GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Topic
Next Topic

2.3. Norms, confidence building measures, and capacity building

GFCE Cybersecurity Knowledge Modules 2. Towards an international agreement 2.3. Norms, confidence building measures, and capacity building

2.3.1. Voluntary norms

🎯What are the norms?

🎯How do they interplay with international law?

🎯How to implement them across African states?

Norms present standards of behaviour, shaped through terms of rights and obligations. Though non-binding, they reflect expectations, increase predictability, reduce risks of misperceptions, and contribute to conflict prevention.

International Cyber Norms (Prof. Cy Burr)Download

Illustrations: Professor Cy Burr’s Graphic Guide to: INTERNATIONAL CYBER NORMS (Source: New America)

While not replacing binding obligations of states under international law, norms and principles agreed on by the UNGA have the highest authority. In the context of cyberspace, norms are particularly important for peacetime operations to address aspects that are not sufficiently or clearly covered by existing international law.

The Framework outlines and elaborates on 11 norms for responsible state behaviour in cyberspace (figure).

Figure: Eleven UN norms for responsible state behaviour in cyberspace adopted by the UN GGE in 2015 (Source: ASPI)

Case study

Putting Cyber Norms in Practice: Implementing the UN GGE 2015 recommendations through national strategies and policies”, a report written by Mika Kerttunen and Eneken Tikk, commissioned by the GFCE with support from the UK FCDO through the Global CCB Research Agenda 2021 process, provides a number of case studies to showcase approaches that can be, and have been, adopted to implement norms of responsible state behaviour which are part of the Framework. The guide includes notable examples from African countries as well.

Mauritius, for instance, has undertaken a number of steps towards stopping crime and terrorism, which have directly contributed to implementing the UN GGE norm on cooperating to stop crime and terrorism (13(d)). Major steps include: Prevention of Terrorism Act (2002) has included information systems in the description of terrorism acts; Computer Misuse and Cybercrime Act” has defined cybercrimes (2003); Mutual Assistance in Criminal and Related Matters Act (2003) which sets the basis for international cooperation; National Cyber Security Strategy (2014) prioritised defence against cybercrime; Cybercrime Strategy (2017) calls for more effective law enforcement and criminal justice response, emphasises the harmonisation of legal frameworks in its anti-cybercrime approach, and sets working with international counterparts as one of the seven goals; Mauritian Cybercrime Online Reporting System (MAUCORS) was designed to facilitate secure online cybercrime reporting and develop a better understanding of the cybercrime affecting citizens. Kenya is another good example of contributing to this norm, as it is a member of the Commonwealth, Harare Scheme and London Scheme relating to Mutual legal assistance in criminal Matters within the Commonwealth.

Notable examples of contributions to the implementation of the norm related to interstate cooperation on cybersecurity (13(a)) are the Economic Community of West African States (ECOWAS) Regional Cybersecurity and Cybercrime Strategy (2021), and the South African National Cybersecurity Policy Framework (2015). Norm related to respect human rights and privacy (13(e)) is moved forward by the parliament of the Ivory Coast, which recognised and affirmed that access to the Internet and to electronic communication networks is a fundamental human right and a universal good. Similarly, Ghana Cybersecurity Act which facilitates the cooperation between the national CERT with CERTs from other countries contributes to the norm related to not harming the emergency response teams (13(k)).

(page 1/3)

Previous Topic
Back to Lesson
Next Topic
Pages: 1 2 3

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content