• Log In
  • COVID-19
  • Projects
      • Geneva Internet Platform (GIP)
      • Digital Watch
      • ConfTech: From onsite to online
      • Geneva Engage
      • Geneva Dialogue
      • Innovation Hubs
      • Civil Society in Internet Governance
      • Asia-Europe Public Diplomacy
      • RightOn
      • Past Projects
  • Topics
      • COVID-19
      • AI and Diplomacy
      • Future of Meetings
      • Data and Diplomacy
      • Digital Diplomacy
      • Cybermediation
      • Digital Foreign Policy
      • Cybersecurity
      • History of Diplomacy and Technology
      • Internet Governance and Digital Policy
      • Diplomacy of Small States
      • E-commerce
      • Intercultural Communication
      • Language and Diplomacy
      • Diplomatic Reporting
  • Courses
      • Classroom Login
      • Course Catalogue
      • Master in Contemporary Diplomacy
      • Advanced Diploma in IG
      • Learning with Diplo
      • Training Solutions for MFAs
      • Workshops
      • Faculty
      • Alumni Hub
      • Reviews
      • Dissertation Library
  • Events
      • Upcoming Events
      • Past Events
  • Resources
      • Diplo Blog
      • Webinars
      • Texts and Articles
      • Books and Publications
      • Book Reviews
      • Briefing Papers
      • DiploNews
      • Diplo News
      • Diplomacy Hub
      • Videos
      • Illustrations
      • Photos
  • About Us
      • About Diplo
      • Impact and Results
      • People
      • People
      • Partners
      • Finance and Funding
      • Press Releases
      • Diplo in the Media
      • Contact us
close× Call Us
close×

Breadcrumb

  1. Home
  2. Cybersecurity

Cybersecurity

Today’s headlines often feature the word ‘cyber’, reporting on threats related to the virtual world: online child abuse, stolen credit cards and virtual identities, malware and viruses, botnets and denial-of-service attacks on corporate or government servers, cyber-espionage, and cyber-attacks on critical infrastructure.

Cybersecurity came into sharper focus with the rapid expansion of the Internet's user base. One side effect of the rapid integration of the Internet in almost all aspects of human activity is the increased vulnerability of modern society. Core services of modern society, such as communications, electric grids, transport systems, health services, and "smart cities", are increasingly dependent on the Internet. They are frequent targets of cyber-attacks.

What are the real cybersecurity challenges? What is the role of diplomacy, international legal instruments, and regional and national policies in addressing these threats, and how efficient are they? How does international cooperation in cybersecurity work, and what are the roles of the various stakeholders?

Diplo focuses on these and other related questions through online and in situ courses, awareness-raising sessions and events, evidence-based analysis, policy research, illustrations, videos and other visuals. At the same time, the GIP Digital Watch observatory, operated by DiploFoundation, maintains regular updates on cybersecurity issues, actors, processes and mechanisms.

 

Featured: Comic "The secret life of a cyber vulnerability"

This new comic brings a worrying, yet realistic and educative story that follows a life of a digital vulnerability, from its inception to its deployment for an actual cyberattack. Vulnerabilities are one of the main components of cyber-weapons, used equally for warfare, crime, terrorist or other attacks. Instead of being mitigated, they are often traded, stockpiled and used for attacks. In essence, the comic book discusses responsibility of various stakeholders – governments, private sector, end users – for global cyber(in)security. Read more in our research and publications section.

Holistic approach to cybersecurity

Current situation and challenges

Cybersecurity has come to the forefront of the international diplomatic and political agenda in United Nations committees, the North Atlantic Treaty Organization (NATO), the International Telecommunication Union (ITU), the Council of Europe (CoE), the Organisation for Economic Co-operation and Development (OECD), the Organization for Security and Co-operation in Europe (OSCE), the Commonwealth, the Group of Eight (G8), and the Group of Twenty (G20), to name just a few of the most important fora. In the meantime, attention to the possibility of cyber-war swings from hype to lack of attention, due to wide ignorance. Collective responsibilityCybercrime, which is often part of our real life experience, is dealt with through a number of international processes, as the judicial and law enforcement authorities cooperate across borders. Many countries have adopted national cybersecurity strategies and related legislation. A growing number of countries have set up national mechanisms for response to cyber-incidents (mainly in form of CERT or CSIRT), involving government as well as the corporate, academic, and NGO sectors. Some have declared ‘cyber’ as the fifth military domain, and have set up defensive and offensive cyber-commands within their armies.

Nevertheless, the risks are increasingly sophisticated, while the groups interested in exploiting cyberspace vulnerabilities have extended from underground communities of ‘black-hat’ hackers to global and well-organised criminal and terrorist groups, government security services, and defence forces. To make things more complicated, most of the Internet infrastructure and services are privately owned, with operators scattered around different global jurisdictions.

Current situation and challenges

Cybersecurity has come to the forefront of the international diplomatic and political agenda in United Nations committees, the North Atlantic Treaty Organization (NATO), the International Telecommunication Union (ITU), the Council of Europe (CoE), the Organisation for Economic Co-operation and Development (OECD), the Organization for Security and Co-operation in Europe (OSCE), the Commonwealth, the Group of Eight (G8), and the Group of Twenty (G20), to name just a few of the most important fora. In the meantime, attention to the possibility of cyber-war swings from hype to lack of attention, due to wide ignorance. Collective responsibilityCybercrime, which is often part of our real life experience, is dealt with through a number of international processes, as the judicial and law enforcement authorities cooperate across borders. Many countries have adopted national cybersecurity strategies and related legislation. A growing number of countries have set up national mechanisms for response to cyber-incidents (mainly in form of CERT or CSIRT), involving government as well as the corporate, academic, and NGO sectors. Some have declared ‘cyber’ as the fifth military domain, and have set up defensive and offensive cyber-commands within their armies.

Nevertheless, the risks are increasingly sophisticated, while the groups interested in exploiting cyberspace vulnerabilities have extended from underground communities of ‘black-hat’ hackers to global and well-organised criminal and terrorist groups, government security services, and defence forces. To make things more complicated, most of the Internet infrastructure and services are privately owned, with operators scattered around different global jurisdictions.

Multidisciplinary and multistakeholder response

A meaningful systematic response to cybersecurity risks depends on a deep understanding of the multidisciplinary aspects of cyberspace: the nexus of technology, law, psychology, sociology, economy, political science, and diplomacy. Cybersecurity framework includes policy principles, instruments, and institutions dealing with cybersecurity. Thematically, it is an umbrella concept covering:

  • Network security (including technical measures, organisational policies, standards and incident response)
  • Cybercrime (including emerging challenges and frameworks to combating cybercrime)
  • Internet safety (including user safety challenges and particularly child online protection)
  • Critical infrastructure and resources  (including security of the critical infrastructure, and critical Internet resources)
  • Cyber-conflicts and cyber-norms (including challenges, application of international law to cyberspace, and main processes)
  • Terrorist use of the Internet (including tools, targets and frameworks for combating terrorism)

Setting up national and international cybersecurity policies and mechanisms, however, requires looking at a broader context, primarily the links of security with economic development (including innovations, e-commerce and intellectual property rights), human rights (including privacy, online freedoms and trust), and Internet governance in general.

The efficiency of the response further depends on partnerships among stakeholders that can contribute to reducing the risks:

  • government and regulatory authorities with their ability to create a legal, regulatory, and policy environment for cybersecurity;
  • judicial institutions and law enforcement authorities with their competences and responsibility for criminal prosecution and cross-border cooperation mechanisms;
  • the private sector and technical communities with their expertise and de-facto control over the majority of infrastructure, services, and standards;
  • non-governmental organisations and academia with their knowledge, networks, and capacity to reach out to end-users and alert them about the misuse of cyberspace.
Expand

Capacity building

Comprehensive approach to capacity building

DiploFoundation plans, prepares and implements capacity building programmes in cybersecurity policy. The sustainability of capacity building requires moving beyond using the term as a political buzzword and employing disconnected sets of simple training sessions, short workshops, or events, to include building institutional, organisational, system, and networking capacities to deal with cybersecurity and the digital environment.

Our capacity building approach addresses both hard and soft capacities - from specialised knowledge and know-how to operational and adaptive capacities. It combines professional and academic online courses and in-situ training, coaching and support, policy immersion and research, webinars and remote participation at events, as well as community facilitation. In these activities, Diplo involves number of experts and lecturers from its own Faculty, as well as from its Partners. Diplo's online community gathers over 1600 alumni and associates from all over the world.

Comprehensive approach to capacity building

DiploFoundation plans, prepares and implements capacity building programmes in cybersecurity policy. The sustainability of capacity building requires moving beyond using the term as a political buzzword and employing disconnected sets of simple training sessions, short workshops, or events, to include building institutional, organisational, system, and networking capacities to deal with cybersecurity and the digital environment.

Our capacity building approach addresses both hard and soft capacities - from specialised knowledge and know-how to operational and adaptive capacities. It combines professional and academic online courses and in-situ training, coaching and support, policy immersion and research, webinars and remote participation at events, as well as community facilitation. In these activities, Diplo involves number of experts and lecturers from its own Faculty, as well as from its Partners. Diplo's online community gathers over 1600 alumni and associates from all over the world.

Capacity building portfolio

Online activities

Highly interactive online course bringing a group of 15-25 professionals together, with facilitation of certified online tutors and contributions from renown experts in field, as well as short webinars:

  • Annual professional online course in cybersecurity
  • Annual academic online course in cybersecurity (as a single course or within the post-graduate programme in contemporary diplomacy), accredited by the University of Malta
  • Customised online courses in cybersecurity in cooperation and with support of partner institutions (such as for South-Eastern Europe)
  • Dedicated thematic webinars (such as for diplomats, on cyber-norms or on policy trends in building cybersecurity competences)

In-situ activities

Customised in-situ activities involving thematic lectures and discussions, skills building, process simulations, and technical show-cases:

  • Training for youth professionals (such as for Western Balkans)
  • Training for diplomats (such as Asia Cyber Diplomacy Workshop "Diplomacy: Between Tradition and Innovation", or course on "Internet Governance" for Geneva permanent missions)
  • Awareness-raising and training events for diplomats (dedicated cybersecurity days such as "Fighting Cybercrime through closer International Cooperation" and "Cybersecurity: a Strategic View"; Scenario simulation exercise organised during the OSCE Chairmanship Event on Effective Strategies to Cyber/ICT Security Threat; a luncheon event "Towards a secure cyberspace via regional cooperation" organised on the occasion of the second meeting of the 2016-2017 UN GGE)
  • Practical exercises in form of CyberLab, with simulations of cyber-attacks, visits to Dark Web, trying the BitCoin market and exploring the potentials and risks of 3D printing and Intenet of Things (such as that organised during the 22nd OSCE Ministerial Council and Vienna Cyber Diplomacy Day)

Research and mapping work

Policy research and mapping developments, processes, actors and instruments:

  • Mapping cybersecurity trends and developments, processes, actors and instruments, reports and sources within Digital Watch of the Geneva Internet Platform pages (general pages on cybersecurity, as well as dedicated pages such as for the UN GGE process)
  • Policy research work upon demand (see below)
  • Visualisation of key cybersecurity challenges for awareness-raising and educational purposes (see below)
Expand

From our blog

New Year’s in New York: A Crowded Cyber-Norms Playground (Part 2)

Vladimir Radunovic   04 Dec 2019   Diplo Blog

One could say that the wish list for cyber-peace was already written in 2015, when states agreed on some rules of behaviour in cyberspace - including that existing international law applies to it. Are we good to go? Not so fast. The devil is in the details: The positions of states on what exactly this means for various cases of cyber-attacks and accusations stand across the sides of the abyss. Geo-political tensions crumble the edges further.

0 comments

New Year’s in New York: A Crowded Cyber-Norms Playground (Part 1)

Vladimir Radunovic   04 Dec 2019   Diplo Blog

In December of last year, New York City was the place for diplomats to write a long list of New Year cyber-wishes, which came in the form of resolutions that established the first UN Open-Ended Working Group on Developments in the Field of ICTs in the Context of International Security (OEWG) and the sixth UN Group of Governmental Experts. A year later, it is time to show that they have put in the work to make these wishes come true. So far, so good.

0 comments

[Web discussion summary] Norms and confidence building measures (CBMs): Are we there yet?

Ilona Stadnik   02 Dec 2019   Webinars, Internet Governance

DiploFoundation, with the support of Microsoft, organised the Cyber-diplomacy web discussion: Norms and confidence building measures (CBMs): Are we there yet? This webinar was the fourth in a series of cyber-diplomacy web discussions, following the web discussions: Cyber-armament: A heavy impact on peace, economic development, and human rights; Applicability of international law to cyberspace: Do we know the rules of the road?; and, Traceability and attribution of cyber-attacks: How confidently can we point a finge

0 comments
  • Load More

Training and courses

Online Meetings and Conferences
Advanced Diploma in Internet Governance
Starting 26 July 2021
Master in Contemporary Diplomacy
Starting 24 January 2022
Cybersecurity
Starting 11 October 2021
Internet Technology and Policy
Starting 26 July 2021

Events

Cyber-diplomacy web discussion: Applicability of international law to cyberspace

7 November 2019  | online

October Online Courses

7 October 2019  | online

[Webinar] What is the role of the private sector towards a peaceful cyberspace?

19 December 2018  | online

[Webinar] What is the role of civil society and communities towards a peaceful cyberspace?

7 December 2018  | online

[Webinar] What is responsible behaviour in cyberspace?

25 October 2018  | Online

Geneva Dialogue on Responsible Behaviour in Cyberspace

1 October 2018 - 2 October 2018  | 

Information session: Geneva Dialogue on Responsible Behaviour in Cyberspace

3 July 2018  | Geneva, Switzerland; and online

Diplo & GIP at Geneva Cybersecurity Law & Policy Conference

21 June 2018  | Geneva, Switzerland

Books and publications

Peacetime Regime for State Activities in Cyberspace
Katharina Ziolkowski (ed)

Resources

The secret life of a cyber vulnerability
Cybersecurity competence building trends
Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities
  • Load More

Videos

Webinar: Cybersecurity for e diplomats hype and reality (2013)
DiploFoundation
Webinar: Cyber norms: Towards an inclusive dialogue
DiploFoundation
[Webinar] Opening back doors: encryption, privacy and security
DiploFoundation
Webinar: Opening back doors: encryption, privacy and security (2016)
DiploFoundation

Photos

Geneva Cybercrime Day 4
See the photo gallery
Geneva Cybercrime Day 1
See the photo gallery
Peace and security 1
See the photo gallery
CyberSec and Digital challenges Europe 4
See the photo gallery
Geneva Cybersecurity Day 7
See the photo gallery
Geneva Cybersecurity Day 6
See the photo gallery
Competence building 2
See the photo gallery
Asia Pacific Cyberdiplomacy Lecture 2
See the photo gallery

Research and publications

The secret life of a cyber vulnerability

 

Cyber-attacks of various purposes – for warfare or crimes, terrorism or political activism – commonly deploy the same types of cyber-weapons. Typically, (information about) a system vulnerability is embedded into a software code called ‘exploit’ to penetrate the digital system. Additional code, called ‘payload’, is added to cause specific action for a particular target (like putting down an industrial control system, or sniffing and exfiltrating sensitive data). Unlike in the physical space, vulnerabilities can be discovered (and exploits and payloads developed) by civilians and groups that possess particular knowledge, rather than vast (financial and human) resources, such as companies or states. Vulnerabilities discovered in various available software or hardware should be responsibly disclosed to the authors, in order to issue patches and secure the services provided. This, however, is not a common scenario. Instead, vulnerabilities are traded and developed into weapons by various parties – including governments; and ignored by many – including companies and end-users. The responsibility for global cyber(in)security is, therefore, shared. The comic brings a worrying, yet realistic and educative story that follows a life of a vulnerability, from its inception to its deployment for an actual cyberattack. Read online or download in PDF.

 

Towards a secure cyberspace via regional cooperation

 

The paper "Towards a secure cyberspace via regional cooperation", prepared by DiploFoundation in partnership with the Geneva Internet Platform (GIP) and with support of the Swiss Federal Department of Foreign Affairs (FDFA), provides an overview of the international dialogue on establishing the norms of state behaviour and confidence-building measures (CBMs) in cyberspace. It offers a comparative analysis of the leading international and regional political documents outlining cyber-norms, CBMs to reduce conflict stemming from the use of ICT, and capacity-building efforts to strengthen cooperation on cybersecurity. Consequently, it discusses how they could further influence each other, and notes several specific directions that further developments could take. Read the executive summary here or download full paper in PDF.

The secret life of a cyber vulnerability

 

Cyber-attacks of various purposes – for warfare or crimes, terrorism or political activism – commonly deploy the same types of cyber-weapons. Typically, (information about) a system vulnerability is embedded into a software code called ‘exploit’ to penetrate the digital system. Additional code, called ‘payload’, is added to cause specific action for a particular target (like putting down an industrial control system, or sniffing and exfiltrating sensitive data). Unlike in the physical space, vulnerabilities can be discovered (and exploits and payloads developed) by civilians and groups that possess particular knowledge, rather than vast (financial and human) resources, such as companies or states. Vulnerabilities discovered in various available software or hardware should be responsibly disclosed to the authors, in order to issue patches and secure the services provided. This, however, is not a common scenario. Instead, vulnerabilities are traded and developed into weapons by various parties – including governments; and ignored by many – including companies and end-users. The responsibility for global cyber(in)security is, therefore, shared. The comic brings a worrying, yet realistic and educative story that follows a life of a vulnerability, from its inception to its deployment for an actual cyberattack. Read online or download in PDF.

 

Towards a secure cyberspace via regional cooperation

 

The paper "Towards a secure cyberspace via regional cooperation", prepared by DiploFoundation in partnership with the Geneva Internet Platform (GIP) and with support of the Swiss Federal Department of Foreign Affairs (FDFA), provides an overview of the international dialogue on establishing the norms of state behaviour and confidence-building measures (CBMs) in cyberspace. It offers a comparative analysis of the leading international and regional political documents outlining cyber-norms, CBMs to reduce conflict stemming from the use of ICT, and capacity-building efforts to strengthen cooperation on cybersecurity. Consequently, it discusses how they could further influence each other, and notes several specific directions that further developments could take. Read the executive summary here or download full paper in PDF.

 

Report on cybersecurity cooperation in the Western Balkans

 

The report "Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities" was produced by DiploFoundation under the project "Cybersecurity Capacity Building and Research Programme for South-Eastern Europe", implemented with the support of the Federal Department of Foreign Affairs of Switzerland, in partnership with the Geneva Centre for the Democratic Control of Armed Forces (DCAF). Read the executive summary here or download full paper in PDF.

 

 

Report on cybersecurity competence building trends in OECD countries

 

The research, conducted by DiploFoundation and commissioned by the Swiss Federal Department of Foreign Affairs, identifies and reviews key trends and policy options for building competences in cybersecurity in ten OECD countries (Austria, Estonia, Finland, France, Germany, Israel, the Netherlands, the Republic of Korea, the United Kingdom and the United States).

  • Read the report (read online or download in PDF) and its illustrated Executive Summary version (read below or online or download in PDF)
  • Read the digest from the Webinar and watch the recording with presentation of the findings here.

 

See also:

  • Background note on cybersecurity
  • "Cybersecurity: What we (may not) know we (do not) know An overview of the cybersecurity challenge" - the GIP paper and mindmaps by Eduardo Gelbstein
Expand

Awareness raising

Illustrations and animated videos

Images and animations are powerful tool to communicate digital challenges.

Diplo has prepared number of illustrations depicting cybersecurity challenges. Browse the gallery and pick any that can help you explain cybersecurity better.

How does DNSSec work? What is Deep Packet Inspection? Why do we need IPv6? What should we know about cloud computing? Watch the short animated movies of  Diplo's Internet Governance Lite series.

Watch the short videos on introduction to cybersecurity, cybercrime and spam from our Internet governance series

Send a postcard from cyberspace!

Diplo's illustrated cybersecurity postcards from cyberspace aim at raising awareness about main challenges and issues related to cybersecurity, while allowing us to send our own message to others.

Pick your favorite poscard, add your personal message - and share via Twitter, Facebook or Instagram, or print and give out to friends and colleagues!

You can find all the postcards available for sharing or download here.

 

Illustrations and animated videos

Images and animations are powerful tool to communicate digital challenges.

Diplo has prepared number of illustrations depicting cybersecurity challenges. Browse the gallery and pick any that can help you explain cybersecurity better.

How does DNSSec work? What is Deep Packet Inspection? Why do we need IPv6? What should we know about cloud computing? Watch the short animated movies of  Diplo's Internet Governance Lite series.

Watch the short videos on introduction to cybersecurity, cybercrime and spam from our Internet governance series

Send a postcard from cyberspace!

Diplo's illustrated cybersecurity postcards from cyberspace aim at raising awareness about main challenges and issues related to cybersecurity, while allowing us to send our own message to others.

Pick your favorite poscard, add your personal message - and share via Twitter, Facebook or Instagram, or print and give out to friends and colleagues!

You can find all the postcards available for sharing or download here.

 

Comic book on child safety online

The challenges of child safety online presented in form of a comic book. Read online in English and in French.

 

Expand

What's next?

Diplo addresses the subject of cybersecurity through research, courses (online and in situ), policy discussions, and publications. We invite you to join us:

  • Enrol for Diplo's online course in cybersecurity, covering technical, policy and diplomacy perspectives [video]
  • Entertain yourself by solving a crossword (Java needed)
  • Test your knowledge with a quiz
  • Contact us to jointly organise customised capacity building activities that address your needs
  • Interact with our Internet governance team through Twitter (@igcbp) and Facebook
  • Contact us at ediploinfo@diplomacy.edu

Diplo addresses the subject of cybersecurity through research, courses (online and in situ), policy discussions, and publications. We invite you to join us:

  • Enrol for Diplo's online course in cybersecurity, covering technical, policy and diplomacy perspectives [video]
  • Entertain yourself by solving a crossword (Java needed)
  • Test your knowledge with a quiz
  • Contact us to jointly organise customised capacity building activities that address your needs
  • Interact with our Internet governance team through Twitter (@igcbp) and Facebook
  • Contact us at ediploinfo@diplomacy.edu

Diplo: Effective and inclusive diplomacy

Diplo is a non-profit foundation established by the governments of Malta and Switzerland. Diplo works to increase the role of small and developing states, and to improve global governance and international policy development.

     

Diplo on Twitter

Tweets by @DiplomacyEdu

Stay up to date!

Subcribe to DiploNews and stay up to date with upcoming events, new publications and research, and Diplo courses and training. 

Please select your preference

Footer menu

  • Contact us
  • Privacy policy
  • Web accessibility
  • Terms and conditions
  • Sitemap
Copyright © 2021 by DiploFoundation