CYBERSECURITY
2015
Cybersecurity: a holistic approach
Cybersecurity is an important building block of the Internet governance ‘building under construction’. Cybersecurity is one of the seven thematic baskets that make up Internet governance study, together with infrastructure and standardisation, development, legal, sociocultural, economic, and human rights issues. Securing the online space and building trust in it requires a holistic view and comprehensive approach, involving all stakeholders, and requiring global cooperation. Where do you belong in this construction project?
January
2015
December 2014 S
7
M
T
W
T
F
S
1
2
3
4
5
6
8
9
10 11 12 13
Sunday
Monday
Tuesday
Wednesday
14 15 16 17 18 19 20
Thursday
Friday
Saturday
1
2
3
21 22 23 24 25 26 27 28 29 30 31
February S
M
T
W
T
F
S
1
2
3
4
5
6
7
8
9
10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Balancing security and human rights
Ideally, one should achieve both more security and protection of human rights. If it is not possible which one should weight more: security or human rights? Often, these two fields are addressed separately in their respective silos. Protection of human rights is not only a value-based priority, however; it is also a very practical tool for ensuring that the Internet remains open and secure. Individual Internet users are the pillars of cybersecurity; greater awareness, hygiene, digital literacy, and smart use can contribute to both security and respect of human rights.
February
2015
January S
4
M
5
T
6
W
7
T
F
S
1
2
3
8
9
10
11 12 13 14 15 16 17
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
18 19 20 21 22 23 24 25 26 27 28 29 30 31
March S
M
T
W
T
F
S
1
2
3
4
5
6
7
8
9
10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Strengthening the weakest link
Guess what the weakest link is in cybersecurity? Humans! The majority of cyber-incidents are enabled by intrusion into systems, thanks to the psychological manipulation of users to divulge confidential information (accounts or information about the company or institution). The solution is organisational rather than technical: institutions need clear organisational and security policies. There are numerous standards available, yet most of them are not implemented. Education is equally important.
March
2015
February S
M
T
W
T
F
S
1
2
3
4
5
6
7
8
9
10 11 12 13 14
15 16 17 18 19 20 21
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
22 23 24 25 26 27 28
April S
5
M
6
T
7
W
T
F
S
1
2
3
4
8
9
10 11
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Digital hygiene
Securing your computer is no different from securing your health: along with regular personal hygiene and medical check-ups, perform digital hygiene and check-ups as well. Good digital hygiene includes: • Maintain your computer and network firewall. • Scan your system with an antivirus software and update your antivirus database. • Update the software and operative system on all your devices. • Change your passwords occasionally. • Use digital signatures and cryptographic tools. • Back up your files.
April
2015
March S
M
T
W
T
F
S
1
2
3
4
5
6
7
8
9
10 11 12 13 14
Sunday
Monday
Tuesday
15 16 17 18 19 20 21
Wednesday
Thursday
Friday
Saturday
1
2
3
4
22 23 24 25 26 27 28 29 30 31
May S
3
M
4
T
5
W
6
T
7
F
S
1
2
8
9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24/ 31
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
25 26 27 28 29 30
Securing the Cloud
Ever heard of the Cloud? Recognise Gmail, Facebook, YouTube? They all store your data on servers around the world - in the Cloud. The Cloud is also a very convenient solution for corporations when it comes to renting data storage and computing power. Cloud hosting providers take responsibility for security of their clients’ data and applications, thus taking control out of their clients’ hands. How secure is the Cloud you use? Make sure you check the security standards your Cloud provider follows, and have very clear service-level agreements.
May
2015
April S
5
M
6
T
7
W
T
F
S
1
2
3
4
8
9
10 11
Sunday
Monday
Tuesday
Wednesday
Thursday
12 13 14 15 16 17 18
Friday
Saturday
1
2
19 20 21 22 23 24 25 26 27 28 29 30
June S
7
M
T
W
T
F
S
1
2
3
4
5
6
8
9
10 11 12 13
14 15 16 17 18 19 20 21 22 23 24 25 26 27
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
25
26
27
28
29
30
28 29 30
24/
31
Avoiding botnets
Bots are ordinary computers infected by malware and then hijacked and turned into zombies (roBOTs): while they seem to work normally, in the background they perform commands given by remote bot-masters. These bots are then organised into large global networks - botnets - to spread malware or spam, perform fraud, or issue denial of service (DoS) attacks, etc. Some botnets consist of tens of millions of bots. Researchers estimate that more than 5 percent of computers are acting as malicious bots at any given moment. Is your computer among them?
June
2015
May S
3
M
4
T
5
W
6
T
7
F
S
1
2
8
9
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24/ 31
25 26 27 28 29 30
July S
5
M
6
T
7
W
T
F
S
1
2
3
4
8
9
10 11
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Surviving a DDoS attack
Imagine hearing ‘knock-knock’ on all the windows and doors in your house at the same time - how would you know which one to respond to first and how. A server receiving excessive loads of data packages can also get confused and stuck. Often, such a denial of service (DoS) is caused by perpetrators sending useless packages - like garbage - to a server, forcing it out of order until it goes through all the garbage. If a DoS is performed by sending garbage from various locations (e.g. by using botnets), the attack is known as a ‘distributed DoS’ (DDoS). Developing incident response teams can help surviving a DDoS attack.
July
2015
June S
7
M
T
W
T
F
S
1
2
3
4
5
6
8
9
10 11 12 13
Sunday
Monday
Tuesday
14 15 16 17 18 19 20
Wednesday
Thursday
Friday
Saturday
1
2
3
4
21 22 23 24 25 26 27 28 29 30
August S
M
T
W
T
F
S
1 2
3
4
5
6
7
9
10 11 12 13 14 15
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
8
16 17 18 19 20 21 22 23/ 24/ 30 31
5
25 26 27 28 29
Combating cybercrime
Cybercrime includes traditional crimes conducted through cyberspace (like frauds and dark markets), crimes that have evolved due to technology (e.g. credit card frauds and child abuse), and new crimes that have emerged with the Internet (e.g. DoS attacks and Pay per click frauds). Criminals are well connected, but anonymous and leaving barely traceable footprints. Combating cybercrime requires intensive cross-border cooperation by law enforcement authorities - yet there are many obstacles to cooperation: political, bureaucratic and legal, as well as lack of skills.
August
2015
July S
5
M
6
T
7
W
T
F
S
1
2
3
4
8
9
10 11
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
1
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
September S
6
M
7
T
W
T
F
S
1
2
3
4
5
8
9
10 11
12
13 14 15 16 17 18 19 20 21 22 23 24 25 26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
25
26
27
28
29
27 28 29 30
24/ 31 30
23/
Child safety
Many kids today are more computer literate than adults but while they may know more, they understand less. Unfortunately, parents often don’t realise the threats posed to children in cyberspace. Cyberspace, however, is just an extension of a physical world - real persons are behind virtual identities, and virtual acts can result in real-world consequences. Both parents and kids - as well as educators - need to be more aware of risk and prevention practices. The Internet has opened a world of many good things, but there are bad things lurking on the Web, too.
September
2015
August S
M
T
W
T
F
S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
1 2
3
4
5
6
7
8
9
10 11 12 13 14 15
1
2
3
4
5
16 17 18 19 20 21 22 23/ 24/ 30 31
25 26 27 28 29
October S
4
M
5
T
6
W
7
T
F
S
1
2
3
8
9
10
11 12 13 14 15 16 17 18 19 20 21 22 23 24
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
25 26 27 28 29 30 31
Cyber-weapons: warfare2.0?
With society’s increasing (and irreversible) dependence on the Internet, strategic targets – including critical infrastructure - are becoming vulnerable from cyberspace. A malware infection in the computer system of a power plant or a traffic control centre can open the door to manipulation by a third party. A DDoS attack on a major e-government or military server can bring the whole system down. The future of warfare might be very different. A more secure and trustworthy cyberspace leaves less room for use of cyber-weapons.
October
2015
September S
6
M
7
T
W
T
F
S
1
2
3
4
5
8
9
10 11
12
Sunday
Monday
Tuesday
Wednesday
13 14 15 16 17 18 19
Thursday
Friday
Saturday
1
2
3
20 21 22 23 24 25 26 27 28 29 30
November S
M
T
W
T
F
S
1
2
3
4
5
6
7
8
9
10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
29 30
Incident response
What happens if servers and computer networks of major national services - like e-government, power grids or banking - are attacked from a cyber-space (by criminals, hactivists or terrorists)? Each country should have a national Computer Emergency Response Team (CERT) to prevent and respond to incidents. CERTs analyse risks and vulnerabilities, provide advice, assist with response and investigation, act as a platform for information sharing and public-private partnerships, contribute to awareness raising and act as point of contact for international cooperation.
November
2015
October S
4
M
5
T
6
W
7
T
F
S
1
2
3
8
9
10
11 12 13 14 15 16 17
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
18 19 20 21 22 23 24 25 26 27 28 29 30 31
December S
6
M
7
T
W
T
F
S
1
2
3
4
5
8
9
10 11
12
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Collective responsibility
Cybersecurity requires cooperation from all stakeholders. End-users and civil society should increase awareness, develop good digital hygiene and cybersecurity culture, and safeguard a balanced approach to security with respect to human rights. The corporate sector should enhance efforts in incident reporting, and invest in awareness raising and capacity building (especially among small and medium enterprises). Governments should support inclusive and multistakeholder policy processes, invest in evidence-based policy-making, raising awareness and building capacities.
December
2015
November S
M
T
W
T
F
S
1
2
3
4
5
6
7
8
9
10 11 12 13 14
Sunday
Monday
15 16 17 18 19 20 21
Tuesday
Wednesday
Thursday
Friday
Saturday
1
2
3
4
5
22 23 24 25 26 27 28 29 30
January 2016 S
3
M
4
T
5
W
6
T
7
F
S
1
2
8
9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24/ 31
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
25 26 27 28 29 30
DiploFoundation is a non-profit organisation which works towards inclusive and effective diplomacy. It was established in 2002 by the governments of Malta and Switzerland. Diplo’s activities revolve around, and feed into, our focus on education, training, and capacity building: P Courses: We offer postgraduate-level academic courses and training workshops on a variety of diplomacy-related topics for diplomats, civil servants, staff of international organisations and NGOs, and students of international relations. Our courses are delivered through online and blended learning. P Capacity building: With the support of donor and partner agencies, we offer capacity-building programmes for participants from developing countries in a number of topics including Internet Governance, Human Rights, Public Diplomacy and Advocacy, and Health Diplomacy. P Research: Through our research and conferences, we investigate topics related to diplomacy, Internet governance, and online learning. P Publications: Our publications range from the examination of contemporary developments in diplomacy to new analyses of traditional aspects of diplomacy. P Software development: We have created a set of software applications custom designed for diplomats and others who work in international relations. We also excel in the development of online learning platforms. Diplo is based in Malta, with offices in Geneva and Belgrade. For more information about Diplo, visit http://www.diplomacy.edu
Malta Anutruf, Ground Floor, Hriereb Street Msida, MSD 1675 Tel. +356 21 333 323, Fax +356 21 315 574
Belgrade Gavrila P. 44a/33, Address Code 112410 11000 Belgrade, Serbia Tel. +381 11 761 46 09, Fax +381 11 761 47 01
Geneva 7bis, Avenue de la Paix CH-1211 Geneva, Switzerland Tel. +41 22 907 36 30
http://www.diplomacy.edu/cybersecurity
The concepts for illustrations in this calendar have been developed by Vladimir Radunović and Jovan Kurbalija. The illustrator is Vladimir Veljašević. The copyright for illustrations is held by DiploFoundation. Diplo encourages the use of the illustrations for educational and other non-commercial purposes. If you are interested in using the illustrations, please contact diplo@diplomacy.edu