CYBERSECURITY

2015

Cybersecurity is an important building block of the Internet governance ‘building under construction’. Cybersecurity is one of the seven thematic baskets that make up Internet governance study, together with infrastructure and standardisation, development, legal, sociocultural, economic, and human rights issues. Securing the online space and building trust in it requires a holistic view and comprehensive approach, involving all stakeholders, and requiring global cooperation. Where do you belong in this construction project?

Cybersecurity: a holistic approach

Sunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

January

February

December 2014

S M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

S M T W T F S

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31

2015

Ideally, one should achieve both more security and protection of human rights. If it is not possible which one should weight more: security or human rights?Often, these two fields are addressed separately in their respective silos. Protection of human rights is not only a value-based priority, however; it is also a very practical tool for ensuring that the Internet remains open and secure. Individual Internet users are the pillars of cybersecurity; greater awareness, hygiene, digital literacy, and smart use can contribute to both security and respect of human rights.

Balancing security and human rights

FebruarySunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

March

JanuaryS M T W T F S

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

S M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31

2015

Guess what the weakest link is in cybersecurity? Humans!The majority of cyber-incidents are enabled by intrusion into systems, thanks to the psychological manipulation of users to divulge confidential information (accounts or information about the company or institution).The solution is organisational rather than technical: institutions need clear organisational and security policies. There are numerous standards available, yet most of them are not implemented. Education is equally important.

Strengthening the weakest link

MarchSunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31

April

FebruaryS M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

S M T W T F S

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30

2015

Securing your computer is no different from securing your health: along with regular personal hygiene and medical check-ups, perform digital hygiene and check-ups as well. Good digital hygiene includes:• Maintain your computer and network firewall.• Scan your system with an antivirus software and update your antivirus database.• Update the software and operative system on all your devices.• Change your passwords occasionally.• Use digital signatures and cryptographic tools.• Back up your files.

Digital hygiene

AprilSunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30

May

MarchS M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31

S M T W T F S

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24/31 25 26 27 28 29 30

2015

Ever heard of the Cloud? Recognise Gmail, Facebook, YouTube? They all store your data on servers around the world - in the Cloud. The Cloud is also a very convenient solution for corporations when it comes to renting data storage and computing power. Cloud hosting providers take responsibility for security of their clients’ data and applications, thus taking control out of their clients’ hands. How secure is the Cloud you use? Make sure you check the security standards your Cloud provider follows, and have very clear service-level agreements.

Securing the Cloud

MaySunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24/31 25 26 27 28 29 30

June

AprilS M T W T F S

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30

S M T W T F S

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30

2015

Bots are ordinary computers infected by malware and then hijacked and turned into zombies (roBOTs): while they seem to work normally, in the background they perform commands given by remote bot-masters. These bots are then organised into large global networks - botnets - to spread malware or spam, perform fraud, or issue denial of service (DoS) attacks, etc. Some botnets consist of tens of millions of bots. Researchers estimate that more than 5 percent of computers are acting as malicious bots at any given moment. Is your computer among them?

Avoiding botnets

JuneSunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30

July

MayS M T W T F S

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24/31 25 26 27 28 29 30

S M T W T F S

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31

2015

Imagine hearing ‘knock-knock’ on all the windows and doors in your house at the same time - how would you know which one to respond to first and how. A server receiving excessive loads of data packages can also get confused and stuck. Often, such a denial of service (DoS) is caused by perpetrators sending useless packages - like garbage - to a server, forcing it out of order until it goes through all the garbage. If a DoS is performed by sending garbage from various locations (e.g. by using botnets), the attack is known as a ‘distributed DoS’ (DDoS). Developing incident response teams can help surviving a DDoS attack.

Surviving a DDoS attack

JulySunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31

August

JuneS M T W T F S

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30

S M T W T F S

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23/30 24/31 25 26 27 28 29

2015

Cybercrime includes traditional crimes conducted through cyberspace (like frauds and dark markets), crimes that have evolved due to technology (e.g. credit card frauds and child abuse), and new crimes that have emerged with the Internet (e.g. DoS attacks and Pay per click frauds). Criminals are well connected, but anonymous and leaving barely traceable footprints. Combating cybercrime requires intensive cross-border cooperation by law enforcement authorities - yet there are many obstacles to cooperation: political, bureaucratic and legal, as well as lack of skills.

Combatingcybercrime

AugustSunday Monday Tuesday Wednesday Thursday Friday Saturday

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23/3024/31 25 26 27 28 29

September

JulyS M T W T F S

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31

S M T W T F S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30

2015

Many kids today are more computer literate than adults but while they may know more, they understand less. Unfortunately, parents often don’t realise the threats posed to children in cyberspace. Cyberspace, however, is just an extension of a physical world - real persons are behind virtual identities, and virtual acts can result in real-world consequences. Both parents and kids - as well as educators - need to be more aware of risk and prevention practices. The Internet has opened a world of many good things, but there are bad things lurking on the Web, too.

Child safety

SeptemberSunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30

October

AugustS M T W T F S

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23/30 24/31 25 26 27 28 29

S M T W T F S

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

2015

With society’s increasing (and irreversible) dependence on the Internet, strategic targets – including critical infrastructure - are becoming vulnerable from cyberspace. A malware infection in the computer system of a power plant or a traffic control centre can open the door to manipulation by a third party. A DDoS attack on a major e-government or military server can bring the whole system down. The future of warfare might be very different. A more secure and trustworthy cyberspace leaves less room for use of cyber-weapons.

Cyber-weapons:warfare2.0?

OctoberSunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

November

SeptemberS M T W T F S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30

S M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

2015

What happens if servers and computer networks of major national services - like e-government, power grids or banking - are attacked from a cyber-space (by criminals, hactivists or terrorists)? Each country should have a national Computer Emergency Response Team (CERT) to prevent and respond to incidents. CERTs analyse risks and vulnerabilities, provide advice, assist with response and investigation, act as a platform for information sharing and public-private partnerships, contribute to awareness raising and act as point of contact for international cooperation.

Incident response

NovemberSunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

December

OctoberS M T W T F S

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

S M T W T F S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

2015

Cybersecurity requires cooperation from all stakeholders. End-users and civil society should increase awareness, develop good digital hygiene and cybersecurity culture, and safeguard a balanced approach to security with respect to human rights. The corporate sector should enhance efforts in incident reporting, and invest in awareness raising and capacity building (especially among small and medium enterprises). Governments should support inclusive and multistakeholder policy processes, invest in evidence-based policy-making, raising awareness and building capacities.

Collective responsibility

December 2015Sunday Monday Tuesday Wednesday Thursday Friday Saturday

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

January 2016

NovemberS M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

S M T W T F S

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24/31 25 26 27 28 29 30

DiploFoundation is a non-profit organisation which works towards inclusive and effective diplomacy. It was established in 2002 by the governments of Malta and Switzerland. Diplo’s activities revolve around, and feed into, our focus on education, training, and capacity building: P Courses: We offer postgraduate-level academic courses and training workshops on a variety of diplo-

macy-related topics for diplomats, civil servants, staff of international organisations and NGOs, and students of international relations. Our courses are delivered through online and blended learning.

P Capacity building: With the support of donor and partner agencies, we offer capacity-building pro-grammes for participants from developing countries in a number of topics including Internet Gover-nance, Human Rights, Public Diplomacy and Advocacy, and Health Diplomacy.

P Research: Through our research and conferences, we investigate topics related to diplomacy, Internet governance, and online learning.

P Publications: Our publications range from the examination of contemporary developments in diplo-macy to new analyses of traditional aspects of diplomacy.

P Software development: We have created a set of software applications custom designed for diplo-mats and others who work in international relations. We also excel in the development of online learn-ing platforms.

Diplo is based in Malta, with offices in Geneva and Belgrade. For more information about Diplo, visit http://www.diplomacy.edu

Geneva7bis, Avenue de la Paix

CH-1211 Geneva, SwitzerlandTel. +41 22 907 36 30

MaltaAnutruf, Ground Floor, Hriereb Street

Msida, MSD 1675Tel. +356 21 333 323, Fax +356 21 315 574

BelgradeGavrila P. 44a/33, Address Code 112410

11000 Belgrade, SerbiaTel. +381 11 761 46 09, Fax +381 11 761 47 01

http://www.diplomacy.edu/cybersecurity

The concepts for illustrations in this calendar have been developed by Vladimir Radunović and Jovan Kurbalija. The illustrator is Vladimir Veljašević. The copyright for illustrations is held by DiploFoundation. Diplo encourages the use of the illustrations for educational and other non-commercial purposes. If you are interested in using the illustrations, please contact diplo@diplomacy.edu