calendar 2015: cybersecurity
DESCRIPTION
DiploFoundation provides support and institutional capacity building in field of cybersecurity and Internet governance. This calendar is an attempt to raise awareness about some of the main aspects of cybersecurity. For more information about Diplo cybersecurity programmes, and to download the "Do it yourself" print version of this calendar, visit: www.diplomacy.edu/cybersecurityTRANSCRIPT
Cybersecurity is an important building block of the Internet governance ‘building under construction’. Cybersecurity is one of the seven thematic baskets that make up Internet governance study, together with infrastructure and standardisation, development, legal, sociocultural, economic, and human rights issues. Securing the online space and building trust in it requires a holistic view and comprehensive approach, involving all stakeholders, and requiring global cooperation. Where do you belong in this construction project?
Cybersecurity: a holistic approach
Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
January
February
December 2014
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
S M T W T F S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
2015
Ideally, one should achieve both more security and protection of human rights. If it is not possible which one should weight more: security or human rights?Often, these two fields are addressed separately in their respective silos. Protection of human rights is not only a value-based priority, however; it is also a very practical tool for ensuring that the Internet remains open and secure. Individual Internet users are the pillars of cybersecurity; greater awareness, hygiene, digital literacy, and smart use can contribute to both security and respect of human rights.
Balancing security and human rights
FebruarySunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
March
JanuaryS M T W T F S
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
2015
Guess what the weakest link is in cybersecurity? Humans!The majority of cyber-incidents are enabled by intrusion into systems, thanks to the psychological manipulation of users to divulge confidential information (accounts or information about the company or institution).The solution is organisational rather than technical: institutions need clear organisational and security policies. There are numerous standards available, yet most of them are not implemented. Education is equally important.
Strengthening the weakest link
MarchSunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
April
FebruaryS M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
S M T W T F S
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
2015
Securing your computer is no different from securing your health: along with regular personal hygiene and medical check-ups, perform digital hygiene and check-ups as well. Good digital hygiene includes:• Maintain your computer and network firewall.• Scan your system with an antivirus software and update your antivirus database.• Update the software and operative system on all your devices.• Change your passwords occasionally.• Use digital signatures and cryptographic tools.• Back up your files.
Digital hygiene
AprilSunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
May
MarchS M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24/31 25 26 27 28 29 30
2015
Ever heard of the Cloud? Recognise Gmail, Facebook, YouTube? They all store your data on servers around the world - in the Cloud. The Cloud is also a very convenient solution for corporations when it comes to renting data storage and computing power. Cloud hosting providers take responsibility for security of their clients’ data and applications, thus taking control out of their clients’ hands. How secure is the Cloud you use? Make sure you check the security standards your Cloud provider follows, and have very clear service-level agreements.
Securing the Cloud
MaySunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24/31 25 26 27 28 29 30
June
AprilS M T W T F S
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
S M T W T F S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
2015
Bots are ordinary computers infected by malware and then hijacked and turned into zombies (roBOTs): while they seem to work normally, in the background they perform commands given by remote bot-masters. These bots are then organised into large global networks - botnets - to spread malware or spam, perform fraud, or issue denial of service (DoS) attacks, etc. Some botnets consist of tens of millions of bots. Researchers estimate that more than 5 percent of computers are acting as malicious bots at any given moment. Is your computer among them?
Avoiding botnets
JuneSunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
July
MayS M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24/31 25 26 27 28 29 30
S M T W T F S
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
2015
Imagine hearing ‘knock-knock’ on all the windows and doors in your house at the same time - how would you know which one to respond to first and how. A server receiving excessive loads of data packages can also get confused and stuck. Often, such a denial of service (DoS) is caused by perpetrators sending useless packages - like garbage - to a server, forcing it out of order until it goes through all the garbage. If a DoS is performed by sending garbage from various locations (e.g. by using botnets), the attack is known as a ‘distributed DoS’ (DDoS). Developing incident response teams can help surviving a DDoS attack.
Surviving a DDoS attack
JulySunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
August
JuneS M T W T F S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
S M T W T F S
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23/30 24/31 25 26 27 28 29
2015
Cybercrime includes traditional crimes conducted through cyberspace (like frauds and dark markets), crimes that have evolved due to technology (e.g. credit card frauds and child abuse), and new crimes that have emerged with the Internet (e.g. DoS attacks and Pay per click frauds). Criminals are well connected, but anonymous and leaving barely traceable footprints. Combating cybercrime requires intensive cross-border cooperation by law enforcement authorities - yet there are many obstacles to cooperation: political, bureaucratic and legal, as well as lack of skills.
Combatingcybercrime
AugustSunday Monday Tuesday Wednesday Thursday Friday Saturday
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23/3024/31 25 26 27 28 29
September
JulyS M T W T F S
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
S M T W T F S
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
2015
Many kids today are more computer literate than adults but while they may know more, they understand less. Unfortunately, parents often don’t realise the threats posed to children in cyberspace. Cyberspace, however, is just an extension of a physical world - real persons are behind virtual identities, and virtual acts can result in real-world consequences. Both parents and kids - as well as educators - need to be more aware of risk and prevention practices. The Internet has opened a world of many good things, but there are bad things lurking on the Web, too.
Child safety
SeptemberSunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
October
AugustS M T W T F S
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23/30 24/31 25 26 27 28 29
S M T W T F S
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
2015
With society’s increasing (and irreversible) dependence on the Internet, strategic targets – including critical infrastructure - are becoming vulnerable from cyberspace. A malware infection in the computer system of a power plant or a traffic control centre can open the door to manipulation by a third party. A DDoS attack on a major e-government or military server can bring the whole system down. The future of warfare might be very different. A more secure and trustworthy cyberspace leaves less room for use of cyber-weapons.
Cyber-weapons:warfare2.0?
OctoberSunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
November
SeptemberS M T W T F S
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
2015
What happens if servers and computer networks of major national services - like e-government, power grids or banking - are attacked from a cyber-space (by criminals, hactivists or terrorists)? Each country should have a national Computer Emergency Response Team (CERT) to prevent and respond to incidents. CERTs analyse risks and vulnerabilities, provide advice, assist with response and investigation, act as a platform for information sharing and public-private partnerships, contribute to awareness raising and act as point of contact for international cooperation.
Incident response
NovemberSunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
December
OctoberS M T W T F S
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
S M T W T F S
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
2015
Cybersecurity requires cooperation from all stakeholders. End-users and civil society should increase awareness, develop good digital hygiene and cybersecurity culture, and safeguard a balanced approach to security with respect to human rights. The corporate sector should enhance efforts in incident reporting, and invest in awareness raising and capacity building (especially among small and medium enterprises). Governments should support inclusive and multistakeholder policy processes, invest in evidence-based policy-making, raising awareness and building capacities.
Collective responsibility
December 2015Sunday Monday Tuesday Wednesday Thursday Friday Saturday
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
January 2016
NovemberS M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24/31 25 26 27 28 29 30
DiploFoundation is a non-profit organisation which works towards inclusive and effective diplomacy. It was established in 2002 by the governments of Malta and Switzerland. Diplo’s activities revolve around, and feed into, our focus on education, training, and capacity building: P Courses: We offer postgraduate-level academic courses and training workshops on a variety of diplo-
macy-related topics for diplomats, civil servants, staff of international organisations and NGOs, and students of international relations. Our courses are delivered through online and blended learning.
P Capacity building: With the support of donor and partner agencies, we offer capacity-building pro-grammes for participants from developing countries in a number of topics including Internet Gover-nance, Human Rights, Public Diplomacy and Advocacy, and Health Diplomacy.
P Research: Through our research and conferences, we investigate topics related to diplomacy, Internet governance, and online learning.
P Publications: Our publications range from the examination of contemporary developments in diplo-macy to new analyses of traditional aspects of diplomacy.
P Software development: We have created a set of software applications custom designed for diplo-mats and others who work in international relations. We also excel in the development of online learn-ing platforms.
Diplo is based in Malta, with offices in Geneva and Belgrade. For more information about Diplo, visit http://www.diplomacy.edu
Geneva7bis, Avenue de la Paix
CH-1211 Geneva, SwitzerlandTel. +41 22 907 36 30
MaltaAnutruf, Ground Floor, Hriereb Street
Msida, MSD 1675Tel. +356 21 333 323, Fax +356 21 315 574
BelgradeGavrila P. 44a/33, Address Code 112410
11000 Belgrade, SerbiaTel. +381 11 761 46 09, Fax +381 11 761 47 01
http://www.diplomacy.edu/cybersecurity
The concepts for illustrations in this calendar have been developed by Vladimir Radunović and Jovan Kurbalija. The illustrator is Vladimir Veljašević. The copyright for illustrations is held by DiploFoundation. Diplo encourages the use of the illustrations for educational and other non-commercial purposes. If you are interested in using the illustrations, please contact [email protected]