Cybersecurity. Course details

Transcription

1 Cybersecurity Course details Today s headlines often feature the word cyber, reporting on threats related to the virtual world: online child abuse, stolen credit cards and virtual identities, malware and viruses, botnets and denial-of-service attacks on corporate or government servers, cyber-espionage, and cyber-attacks on critical infrastructure including nuclear facilities and power supply networks. What are the real cybersecurity challenges? What is the role of diplomacy, international legal instruments, and regional and national policies in addressing these threats, and how efficient are they? How does international cooperation in cybersecurity work, and what are the roles of the various stakeholders? The 10-week advanced thematic course in cybersecurity covers policy challenges, actors, and initiatives related to cybersecurity, and specifically to cybercrime, security of the core infrastructure, cyberwarfare and cyberterrorism, and Internet safety. By the end of this course, participants should be able to: Identify the defining features of cybersecurity, and the factors which shape the international issues. Identify principal threats to cybersecurity; describe and analyse the key cybersecurity issues for users, and states. Understand and analyse the Internet security issues for e-commerce including online banking and identity. Explain the issues involved in cybercrime, its impact and investigation. Understand the threats to the core Internet infrastructure. Explain the concepts of cyberwarfare and cyberterrorism, and their role in international Internet policy. Understand and assess the challenges involved in social aspects of cybersecurity. Explain and analyse the international frameworks for cybersecurity policies and strategies. Excerpt from course materials...one side-effect of the rapid integration of the Internet in almost all aspects of human activity is the increased vulnerability of modern society. The Internet is part of the global critical infrastructure. Other core services of modern society, such as electric grids, transport systems, and health services are increasingly dependent on the Internet. As attacks on these systems may cause severe disruption and have huge financial consequences, they are frequent targets. (Lexture text 4.3) Course outline

2 1. Introduction to security discusses the historical development of cybersecurity, and global and geo-strategic challenges. The module distinguishes between the common, narrow, understanding of cybersecurity related to cyber-threats, and broader views which include information security and friendly cyber conquest through technological standardisation dominance. It also looks at the mapping of targets, and motives behind cyberattacks, such as hactivism, crime, espionage, terrorism, and warfare. 2. Cybersecurity threats focuses on vulnerabilities of the Internet. The module reviews key vulnerabilities of cyberspace and common cyber-security threats to individuals and institutions, such as malware (including spyware, Trojans, viruses), botnets, 'Distributed Denial of Service' (DDoS), phishing, e-scams, and identity theft. 3. Cybercrime defines and classifies cybercrime, and analyses its economic and social impact. The module then focuses on combatting cybercrime: existing legal frameworks at the global and regional levels, international cooperation frameworks and various law enforcement approaches, computer investigation, and e-forensics. 4. Internet safety defines Internet safety, and reviews the challenges of the Web 2.0 era where users are contributors and the Internet is ubiquitous. It then looks at child safety, including cyber-bullying, abuse, and sexual exploitation, and discusses ways to address these challenges through policy, education, and technology. 5. Critical infrastructure and resources explains how the critical components of the Internet work, and discusses the political dimension of global security - the (unilateral) control over the Domain Name System (DNS) - and technical vulnerabilities of the DNS. It then looks at the security and protection of the critical infrastructure: the Internet infrastructure and also water supply facilities, transport, industrial facilities, and power plants. It concludes with expected challenges of future networks: Internet of Things/Next Generation Networks and smart networks. 6. Cyber-conflict and cyberterrorism discusses cyberterrorism, recent threats, and possible counteracts. It then looks at cyber-conflicts, including the main risks for triggering warfare by cyber-means, and reviews attempts to codify international humanitarian law with regards to cyberspace and draft confidence-building measures and norms related to state behaviour in cyberspace. 7. Cyber-security policies and mechanisms analyses national cybersecurity mechanisms, starting with examples of national cybersecurity strategies, followed by a close look at the importance, role, and structure of national Computer Emergency Response Teams (CERTs) / Computer Security Incident Response Teams (CSIRTs). The module then looks at existing international cybersecurity initiatives and frameworks for cooperation, including those by the private sector and technical community, and discusses the importance and risks of public-private partnerships. 8. Broader context of cybersecurity correlates cybersecurity and other social and political issues related to digital policies and Internet governance. The module looks at the connection between privacy and security, with particular reflection on social media challenges, issues of openness and online freedoms, and

3 objectionable and harmful content. It then briefly covers ethics and gender issues, and concludes with discussing economic aspects and building trust in e-commerce. Methodology This course is conducted online over a period of ten weeks, including one week of classroom orientation, eight weeks of dynamic class content and activities, and one week for the final assignment. Reading materials and tools for online interaction are provided through an online classroom. Each week, participants read the provided lecture texts, adding comments, references, and questions in the form of hypertext entries. The tutor and other participants read and respond to these entries, creating interaction based on the lecture text. During the week, participants complete additional online activities (e.g. further discussion via blogs or forums or quizzes). At the end of the week, participants and tutors meet online in a chat room to discuss the week s topic. Courses are based on a collaborative approach to learning, involving a high level of interaction. Participants are invited to join Diplo s global Internet governance online community of over 1,400 members, and to attend monthly webinars and other IG-related events and activities. The course materials, the e-learning platform, and the working language of the course is English. Course lecturers Dr Stephanie Borg Psaila Dr Stephanie Borg Psaila is DiploFoundation's Digital Policy Director, and the Editor of the GIP Digital Watch observatory. She holds a Doctorate in Law (LL.D.), a Master's in Contemporary Diplomacy, and two law-related diplomas from the University of Malta, and is a former journalist with The Sunday Times of Malta, and The Times of Malta (covering education). Currently, she works on Internet governance programmes, events and activities. Her areas of interest include legal issues in Internet governance, including jurisdiction on the Internet, which was the focus of her doctorate dissertation, human rights, and e-diplomacy. Mr Aapo Cederberg Mr Aapo Cederberg s current position is Senior Programme Adviser at the Geneva Centre for Security Policy (GCSP). His main area of responsibility is cybersecurity matters and to organise training courses and security dialogue on this topic. Mr Cederberg has served as a Secretary General for the Security Committee of Finland for six years. The Security Committee provides support, advice and

4 expertise for the government in comprehensive security matters and serves as a collaborative platform for the on-going national efforts related to national crisis preparedness. The security committee also works on various initiatives and issues statements and guidelines, such as Security Strategy for the Society and Cyber Security Strategy, to facilitate work towards the common goals. These strategies are government resolutions and were created for the first time during Mr Cederberg s time as well as the mechanisms to implement them in the whole society. The committee also organises crisis exercises for the government and other stakeholders in society. Mr Cederberg s earlier assignments include working as the Head of Strategic Planning and Foresight at the Ministry of Defence ( ). During his time a first public long-term strategy for the MoD was created (Securely into the Future - Ministry of Defence Strategy 2025). Before this he has had a long career in the service of Finnish Armed Forces, where his latest assignments include holding the position of Commander at the Häme GBAD Battalion ( ) and serving as a Senior Military Adviser at the Permanent Mission of Finland to the OSCE ( ). Mr Tracy Hackshaw Mr. Tracy Hackshaw is an ICT and Digital Economy Strategist possessing close to twenty-five (25) years' experience spanning work in the public and private sectors both locally and internationally, including representing Trinidad & Tobago in various international forums. Included in his portfolio are engagements on the Executive Management Committee of the Commonwealth Cybercrime Initiative, a two-year term as Vice Chair of ICANN s Governmental Advisory Committee, Small Island Developing States annual workshop coordination at the United Nations Internet Governance Forum, Academic Teaching and Research work at the DiploFoundation/University of Malta and at The University of the West Indies, as well as professional leadership roles in the Ministries of Science & Technology, Public Administration and Planning & Development, igovtt, ttconnect, and Star.tt among several other entities and organisations. He is a Director of the Trinidad & Tobago Multistakeholder Advisory Group, which convened the inaugural Trinidad & Tobago Internet Governance Forum in January Tracy is the founding Vice Chair of the Internet Society Trinidad & Tobago Chapter and was elected its Chair in More about Tracy. Ms Marilia Maciel Ms Marília Maciel is a Digital Policy Senior Researcher at DiploFoundation. Previously, she was a researcher and coordinator of the Center for Technology and Society of the Getulio Vargas Foundation (CTS/FGV) in Rio de Janeiro. She serves as a councillor at ICANN s Generic Names Supporting Organization (GNSO) representing the Non-commercial Stakeholder Group (NCSG). Marília is a former member of the Working Group on improvements to the Internet Governance

5 Forum ( ), created under the auspices of the Commission on Science and Technology for Development (UN CSTD). She was also a member of the Multistakeholder Executive Committee of NETmundial and she represented CTS/FGV in meetings of the Committee on Copyright and Related Rights (SCCR) of the World Intellectual Property Organization (WIPO). Marília is a PhD candidate at the University of Bordeaux Montaigne, on Information and Communication Sciences. She holds a Master's degree in Latin American Integration from the Federal University of Santa Maria (2008) and a law degree from the Federal University of Pernambuco (2005), where she was awarded with a research grant from the State of Pernambuco Research Foundation (FACEPE) to investigate issues related to taxation and electronic commerce. Ms Virginia Paque Ms Virginia Paque was born in the United States, but lived in Venezuela for more than 35 years. An educator and administrator by profession, she has 25 years experience in business and manufacturing systems consulting. As a board member of the United Nations Association of Venezuela, her work as the Venezuelan member of the World Federation of United Nations Associations Task Force on WSIS brought her into the world of IG during the Geneva PrepComs. She is active in Civil Society discussions on IG, and served as IG Caucus co-coordinator for two years. She has Master in Contemporary Diplomacy with a thesis on the importance of IG as a new diplomatic priority. She is a member of the UN Internet Governance Forum (IGF) Multistakeholder Advisory Group (MAG). Mr Vladimir Radunović Vladimir Radunović is a director of e-diplomacy and cybersecurity programmes at DiploFoundation. He is a lecturer in cybersecurity policy, Internet governance, and e-diplomacy at postgraduate and professional courses. Vladimir also serves as a member of the Advisory Board of the Global Forum on Cyber Expertise (GFCE) and as an expert with the Geneva Internet Platform, and served as a member of the Multistakeholder Advisory Group of the UN Internet Governance Forum (IGF) He has been a lecturer, speaker and resource person in number of educational and training programmes and events worldwide, including within the WSIS and IGF processes. His professional and research focus is on Internet governance, broadband policy and net neutrality, cybersecurity and cyberdiplomacy, e-diplomacy, and capacity development. He holds an MSc in electrical engineering and a Master degree in contemporary diplomacy, and has undertaken a PhD programme in cybersecurity. He was born and lives in Serbia.