Cybersecurity. Course details

Transcription

1 Cybersecurity Course details Today s headlines often feature the word cyber, reporting on threats related to the virtual world: online child abuse, stolen credit cards and virtual identities, malware and viruses, botnets and denial-of-service attacks on corporate or government servers, cyber-espionage, and cyber-attacks on critical infrastructure including nuclear facilities and power supply networks. What are the real cybersecurity challenges? What is the role of diplomacy, international legal instruments, and regional and national policies in addressing these threats, and how efficient are they? How does international cooperation in cybersecurity work, and what are the roles of the various stakeholders? The 10-week advanced thematic course in Cybersecurity covers policy challenges, actors, and initiatives related to cybersecurity, and specifically to cybercrime, security of the core infrastructure, cyberwarfare and cyberterrorism, and Internet safety. By the end of the course, participants should be able to: Identify the defining features of cybersecurity, and the factors which shape the international issues. Identify principal threats to cybersecurity; describe and analyze the key cybersecurity issues for users, and states. Understand and analyze the Internet security issues for e-commerce including online banking and identity. Explain the issues involved in cybercrime, its impact and investigation. Understand the threats to the core Internet infrastructure. Explain the concepts of cyberwarfare and cyberterrorism, and their role in international Internet policy. Understand and assess the challenges involved in social aspects of cybersecurity. Explain and analyze the international frameworks for cybersecurity policies and strategies. The course forms part of the Thematic Phase of Diplo s Internet Governance Capacity Building Programme (IGCBP). This phase offers in-depth courses that provide deeper understanding of a particular issue. Other courses forming part of this phase - which may run simultaneously or at a later date - include ICT Policy and Strategic Planning, E-participation, History of Internet Governance, Infrastructure and Critical Internet Resources, Intellectual Property Rights, and Privacy and Personal Data Protection.

2 Excerpt from course materials...one side-effect of the rapid integration of the Internet in almost all aspects of human activity is the increased vulnerability of modern society. The Internet is part of the global critical infrastructure. Other core services of modern society, such as electric grids, transport systems, and health services are increasingly dependent on the Internet. As attacks on these systems may cause severe disruption and have huge financial consequences, they are frequent targets. (Lexture text 4.3) Course outline 1. Introduction to security discusses the historical development of cybersecurity, and global and geo-strategic challenges. The module distinguishes between the common, narrow, understanding of cybersecurity related to cyber-threats, and broader views which include information security and friendly cyber conquest through technological standardization dominance. It also looks at the mapping of targets, and motives behind cyberattacks, such as hactivism, crime, espionage, terrorism, and warfare. 2. Cybersecurity threats focuses on vulnerabilities of the Internet. The module reviews key vulnerabilities of cyberspace and common cyber-security threats to individuals and institutions, such as malware (including spyware, Trojans, viruses), botnets, 'Distributed Denial of Service' (DDoS), phishing, e- scams, and identity theft. 3. Cybercrime defines and classifies cybercrime, and analyses its economic and social impact. The module then focuses on combatting cybercrime: existing legal frameworks at the global and regional levels, international cooperation frameworks and various law enforcement approaches, computer investigation, and e-forensics. 4. Internet safety defines Internet safety, and reviews the challenges of the Web 2.0 era where users are contributors and the Internet is ubiquitous. It then looks at child safety, including cyber-bullying, abuse, and sexual exploitation, and discusses ways to address these challenges through policy, education, and technology. 5. Critical infrastructure and resources explains how the critical components of the Internet work, and discusses the political dimension of global security - the (unilateral) control over the Domain Name System (DNS) - and technical vulnerabilities of the DNS. It then looks at the security and protection of the critical infrastructure: the Internet infrastructure and also water supply facilities, transport, industrial facilities, and power plants. It concludes with expected challenges of future networks: Internet of Things/Next Generation Networks and smart networks. 6. Cyber-conflict and cyberterrorism discusses cyberterrorism, recent threats, and possible counteracts. It then looks at cyber-conflicts, including the main risks for triggering warfare by cyber-means, and reviews attempts to codify international humanitarian law with regards to cyberspace and draft confidence-building measures and norms related to state behavior in cyberspace.

3 7. Cyber-security policies and mechanisms analyses national cybersecurity mechanisms, starting with examples of national cybersecurity strategies, followed by a close look at the importance, role, and structure of national Computer Emergency Response Teams (CERTs) / Computer Security Incident Response Teams (CSIRTs). The module then looks at existing international cybersecurity initiatives and frameworks for cooperation, including those by the private sector and technical community, and discusses the importance and risks of public-private partnerships. 8. Broader context of cybersecurity correlates cybersecurity and other social and political issues related to digital policies and Internet governance. The module looks at the connection between privacy and security, with particular reflection on social media challenges, issues of openness and online freedoms, and objectionable and harmful content. It then briefly covers ethics and gender issues, and concludes with discussing economic aspects and building trust in e-commerce. Methodology This course is conducted online over a period of ten weeks, including one week of classroom orientation, eight weeks of dynamic class content and activities, and one week for the final assignment. Reading materials and tools for online interaction are provided through an online classroom. Each week, participants read the provided lecture texts, adding comments, references, and questions in the form of hypertext entries. The tutor and other participants read and respond to these entries, creating interaction based on the lecture text. During the week, participants complete additional online activities (e.g. further discussion via blogs or forums or quizzes). At the end of the week, participants and tutors meet online in a chat room to discuss the week s topic. Courses are based on a collaborative approach to learning, involving a high level of interaction. Participants are invited to join Diplo s global Internet governance online community of over 1,400 members, and to attend monthly webinars and other IG-related events and activities. The course materials, the e-learning platform, and the working language of the course is English. Applicants should consider whether their reading and writing skills in English are sufficient to follow postgraduate level materials and discussion. Course lecturers Mr Aapo Cederberg Associate Fellow, Geneva Centre for Security Policy Mr Aapo Cederberg is currently Associate Fellow at the Geneva Centre for Security Policy (GCSP). He was Senior Programme Adviser in the Emerging Security Challenges Programme at GCSP from 2013 to 2015, focusing on cybersecurity matters, especially training courses and security dialogue. Mr Cederberg has served as a Secretary General for the Security Committee of Finland for six years. The Security Committee provides support, advice and

4 expertise for the government in comprehensive security matters and serves as a collaborative platform for the on-going national efforts related to national crisis preparedness. The security committee also works on various initiatives and issues statements and guidelines, such as Security Strategy for the Society and Cyber Security Strategy, to facilitate work towards the common goals. These strategies are government resolutions and were created for the first time during Mr Cederberg s time as well as the mechanisms to implement them in the whole society. The committee also organizes crisis exercises for the government and other stakeholders in society. Mr Cederberg s earlier assignments include working as the Head of Strategic Planning and Foresight at the Ministry of Defense ( ). During his time a first public long-term strategy for the MoD was created (Securely into the Future - Ministry of Defense Strategy 2025). Before this he has had a long career in the service of Finnish Armed Forces, where his latest assignments include holding the position of Commander at the Häme GBAD Battalion ( ) and serving as a Senior Military Adviser at the Permanent Mission of Finland to the OSCE ( ). Dr Stefanie Frey Managing Director at Deutor Cyber Security Solutions Switzerland GmbH Dr Stefanie Frey, Managing Director at Deutor Cyber Security Solutions Switzerland GmbH, is specialized in developing strategies and solutions against criminal acts in the digital space for states, international organizations, and companies in close cooperation with law enforcement and other relevant bodies. She worked several years for the Swiss government as coordinator for the implementation of the National Cyber Strategy of Switzerland. She made contributions to ENISA's Cyber Security Working Group and the OECD Working Party on Security and Privacy in the Digital Economy (SPDE), and has influenced the outcome of the Digital Security Risk Recommendation. She is actively engaged in shaping the regional and global cybersecurity agenda with international and regional organizations. Dr. Frey holds a PhD from the Department of War Studies from King`s College London and a MBA from the International School of Management (ISM) in Dortmund and has several publication on cyber security, the Cold War and World War II. Mr Tracy Hackshaw ICT and Digital Economy Strategist and Director, Trinidad and Tobago Multistakeholder Advisory Group Mr Tracy Hackshaw is an ICT and Digital Economy Strategist possessing close to twenty-five (25) years' experience spanning work in the public and private sectors both locally and internationally, including representing Trinidad & Tobago in various international forums. Included in his portfolio are engagements on the Executive Management Committee of the Commonwealth Cybercrime Initiative, a two-year term as Vice Chair of ICANN s Governmental Advisory Committee, Small Island Developing States annual workshop coordination at the United Nations Internet Governance Forum, Academic Teaching and Research work at the DiploFoundation/University of Malta and at The University of the West Indies, as well as professional leadership roles in the Ministries of Science & Technology,

5 Public Administration and Planning & Development, igovtt, ttconnect, and Star.tt among several other entities and organizations. He is a Director of the Trinidad & Tobago Multistakeholder Advisory Group, which convened the inaugural Trinidad & Tobago Internet Governance Forum in January Tracy is the founding Vice Chair of the Internet Society Trinidad & Tobago Chapter and was elected its Chair in Ms Virginia Paque Internet Governance and E-diplomacy Programmes Born (and currently residing) in the United States, Ms Virginia (Ginger) Paque lived in Venezuela for more than 35 years. An educator and administrator by profession, she has 25 years experience in business and manufacturing systems consulting. As a board member of the United Nations Association of Venezuela, her work as the Venezuelan member of the World Federation of United Nations Associations Task Force on WSIS marked her entry to the world of Internet governance (IG) during the Geneva PrepComs. Active in Civil Society discussions on IG, Ginger served as IG Caucus co-coordinator for two years. She was a member of the UN Internet Governance Forum (IGF) Multistakeholder Advisory Group (MAG) from 2015 to Having completed a Master in Contemporary Diplomacy with a thesis focusing on the importance of IG as a new diplomatic priority, Ginger currently lectures on IG for Diplo and curates human rights topics for the GIP Digital Watch observatory. Dr Stephanie Borg Psaila Digital Policy Director Dr Stephanie Borg Psaila is the Digital Policy Director, and the Editor of the GIP Digital Watch observatory, and works extensively on Internet governance programmes, events, and activities at DiploFoundation and the Geneva Internet Platform. She holds a Doctorate in Law (LL.D.), a Master's in Contemporary Diplomacy, and two law-related diplomas from the University of Malta, and her areas of interest include legal issues in Internet governance, human rights, and e- diplomacy. She is also a former journalist with The Sunday Times of Malta. Mr Vladimir Radunović Cybersecurity and E-diplomacy Programmes Director Serbian-born Mr Vladimir (Vlada) Radunović is a lecturer in cybersecurity policy, Internet governance, and e-diplomacy on postgraduate and professional courses. He also serves as a member of the Advisory Board of the Global Forum on Cyber Expertise (GFCE) and as an expert with the Geneva Internet Platform. He served as a member of the Multistakeholder Advisory Group of the UN Internet Governance Forum (IGF) from 2012 to Vlada has been a lecturer, speaker, and resource person on a number of educational and training programmes and events worldwide, including within the WSIS and IGF processes. His professional and research focus is on Internet governance, broadband policy and net neutrality, cybersecurity and cyber-diplomacy, e-diplomacy, and capacity development. He holds an MSc in Electrical Engineering from the University of Belgrade and a Master s in Contemporary Diplomacy from the University of Malta. He is currently working on his PhD in cybersecurity.

6 Dr Tatiana Tropina Senior Researcher, Max Planck Institute for Foreign and International Criminal Law Dr Tatiana Tropina is a senior researcher at the Max Planck Institute for Foreign and International Criminal Law. She has been conducting cybercrime research for 15 years, starting in Russia in 2002, where she became the first Russian researcher to defend a PhD thesis on cybercrime (2005). From 2003 to 2008, she worked full-time as a lawyer and then as head of the legal departments of a number of telecommunication companies. In 2008, she won the British Chevening Scholarship to study telecommunications management at the Business School of Strathclyde University, Glasgow. In 2009, she was awarded a German Chancellor Fellowship (Alexander von Humboldt Foundation) and moved to Germany to pursue her research on legal frameworks for cybercrime. Since 2009, Tatiana Tropina has been involved in both legal research and various applied cybercrime projects at the international level. This activity includes such projects as carrying out a cybercrime study for the Global Symposium of Regulators (ITU, 2010), and serving as a consultant to the UNODC Comprehensive Cybercrime Study ( ) and to the World Bank's World Development Report 2016 (2015).