism, and Internet safety.
By the end of the course, participants should be able to:
- Identify the defining features of cybersecurity, and the factors which shape the international issues.
- Identify principal threats to cybersecurity; describe and analyse the key cybersecurity issues for users, and states.
- Understand and analyse the Internet security issues for e-commerce including online banking and identity.
- Explain the issues involved in cybercrime, its impact and investigation.
- Understand the threats to the core Internet infrastructure.
- Explain the concepts of cyberwarfare and cyberterrorism, and their role in international Internet policy.
- Understand and assess the challenges involved in social aspects of cybersecurity.
- Explain and analyse the international frameworks for cybersecurity policies and strategies.
The course forms part of the Thematic Phase of Diplo’s Internet Governance Capacity Building Programme (IGCBP). This phase offers in-depth courses that provide deeper understanding of a particular issue. Other courses forming part of this phase - which may run simultaneously or at a later date - include ICT Policy and Strategic Planning, E-participation, History of Internet Governance, Infrastructure and Critical Internet Resources, Intellectual Property Rights, and Privacy and Personal Data Protection.
Excerpt from course materials
‘...One side-effect of the rapid integration of the Internet in almost all aspects of human activity is the increased vulnerability of modern society. The Internet is part of the global critical infrastructure. Other core services of modern society, such as electric grids, transport systems, and health services are increasingly dependent on the Internet. As attacks on these systems may cause severe disruption and have huge financial consequences, they are frequent targets.’ (Lexture text 4.3)
- 1. Introduction to security discusses the historical development of cybersecurity, and global and geo-strategic challenges. The module distinguishes between the common, narrow, understanding of cybersecurity related to cyber-threats, and broader views which include information security and ‘friendly’ cyber conquest through technological standardisation dominance. It also looks at the mapping of targets, and motives behind cyberattacks, such as hactivism, crime, espionage, terrorism, and warfare.
- 2. Cybersecurity threats focuses on vulnerabilities of the Internet. The module reviews key vulnerabilities of cyberspace and common cyber-security threats to individuals and institutions, such as malware (including spyware, Trojans, viruses), botnets, 'Distributed Denial of Service' (DDoS), phishing, e-scams, and identity theft.
- 3. Cybercrime defines and classifies cybercrime, and analyses its economic and social impact. The module then focuses on combatting cybercrime: existing legal frameworks at the global and regional levels, international cooperation frameworks and various law enforcement approaches, computer investigation, and e-forensics.
- 4. Internet safety defines Internet safety, and reviews the challenges of the Web 2.0 era where users are contributors and the Internet is ubiquitous. It then looks at child safety, including cyber-bullying, abuse, and sexual exploitation, and discusses ways to address these challenges through policy, education, and technology.
- 5. Security of the core Internet infrastructure and critical infrastructure explains how the critical components of the Internet work, and discusses the political dimension of global security - the (unilateral) control over the Domain Name System (DNS) - and technical vulnerabilities of the DNS. It then looks at the security and protection of the critical infrastructure: the Internet infrastructure and also water supply facilities, transport, industrial facilities, and power plants. It concludes with expected challenges of future networks: Internet of Things/Next Generation Networks and ‘smart networks’.
- 6. Cyberterrorism and cyber-conflicts discusses cyberterrorism, recent threats, and possible counteracts. It then looks at cyber-conflicts, including the main risks for triggering warfare by cyber-means, and reviews attempts to codify international humanitarian law with regards to cyberspace and draft confidence-building measures and norms related to state behaviour in cyberspace.
- 7. Cyber-security policies and mechanisms analyses national cybersecurity mechanisms, starting with examples of national cybersecurity strategies, followed by a close look at the importance, role, and structure of national Computer Emergency Response Teams (CERTs) / Computer Security Incident Response Teams (CSIRTs). The module then looks at existing international cybersecurity initiatives and frameworks for cooperation, including those by the private sector and technical community, and discusses the importance and risks of public-private partnerships.
- 8. Broader context of cybersecurity correlates cybersecurity and other social and political issues related to digital policies and Internet governance. The module looks at the connection between privacy and security, with particular reflection on social media challenges, issues of openness and online freedoms, and objectionable and harmful content. It then briefly covers ethics and gender issues, and concludes with discussing economic aspects and building trust in e-commerce.