GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Topic
Next Lesson

3.4. Multistakeholder efforts

GFCE Cybersecurity Knowledge Modules 3. International cooperation 3.4. Multistakeholder efforts

🎯 What is the value of multistakeholder discussions for cyber diplomacy efforts?

🎯 Which are the most relevant multistakeholder fora that African states should be engaged with?

3.4.1. Internet Governance Forum

The UN Internet Governance Forum (IGF) is a non-decision-making forum that involves a variety of stakeholders to openly discuss internet governance issues, including security and privacy. While the IGF does not make decisions or recommendations, it provides the opportunity for open dialogue and partnership, the exchange of information, and useful voluntary policy guidance through the Best Practice Forum (BPF) on Cybersecurity, the Dynamic Coalition (DC) on Internet Standards, Security and Safety (DC-ISSS), and reports from the thematic sessions held each year. In addition, the secretary general’s Roadmap for Digital Cooperation envisages a strengthened role for the IGF (the so-called IGF+) in global digital cooperation and the establishment of a high-level multistakeholder body within the IGF, which will work on translating discussions into impact, increasing the importance of the IGF for coordinated discussions on cybersecurity.

BPFs offer substantive ways for the IGF community to produce more concrete outcomes. Through open dialogue and exchange, BPF Cybersecurity has developed a number of relevant reports:

Case study

African Internet Governance Forum (AfIGF) was officially recognized by ICT Ministers as a necessary continental platform, with the Secretariat hosted by the AUC. It organises annual events to discuss a broad range of internet governance issues, including cybersecurity, in a multistakeholder format. In addition, all the five regions of Africa have established subregional IGFs, in order to bring together national IGFs, and promote local policy dialogues. According to the UN IGF, 30 African countries have established their national IGFs.

3.4.2. The GFCE

The Global Forum on Cyber Expertise (GFCE) is a platform joined by 60 countries and many international and regional organisations, companies, and civil society organisations to collaborate on capacity building in cybersecurity. The Delhi Communiqué on a GFCE Global Agenda for Cyber Capacity Building, adopted in 2017, set several priority areas for global capacity building and enabled the GFCE to create corresponding thematic working groups for the cooperation of its members and partners. These priority areas include developing national frameworks, incident response and protection of the CI, combating cybercrime, and developing cybersecurity culture and skills. In addition, the GFCE aims to establish a ‘clearing house mechanism’ to enable its members to get any support needed from other members. To map its work and available global knowledge, resources, and capacity-building activities in the field of cybersecurity, the GFCE launched its CyBil knowledge portal.

3.4.3. Paris Call

Together with the French government, Microsoft launched the Paris Call for Trust and Security in Cyberspace, a high-level declaration on the development of common principles for securing cyberspace. The Paris Call was signed by over 80 countries and over 1000 businesses and organisations worldwide. The Call affirmed the importance of voluntary norms of responsible state behaviour to cybersecurity, drawing on the 2015 GGE norms and the GCSC norms.

3.4.4. The GCSC

The Global Commission on the Stability of Cyberspace (GCSC), a multistakeholder think tank established in 2015, proposed a set of new norms for consideration by various forums, such as the GGE. The proposals include the Call to Protect the Public Core of the Internet, a Call to Protect Electoral Infrastructure, and the Singapore Package of six norms that ask states to avoid tampering with products, to create vulnerability equities processes and mitigate significant vulnerabilities, to enhance cyber hygiene, and to abstain from using botnets or driving offensive operations through non-state actors. These norms are intended to be complementary to norms developed within the context of the UN.

3.4.5. The FOC

Freedom Online Coalition (FOC) works on raising the profile of human rights as an integral consideration in cybersecurity policymaking. The FOC has issued a Joint Statement on a Human Rights Based Approach to Cybersecurity Policy Making, and provided a definition of cybersecurity as ‘the preservation – through policy, technology, and education – of the availability, confidentiality and integrity of information and its underlying infrastructure so as to enhance the security of persons both online and offline.’

Previous Topic
Back to Lesson
Next Lesson

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content