Cyber Security Awareness in Public Diplomacy
Rationally, states should always aspire to more collaboration in an effort to meet the most pressing challenges affecting the wider global community. “The Soft Power 30” – Portland Communications
As Salvatore Guerrera discussed last week, the increasing relevance of the cyberspace in the international sphere has made necessary the promotion of cyber security among netizens. Public diplomacy is the exertion of influence by the government of one country on the public opinion of another country to turn the latest’s policy favorable to the former’s. The fact that cyber security awareness is key to defend a country’s interests should make it a priority for public diplomacy. Aurora Partners, in its post Cyber security: Broader Strategies to Complement Technical Defences underlines the effectiveness of public diplomacy strategies in business to “shape the political and social environment in such way that when a cyberattack is launched the public, including the company’s stakeholders, are already siding with the company against the hacker.”
As Virginia Greiman explains in her chapter Cyber security and Global Governance, “nearly every aspect of human activity has become intertwined with cyberspace” and she compares the national cyber security strategies of 10 countries and the EU (see table below). Concepts such as “awareness” or “education” are clearly mentioned only in 3 of them.
Countries approach to cyber security awareness among national and foreign citizens
Even though national strategies on cyber security awareness are still in a very early stage of development, there are several examples which could be considered cyber security awareness in public diplomacy, which are worth mentioning.
Australia
Australia’s clear commitment to the use of public diplomacy for the promotion of cyber security awareness is reflected in its education and training programs, thanks to the collaboration with foreign governments and educational institutions, for industry representatives.
Canada
Canada’s Cyber Security Strategy promotes cyber security awareness through several initiatives, like the campaign Get Cyber Safe, a national public awareness campaign to educate Canadians about Internet security, bringing together the government, the public and private sectors, and the international community. Canada also celebrates the cybersecurity month every year.
Other initiative is the cyber security capacity of less developed states and foreign partners, acknowledging the relevance of preventing potential adversaries from exploiting weaknesses in global cyber defenses.
Japan
Japan´s Initiative for Cyber security within the International Strategy on Cyber security Cooperation is based on its contribution to raising the level of awareness through activities around the world aimed at government and corporate cyber security managers.
Japan also celebrates the international campaign for raising awareness on cyber security every October, helping to expand it globally.
Netherlands
Within The Netherlands’ cyber security strategy, awareness through international cooperation and mediation is a pledge for an approach which combines defense, diplomacy and development. The country focuses on becoming a hub where cyber diplomacy, conflict prevention and expertise work together to promote cyber security.
Qatar
Qatar’s National Cyber Security Strategy refers to the country’s engagement “with international partners on policy and operations to raise cyber security awareness, identify and address threats and coordinate actions to improve cyber security worldwide,” also creating “an awards program to recognize excellence in cyber security for key contributions.”
UK
In its Be CyberStreetWise cyber security awareness campaign, UK fosters some initiatives within the public diplomacy scope:
- Funding a new Fulbright Cyber Security Award for the brightest scholars in the US and UK to conduct cyber security research.
- Taking part in a “Cambridge vs Cambridge” cyber security contest with Cambridge, MIT’s Computer Science & Artificial Intelligence Laboratory.
In the UK Cyber Security Strategy 2011- 2016, the work with industry, academic and international partners “to build their cyber resilience” and “raise public awareness of how to keep safe online” is particularly important.
USA and its relation with key countries: Germany, Russia and China
The USA is making an effort to promote cyber security at all levels. The Department of Homeland Security has established as strategy action item the increase of public awareness and stakeholder outreach in the development of international law policy.
One of the most successful initiatives undertaken for cyber security awareness is the cyber security month. Fostered by the US, it is a campaign to raise awareness about cyber security which takes place annually since 2004 in many countries.
Cyber security awareness has also been a concept quite relevant lately in the relations between the United States and countries such as Germany, Russia or China.
Germany has a similar approach to promote security in the digital sphere. The country also organizes the cyber security month contributing to foster awareness within German and European population. Both the United States and Germany recognizes cyber security as a topic of interest for foreign audiences.
The United States and Russia have a different approach to cyber security, “the United States focuses on a law enforcement approach at the domestic level with voluntary international collaboration, while Russia focuses on developing binding international regimes.”
Cyber security has been a central topic in the relations between the United States and China in recent years. As explained before, “both the United States and China know how issues like cyber espionage could harm the two largest economies in the world.” Enrique Fojón describes how one of the key points agreed by both countries is “identify and promote standards of good practice in the use of cyberspace by the states. Both delegations have acknowledged the importance of the UN’s work through a group of governmental experts, about the guidelines for the appropriate use of the cyberspace by governments,” says Fojón.
As Enrique Fojón summarizes, China, Russia and the United States have a very different view of what cybergovernance should be and how to promote cyber security. China and Russia submitted a proposal of code of conduct for global governance of the cyberspace to the United Nations General Assembly, where the state had full competencies and legitimacy to control everything concerning its cyberspace, while the United States and the international community rejected it.
In its Coordinated International Cyberspace Policy, the USA calls “the private sector, civil society, and end-users” and invites “other states and peoples to join us [the USA] in realizing this vision of prosperity, security, and openness in our networked world,” actively promoting cyber security awareness within the scope of its public diplomacy.
European Union
The strategic framework for the EU on cybercrime and cyber security is provided by the Cyber security Strategy for the European Union and the European Agenda on Security. The first mentions the enhancement of the “EU’s international cyberspace policy to promote EU core values, to define norms for responsible behavior, to advocate the application of existing international law in cyberspace and to assist countries outside the EU in building cyber security capacity.”
The EU collaborates with the USA in an EU-US Working Group on Cyber security and Cybercrime (WGCC), and one of the WGCC’s 4 priority axes is awareness raising. The European Union also organizes the European Cyber Security Month (ECSM) and Championship organized by ENISA.
The EU also works in partnership with NATO, the OECD, the UN General Assembly, the ITU, the OSCE, the WSIS and the IGF.
International organizations
ITI
The Information Technology Industry Council (ITI), the global voice of the tech sector, recommends the enhancement of cyber security awareness, leveraging public-private partnerships and raising public awareness.
The ITI gives the example of the National Cyber Security Allience (NCSA), the leading cross-sector organization for public-private collaboration for cyber security awareness: the “StopThinkConnect” US campaign or the mentioned National Cyber security Awareness Month are relevant examples.
ITU
The ITU is United Nations specialized agency for information and communication technologies. According to the ITU National Strategy Guide for cyber security, cyber security programs should include, among other points:
- Cyber security awareness and education to raise awareness about cyber threats.
- International cooperation to analyze the transnational nature of cyber threats.
National Awareness Programs should include every stakeholder’s individual responsibility to secure their systems and the relevance of communication on cyber security with the government, national and international stakeholders.
The Chairman of the Global Cyber security Agenda High-Level Experts Group also recommends the ITU to have a leading role in advocacy on cyber security due to “the mandate from Member States and its position in the UN system.” For this reason, the ITU should promote “a culture of cyberdiplomacy at various levels from international fora to country or even community levels.”
NATO
NATO has an active public diplomacy and has become an important actor in cyber security. The NATO Strategic Concept 2010 underlines its security concerns and aims at developing “further its ability to prevent, detect, defend against and recover from cyber-attack, including […]better integrating NATO cyber awareness with member nations.”
Within the NATO activity, the cooperation in cyber security awareness is also relevant in the cases of Europe, the USA, Canada and Russia.
On July 2016, NATO recognizes cyberspace as an operational domain, what could imply fostering cyber security awareness at the highest level in the future.
NATO’s need for cyber security awareness and education programs is evident and an interesting initiative is the use of gamified training, which is currently being discussed and could also be used to foster cyber security awareness.
Conclusion
The special features of cyberspace, borderless and without specific binding international law, make international cooperation key for a safe Internet. Public diplomacy has an important niche to promote the collaboration among members of the international community.
There are a number of cyber security awareness initiatives worldwide which could be part of countries’ cyber security public diplomacy. Nations should make an explicit effort in terms of public diplomacy policies to raise awareness of cyber threats among foreign audiences.
Cyber security requires the engagement with certain values: rule of law, human rights, media freedom or democracy, all of which are, at the same time, affected by cyber security. For this reason, societies where these are top-priority values should foster measures that project their image as cyber security defenders and promote safer and more prosperous societies.
Cited sources
http://www.merriam-webster.com/dictionary/netizen
http://uscpublicdiplomacy.org/page/what-pd
http://www.getcybersafe.gc.ca/cnt/bt/index-en.aspx
http://www.nisc.go.jp/eng/pdf/InternationalStrategyonCybersecurityCooperation_e.pdf
http://uscpublicdiplomacy.org/blog/cyber-diplomacy-vs-digital-diplomacy-terminological-distinction
https://www.cyberstreetwise.com/
https://ccdcoe.org/publications/books/Peacetime-Regime.pdf
https://opus4.kobv.de/opus4-euv/frontdoor/index/index/docId/81
https://www.files.ethz.ch/isn/121211/USRussiaCyber_WEB.pdf
http://diplomacydata.com/cyber-security-and-cyber-espionage-in-international-relations/
http://www.thiber.org/2015/10/02/diplomacia-para-luchar-contra-el-ciberespionaje/
https://ccdcoe.org/sites/default/files/documents/UN-150113-CodeOfConduct.pdf
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf
http://europa.eu/rapid/press-release_IP-15-4865_en.htm
https://cybersecuritymonth.eu/
http://www.egmontinstitute.be/wp-content/uploads/2014/06/ESPO-WP7.pdf
https://www.itic.org/dotAsset/0e3b41c2-587a-48a8-b376-9cb493be36ec.pdf
https://www.itu.int/en/action/cybersecurity/Documents/gca-chairman-report.pdf
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf
https://www.itu.int/en/action/cybersecurity/Documents/gca-chairman-report.pdf
https://ccdcoe.org/publications/books/Peacetime-Regime.pdf
http://www.nato.int/cps/en/natohq/news_133280.htm?selectedLocale=en
http://www.diva-portal.org/smash/get/diva2:679023/FULLTEXT01.pdf
What else did I read for this post?
http://www.diplomacy.edu/sites/default/files/An%20Introduction%20to%20IG_6th%20edition.pdf
http://www.cepolicy.org/publications/coming-terms-new-threat-nato-and-cybersecurity
http://www.diplomacy.edu/sites/default/files/Cybersecurity%20Full%20Report.pdf
http://www.themandarin.com.au/55084-setting-rules-engagement-cybersecurity-war/
https://isd.georgetown.edu/sites/isd/files/Diplomacy_Development_Security_in_the_Information_Age.pdf
http://www.iss.europa.eu/publications/detail/article/the-eu-and-its-cyber-partnerships/
https://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative
http://www.atlantic-community.org/-/one-nato-strengthening-unity-through-transparency-and-engagement
http://www.getcybersafe.gc.ca/cnt/bt/index-en.aspx
http://www.gppi.net/fileadmin/user_upload/media/pub/2012/maurer_2012_cyber_kommersant_english.pdf
http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf
http://www.gppi.net/publications/global-internet-politics/article/the-eus-cyber-hodgepodge/