Calendar 2015: Cybersecurity

Page 1

CYBERSECURITY

2015


Cybersecurity: a holistic approach

Cybersecurity is an important building block of the Internet governance ‘building under construction’. Cybersecurity is one of the seven thematic baskets that make up Internet governance study, together with infrastructure and standardisation, development, legal, sociocultural, economic, and human rights issues. Securing the online space and building trust in it requires a holistic view and comprehensive approach, involving all stakeholders, and requiring global cooperation. Where do you belong in this construction project?


January

2015

December 2014 S

7

M

T

W

T

F

S

1

2

3

4

5

6

8

9

10 11 12 13

Sunday

Monday

Tuesday

Wednesday

14 15 16 17 18 19 20

Thursday

Friday

Saturday

1

2

3

21 22 23 24 25 26 27 28 29 30 31

February S

M

T

W

T

F

S

1

2

3

4

5

6

7

8

9

10 11 12 13 14

15 16 17 18 19 20 21 22 23 24 25 26 27 28

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31


Balancing security and human rights

Ideally, one should achieve both more security and protection of human rights. If it is not possible which one should weight more: security or human rights? Often, these two fields are addressed separately in their respective silos. Protection of human rights is not only a value-based priority, however; it is also a very practical tool for ensuring that the Internet remains open and secure. Individual Internet users are the pillars of cybersecurity; greater awareness, hygiene, digital literacy, and smart use can contribute to both security and respect of human rights.


February

2015

January S

4

M

5

T

6

W

7

T

F

S

1

2

3

8

9

10

11 12 13 14 15 16 17

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

18 19 20 21 22 23 24 25 26 27 28 29 30 31

March S

M

T

W

T

F

S

1

2

3

4

5

6

7

8

9

10 11 12 13 14

15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31


Strengthening the weakest link

Guess what the weakest link is in cybersecurity? Humans! The majority of cyber-incidents are enabled by intrusion into systems, thanks to the psychological manipulation of users to divulge confidential information (accounts or information about the company or institution). The solution is organisational rather than technical: institutions need clear organisational and security policies. There are numerous standards available, yet most of them are not implemented. Education is equally important.


March

2015

February S

M

T

W

T

F

S

1

2

3

4

5

6

7

8

9

10 11 12 13 14

15 16 17 18 19 20 21

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

22 23 24 25 26 27 28

April S

5

M

6

T

7

W

T

F

S

1

2

3

4

8

9

10 11

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30


Digital hygiene

Securing your computer is no different from securing your health: along with regular personal hygiene and medical check-ups, perform digital hygiene and check-ups as well. Good digital hygiene includes: • Maintain your computer and network firewall. • Scan your system with an antivirus software and update your antivirus database. • Update the software and operative system on all your devices. • Change your passwords occasionally. • Use digital signatures and cryptographic tools. • Back up your files.


April

2015

March S

M

T

W

T

F

S

1

2

3

4

5

6

7

8

9

10 11 12 13 14

Sunday

Monday

Tuesday

15 16 17 18 19 20 21

Wednesday

Thursday

Friday

Saturday

1

2

3

4

22 23 24 25 26 27 28 29 30 31

May S

3

M

4

T

5

W

6

T

7

F

S

1

2

8

9

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24/ 31

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

25 26 27 28 29 30


Securing the Cloud

Ever heard of the Cloud? Recognise Gmail, Facebook, YouTube? They all store your data on servers around the world - in the Cloud. The Cloud is also a very convenient solution for corporations when it comes to renting data storage and computing power. Cloud hosting providers take responsibility for security of their clients’ data and applications, thus taking control out of their clients’ hands. How secure is the Cloud you use? Make sure you check the security standards your Cloud provider follows, and have very clear service-level agreements.


May

2015

April S

5

M

6

T

7

W

T

F

S

1

2

3

4

8

9

10 11

Sunday

Monday

Tuesday

Wednesday

Thursday

12 13 14 15 16 17 18

Friday

Saturday

1

2

19 20 21 22 23 24 25 26 27 28 29 30

June S

7

M

T

W

T

F

S

1

2

3

4

5

6

8

9

10 11 12 13

14 15 16 17 18 19 20 21 22 23 24 25 26 27

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

25

26

27

28

29

30

28 29 30

24/

31


Avoiding botnets

Bots are ordinary computers infected by malware and then hijacked and turned into zombies (roBOTs): while they seem to work normally, in the background they perform commands given by remote bot-masters. These bots are then organised into large global networks - botnets - to spread malware or spam, perform fraud, or issue denial of service (DoS) attacks, etc. Some botnets consist of tens of millions of bots. Researchers estimate that more than 5 percent of computers are acting as malicious bots at any given moment. Is your computer among them?


June

2015

May S

3

M

4

T

5

W

6

T

7

F

S

1

2

8

9

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24/ 31

25 26 27 28 29 30

July S

5

M

6

T

7

W

T

F

S

1

2

3

4

8

9

10 11

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31


Surviving a DDoS attack

Imagine hearing ‘knock-knock’ on all the windows and doors in your house at the same time - how would you know which one to respond to first and how. A server receiving excessive loads of data packages can also get confused and stuck. Often, such a denial of service (DoS) is caused by perpetrators sending useless packages - like garbage - to a server, forcing it out of order until it goes through all the garbage. If a DoS is performed by sending garbage from various locations (e.g. by using botnets), the attack is known as a ‘distributed DoS’ (DDoS). Developing incident response teams can help surviving a DDoS attack.


July

2015

June S

7

M

T

W

T

F

S

1

2

3

4

5

6

8

9

10 11 12 13

Sunday

Monday

Tuesday

14 15 16 17 18 19 20

Wednesday

Thursday

Friday

Saturday

1

2

3

4

21 22 23 24 25 26 27 28 29 30

August S

M

T

W

T

F

S

1 2

3

4

5

6

7

9

10 11 12 13 14 15

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

8

16 17 18 19 20 21 22 23/ 24/ 30 31

5

25 26 27 28 29


Combating cybercrime

Cybercrime includes traditional crimes conducted through cyberspace (like frauds and dark markets), crimes that have evolved due to technology (e.g. credit card frauds and child abuse), and new crimes that have emerged with the Internet (e.g. DoS attacks and Pay per click frauds). Criminals are well connected, but anonymous and leaving barely traceable footprints. Combating cybercrime requires intensive cross-border cooperation by law enforcement authorities - yet there are many obstacles to cooperation: political, bureaucratic and legal, as well as lack of skills.


August

2015

July S

5

M

6

T

7

W

T

F

S

1

2

3

4

8

9

10 11

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

1

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

September S

6

M

7

T

W

T

F

S

1

2

3

4

5

8

9

10 11

12

13 14 15 16 17 18 19 20 21 22 23 24 25 26

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

25

26

27

28

29

27 28 29 30

24/ 31 30

23/


Child safety

Many kids today are more computer literate than adults but while they may know more, they understand less. Unfortunately, parents often don’t realise the threats posed to children in cyberspace. Cyberspace, however, is just an extension of a physical world - real persons are behind virtual identities, and virtual acts can result in real-world consequences. Both parents and kids - as well as educators - need to be more aware of risk and prevention practices. The Internet has opened a world of many good things, but there are bad things lurking on the Web, too.


September

2015

August S

M

T

W

T

F

S

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

1 2

3

4

5

6

7

8

9

10 11 12 13 14 15

1

2

3

4

5

16 17 18 19 20 21 22 23/ 24/ 30 31

25 26 27 28 29

October S

4

M

5

T

6

W

7

T

F

S

1

2

3

8

9

10

11 12 13 14 15 16 17 18 19 20 21 22 23 24

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

25 26 27 28 29 30 31


Cyber-weapons: warfare2.0?

With society’s increasing (and irreversible) dependence on the Internet, strategic targets – including critical infrastructure - are becoming vulnerable from cyberspace. A malware infection in the computer system of a power plant or a traffic control centre can open the door to manipulation by a third party. A DDoS attack on a major e-government or military server can bring the whole system down. The future of warfare might be very different. A more secure and trustworthy cyberspace leaves less room for use of cyber-weapons.


October

2015

September S

6

M

7

T

W

T

F

S

1

2

3

4

5

8

9

10 11

12

Sunday

Monday

Tuesday

Wednesday

13 14 15 16 17 18 19

Thursday

Friday

Saturday

1

2

3

20 21 22 23 24 25 26 27 28 29 30

November S

M

T

W

T

F

S

1

2

3

4

5

6

7

8

9

10 11 12 13 14

15 16 17 18 19 20 21 22 23 24 25 26 27 28

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

29 30


Incident response

What happens if servers and computer networks of major national services - like e-government, power grids or banking - are attacked from a cyber-space (by criminals, hactivists or terrorists)? Each country should have a national Computer Emergency Response Team (CERT) to prevent and respond to incidents. CERTs analyse risks and vulnerabilities, provide advice, assist with response and investigation, act as a platform for information sharing and public-private partnerships, contribute to awareness raising and act as point of contact for international cooperation.


November

2015

October S

4

M

5

T

6

W

7

T

F

S

1

2

3

8

9

10

11 12 13 14 15 16 17

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

18 19 20 21 22 23 24 25 26 27 28 29 30 31

December S

6

M

7

T

W

T

F

S

1

2

3

4

5

8

9

10 11

12

13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31


Collective responsibility

Cybersecurity requires cooperation from all stakeholders. End-users and civil society should increase awareness, develop good digital hygiene and cybersecurity culture, and safeguard a balanced approach to security with respect to human rights. The corporate sector should enhance efforts in incident reporting, and invest in awareness raising and capacity building (especially among small and medium enterprises). Governments should support inclusive and multistakeholder policy processes, invest in evidence-based policy-making, raising awareness and building capacities.


December

2015

November S

M

T

W

T

F

S

1

2

3

4

5

6

7

8

9

10 11 12 13 14

Sunday

Monday

15 16 17 18 19 20 21

Tuesday

Wednesday

Thursday

Friday

Saturday

1

2

3

4

5

22 23 24 25 26 27 28 29 30

January 2016 S

3

M

4

T

5

W

6

T

7

F

S

1

2

8

9

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24/ 31

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

25 26 27 28 29 30


DiploFoundation is a non-profit organisation which works towards inclusive and effective diplomacy. It was established in 2002 by the governments of Malta and Switzerland. Diplo’s activities revolve around, and feed into, our focus on education, training, and capacity building: P Courses: We offer postgraduate-level academic courses and training workshops on a variety of diplomacy-related topics for diplomats, civil servants, staff of international organisations and NGOs, and students of international relations. Our courses are delivered through online and blended learning. P Capacity building: With the support of donor and partner agencies, we offer capacity-building programmes for participants from developing countries in a number of topics including Internet Governance, Human Rights, Public Diplomacy and Advocacy, and Health Diplomacy. P Research: Through our research and conferences, we investigate topics related to diplomacy, Internet governance, and online learning. P Publications: Our publications range from the examination of contemporary developments in diplomacy to new analyses of traditional aspects of diplomacy. P Software development: We have created a set of software applications custom designed for diplomats and others who work in international relations. We also excel in the development of online learning platforms. Diplo is based in Malta, with offices in Geneva and Belgrade. For more information about Diplo, visit http://www.diplomacy.edu

Malta Anutruf, Ground Floor, Hriereb Street Msida, MSD 1675 Tel. +356 21 333 323, Fax +356 21 315 574

Belgrade Gavrila P. 44a/33, Address Code 112410 11000 Belgrade, Serbia Tel. +381 11 761 46 09, Fax +381 11 761 47 01

Geneva 7bis, Avenue de la Paix CH-1211 Geneva, Switzerland Tel. +41 22 907 36 30

http://www.diplomacy.edu/cybersecurity

The concepts for illustrations in this calendar have been developed by Vladimir Radunović and Jovan Kurbalija. The illustrator is Vladimir Veljašević. The copyright for illustrations is held by DiploFoundation. Diplo encourages the use of the illustrations for educational and other non-commercial purposes. If you are interested in using the illustrations, please contact diplo@diplomacy.edu


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.