Course Planner

This module provides an overview of international discussions on cybersecurity at the UN and regional organizations, covering their origins, evolution, and main features. The framework of responsible State behaviour in cyberspace as devised in the UN Group of Governmental Experts on advancing responsible State behaviour in cyberspace in the context of international security (GGE) reports of 2013, 2015 and 2021, and as included in the 2021 report of the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (OEWG) will be presented with an overview of its core elements – international law, cyber norms and confidence-building measures. This will be followed by a presentation of the recent developments in multilateral discussion, closing with an overview of current discussions and debates around the normative framework.

This module introduces the most relevant rules of public international law and their applicability to the cyber context. It focuses on the rule of non-intervention and the debate around state sovereignty and then discusses the international responsibility of states, in particular questions of attribution and options for responses to cyber operations. It also discusses states’ due diligence obligations and best practices in their implementation, while providing insights into challenges and the current state of debate. Lastly, this session allows for a guided discussion on how government officials can contribute to the clarification and operationalization of international rules in the cyber context.

This module is devoted to cybersecurity, cybercrime and data protection. The lecturer will discuss legal and political tools to implement obligations with respect to cybersecurity, cybercrime and data protection, including protection of critical infrastructure, the role of computer emergency response teams (CERTS), Interpol and incident information sharing. Recent trends and examples of cybercrime operations will be presented and explaned. Discussions will focus on the tools available under existing legal frameworks, with a comparative view of the the Budapest Convention, EU cybersecurity and data privacy framework and the AU Convention on Cybersecurity and Data Protection.

This module considers policy issues related to the involvement of non-governmental stakeholders in international cybersecurity discussions. The first section provides an overview of the non-governmental initiatives that have developed in recent years, including the Cyber Tech Accord, the Global Commission on Stability in Cyberspace, the Paris Call for Trust and Security in Cyberspace, and the Geneva Dialogue for Responsible Behaviour in Cyberspace. The second section introduces issues and perspectives raised by industry, academia and civil society and maps them onto the topics discussed in the UN negotiations. Finally, we will discuss the limited institutional possibilities for multi-stakeholder engagement within UN discussions, along with potential future avenues for dialogue.

Misinformation and disinformation online is a growing problem impacting all areas of online information-sharing, including social media platforms, deepfake videos and even conventional news outlets. The consequences of misinformation/disinformation can be devastating, undermining our democratic processes, and threatening the health and well-being of our populations. This course looks at misinformation/disinformation and its impacts on our societies. It will examine recent examples of misinformation/disinformation as case studies, presenting how they were carried out and their impacts on affected populations. It will also provide guidance on how to identify misinformation/disinformation online. Finally, it will consider their broader impacts on societies, and look at good practices for how to counter misinformation/disinformation online.

This module will consider ICTs through the important prism of gender, including the “gender digital divide”. The course will begin with an introduction to the concept of “gender” and the considerations important to this concept. It will then take a look at the opportunities and vulnerabilities that are specific to gender within the ICT context, as well as the important of diversity, representation and participation of different gender groups in multilateral discussions. A case study that illustrates these issues will be developed and presented The course will conclude with reflections and recommendations for better inclusion of different gender perspectives at both national and international policy levels.

Confidence-Building Measures (CBMs) are instruments of international policy that seek to reduce mistrust and misunderstandings among States in order to strengthen international peace and understanding. Recently, international and regional organizations have developed confidence-building measures to reduce tensions and misunderstandings in cyberspace. This course will look at different examples of CBMs developed by the UN Group of Governmental Experts on advancing responsible State behaviour in cyberspace in the context of international security (GGE), the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (OEWG), the Organization for Security and Cooperation in Europe (OSCE), the Association of Southeast Asian nations (ASEAN) and the ASEAN Regional Forum (ARF), and the Organization of American States. The CBMs developed by each of these organizations will then be compared and contrasted, analyzing where there are areas of convergence/divergence. Finally, the implementation of these CBMs will be considered, with a view to identifying good practices and gaps.

The use of ICTs for violent extremist ends is one of the most significant threats to our societies in recent years. This course looks at the phenomenon of violent extremism online, including the actors that perpetrate it, the intended victims, and how online platforms are used to carry out violent extremist attacks. It begins by considering the state of play around violent extremist and terrorist use of the Internet, including causes, challenges and real-world examples. Drawing from the wealth of work and guidance that has been developed on this topic by several different organizations and initiatives, it then considers effective responses to these challenges in a human rights’ compliant manner. The course will conclude by presenting practical guidance in the form of concrete examples including regulation, oversight, communication responses and public-private partnerships.

With cyberattacks globally on the rise, we depend increasingly on the work of Computer Security Incidence Response Teams (CSIRTs) to help us detect, respond, and better defend against these threats. This course takes a closer look at the important role of CSIRTS in keeping cyberspace safe and secure. It begins by considering the specific challenges unique to cyberspace that make defending against cyber-attackers so difficult. It then considers the different kinds of CSIRTS, how they are set up, and their specific responsibilities. The course finishes with an overview of how to create a CSIRT, including the different parameters that it should achieve to become an effective incident response team.