Skip to main content

Stop. Think. Connect. Cyber Security Awareness in Latin America.

Stop think connect logo 542x307 23sep14 en

Peter Cassidy, Secretary General of the Anti-Phishing Working Group (APWG), and I have been discussing lately about some of the high level goals of his organization (ICANN is a member, sponsor and research partner of the APWG). Peter, veteran of the "anti-cyber crime wars", has a dream: That all the countries in the Americas join the Stop.Think.Connect. campaign (Para. Piensa. Conéctate. as it is known in Spanish).

Peter Cassidy, Secretary General of the Anti-Phishing Working Group (APWG)

The APWG is a coalition that unifies the global response against cyber crime. It was created in 2003 and today it has more than 2,000 members from all over the world, including, for example, Microsoft, Yahoo!, MarkMonitor, RSA, Afilias, McAfee and the IEEE.

One of the main projects of the APWG is Stop.Think.Connect, a campaign that should be supported by the private and public sectors all over the world, including the region where I am from and where part of my work is focused on, Latin America. However it still is not known or understood enough by the decision makers in private companies or governments, so here's a bit about it to continue to spread the word.

Carlos: In a few lines, could you explain our readers what the STOP. THINK. CONNECT. Messaging Convention is and what its goals are?

Peter: The STOP. THINK. CONNECT. Messaging Convention was conceived by the APWG in 2009 as a way to optimize user awareness and education by unifying the awareness messaging they receive and reducing the clutter of uncoordinated, inconsonant efforts. The Convention crafted a slogan and logo and cybersafety advisory suite that all enterprises, government agencies and NGOs can share in order to persistently and consistently remind and instruct people of their roles (at home and at work and at large) in securing themselves, their communities and their Internet. The STOP. THINK. CONNECT. slogan and logo presented consistently from a number of sources provides the essential repetition that is required for people to retain the essential messages of practicing discretion and good data hygiene when using all their computing and communications devices.

Carlos: Who has joined the Convention so far?

Peter: The convention mustering committee was populated by global companies like Microsoft and AT&T, at the core of some 25 original members. Since then, the incorporated Messaging Convention has been joined by more than 160 enterprises, including large companies, SMEs, global, national and regional NGOs, trade associations and treaty organizations. National government agencies from Uruguay, Paraguay, Panama, the United States of America, Malaysia and a national trade group in Japan have partnered with the Convention though formal agreements. (Other nations' agreements are in process.) The Organization of American States is also an institutional partner to the Convention through a formal Memorandum of Understanding established in Spring of 2013.

Carlos: Why is it important that countries join?

Peter: For resonance. The greater the number of nations that are unified in their cybersecurity awareness messaging the greater the reinforcement of the essential messages being communicated. Ours are mobile societies. It's too much to expect everyone to receive, filter, translate and resolve conflicts between sometimes contradictory safety messages. Ask any choir member: unison parts are easier to sing in tune. And for efficiency. Awareness messaging should be as borderless as the Internet and its users' interests. Asking every nation to reinvent the wheel, so to speak, denies everyone the accessible efficiencies of presenting a consistent messaging scheme wherever they travel in the world or on the Internet.

Carlos: We've discussed about the concept of Hemispheric Unification of Cybercrime Awareness Messaging. Long name! Could you explain a bit what this means?

Peter: The nations of the Western Hemisphere share a limited number of linguas franca, English, Spanish, French and Portuguese. If the STOP. THINK. CONNECT. cybersecurity awareness campaign, whose objective is global ubiquity of deployment, has a chance to get a foothold even on a hemispheric scale, it is here in our Americas. In the Western Hemisphere, costs and effort to deploy in commonly used languages is lower than the Eastern Hemisphere by far. Given the concentration of Spanish-speaking nations in the hemisphere which have already adopted PARA. PIENSA. CONÉCTATE. as their national campaigns, the APWG's vast international membership and our correspondence with the Organization of American States with the world's multilateral treaty organizations, propagating the campaign globally doesn't seem like such a reach.

Carlos: A big part of what APWG does is focused on information sharing. Could you please elaborate a bit on this and on how users at large, globally, benefit from it?

Peter: Cybercrime is only the latest globalized threat to menace our shared civilizations. Weather, maritime piracy and epidemiological disease event data are routinely exchanged on a transnational basis for common defense among all manner of trade groups, government agencies, treaty organizations, NGOs and quangos. Similarly, cybercrime event data is exchanged through the APWG membership and correspondents for a variety of security applications and forensic programs, including informing and updating of block lists for fraud filters, browsers, anti-phishing toolbars and web filters; and creation and maintenance of forensic data resources for researchers, industrial investigators and law enforcement personnel to inform investigations. As the event data quantity expands and correspondents come to agree on data definitions, standardized usage protocols and terminal record formats, more applications will be conceived and more response paradigms will developed and, to some extent, automated.

Carlos: How many information contributors from Latin America are there currently?

Peter: Right now, just a handful of institutional contributors judging from the reports dealing with Latin American brands. Much of the reporting from that region comes from the general public there, forwarding phishing attack email lures to reportphishing at antiphishing.org.

Carlos: If you had the opportunity to speak for 5 minutes with all the presidents from the Americas, what would you tell them with regards to Stop.Think.Connect.?

Peter: I would tell them it is time to unite our Americas to protect all of our peoples with one messaging scheme that can resonate across our hemisphere and remind us all (in a consistent manner) to stay safe online, no matter where we are, what language we speak or where we travel online or in our Americas. The alternative only means more work for all of us - and reduced efficiency in communicating cybersafety messages consistently to all of our peoples. The magic of standardized data packet switching gave us the Internet. The practical application of standardized cybersafety messaging will help its users protect it.

Carlos: Who is eligible to join the Convention?

Peter: Any group, government agency, association or enterprise from the public or private sectors, any NGO or quango with an interest in propagating cybersecurity awareness can formally join the convention.

Carlos: How does one join the Messaging Convention?

Peter: That depends on your role and interests. Any enterprise from any sector, if they want to integrate STOP. THINK. CONNECT. materials into their own programs of education and awareness, can license the slogan and logo and advisory materials (at no cost, ever). National government agencies who partner with the Convention enter into a Memorandum of Understanding with the Messaging Convention and agree to cooperate in the propagation of the STOP. THINK. CONNECT. campaign (and its translated instantiations such as PARA. PIENSA. CONÉCTATE.) in their respective sovereignties. Moreover, any one or any enterprise – both for-profit and non-profit - can go to the Convention website at stopthinkconnect.org and acquire the ready-made materials for any educational purpose.

Carlos: How does someone approach the Convention to join?

Peter: Groups, associations and enterprises can contact us at info at stopthinkconnect.org and national government agencies can contact me directly, as international development director, at Pcassidy@stopthinkconnect.org

Carlos Alvarez is Sr. Manager, SSR Technical Engagement, Security Stability Resiliency Team at ICANN

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."