GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Lesson
Next Lesson

5. Main takeaways

GFCE Cybersecurity Knowledge Modules 5. Main takeaways

Congratulations, you have reached the end of the module. In the concluding part, we will reflect on the key takeaways from this module.

  • Cyber-attacks against critical systems and components of society can cause severe disruptions to a digitalised nation’s economy and security. A combination of high-impact operations conducted remotely, with relatively high deniability, make them suitable for hybrid warfare, especially in ‘peace-time’ (short of an open conflict). 
  • UN recognises the risks from increasing cyber-armament of states – that is, development of offensive cyber capabilities. Cyber is increasingly recognised by states as a new military domain, along with land, sea, air, and space. This, in turn, brings dangers of escalations of cyber-attacks into conflict with cyber, and other conventional means. 
  • Over two decades ago it became clear there is a need for certain ‘rules of the road’ related to the use of cyber-attacks, and their implications for international peace and security. Since 2004, the dialogue has been ongoing within the UN – and brought (some) results.
  • The international framework of responsible state behaviour in cyberspace is based on the agreements of several rounds of the Group of Governmental Experts (GGE) and one Open-ended Working Group (OEWG), which were subsequently endorsed by the UN General Assembly. Even though non-binding, the framework creates a basis for predictability and holds states accountable for their actions in cyberspace.
  • Within the framework, states have agreed that the existing international law and the UN Charter apply to cyberspace, and that the international humanitarian law applies in cases of conflict. The framework outlines a number of cyber-norms that define what states should and should not do, confidence building measures which encourage states to exchange information and cooperate in preventing misunderstanding that could lead to escalations, and capacity building principles. The framework also sets the next steps in the institutional dialogue under the UN.
  • There are, however, many open issues to be resolved still. In particular, how the international law applies in terms of understanding of what constitutes armed attack in cyberspace, in which cases the right to self-defence applies – and how it can be operationalised, how to monitor the adherence of states to the agreed norms, how to hold countries accountable for cyber attacks having in mind great complexities with attribution, how to better engage other stakeholders, and whether new norms – or an international treaty – are needed.
  • Several regional organisations have developed their own strategies and measures, that address regional specificities, and have found ways to ensure that states commit to the global framework. Africa, however, needs to enhance its regional cooperation on this matter. 
  • In practice, cyberspace is mainly owned, managed and used by the private sector, while civil society (including technical and academic community) possess in-depth understanding of how it works and impacts the society, and operates vast global communities that shape the development and use of the internet. It is therefore essential that other stakeholders are involved in shaping and implementing cyber-norms and agreements. Number of global and regional multistakeholder initiatives exist that are of particular relevance, such as the UN Internet Governance Forum, and the GFCE
  • Cyber diplomacy is a key element for reaching global agreements, and implementing them. On the one hand, states have to develop cyber diplomacy capacities and structures within public institutions, and particularly the Ministries of foreign affairs. On the other, civil society and the private sector also needs to be involved and prepared for participating in global processes, and working with the officials on applicability of international law, and shaping and implementing norms and principles. 
  • Finally, it is important to note that cyber diplomacy is not only about cybersecurity, but needs to address challenges holistically. Cyber diplomats, therefore, should equally address digital aspects of economic development and human rights – and the cross-links between those three dimensions.

Reflection point

What are your main take-aways from this knowledge module – important points that are not included above?

Previous Lesson
Back to Course
Next Lesson

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content