www.uneca.org/aisi eca regional perspective on e- security cyber security workshop & training...
TRANSCRIPT
www.uneca.org/aisi
ECA Regional Perspective on E-Security
Cyber security workshop & training
25-28 August 2008
Lusaka, Zambia
Dr Sizo D. MhlangaRegional Advisor ICT Policies & Strategies
ISTD/UNECA
www.uneca.org/aisi
Security Is The Absence Of All
Insecurity
www.uneca.org/aisi
Contents General
ECA’s response & International Frameworks
Security status in Africa e.g.
ECA programmes
www.uneca.org/aisi
Cyber Crime in Africa Limited connectivity, smaller number of users, are factors
that currently shield potential African “targets” from most attacks - Africa is still very vulnerable to most major attacks;
Africa is faced with weak underlying technology and inherently vulnerable software;
Uninformed, misguided and malicious users contribute to the problem - lack of awareness & cyber security culture;
Impact of increased capacity with weak or non-existent legal, regulatory & policy environments & insufficient security technology render Africa a lucrative entry point for cyber criminals using it as a hub to coordinate & launch attacks.
www.uneca.org/aisi
Network Security – Trust & Confidence
IT is becoming more prevalent in Africa & users are more & more depended on these systems - the Internet has created a borderless space for information exchange & the keyword for the deployment of Internet applications, e-gov, e-com, e-trade etc.. is TRUST;
As the Information Society becomes more & more important to business & society, ensuring the security of both the infrastructure
& the information traversing through it is critical; Solutions to combat the security threats already exist but
implementation is at times costly & complex & if poorly executed, may cause more problems than they resolve;
This calls for systematic & careful planning - proper policies, laws, regulations & awareness can help mitigate the threat;
Success depends on various key stakeholders & policies must be enacted & enforced by government, industry & individuals.
www.uneca.org/aisi
Web Site
The Internet
ComputerConnect to Internet
www.uneca.org/aisi
eGov: a key pillar of eStrategies
Security
Broadband (wired, wireless), multi-platform (PC, TV, mobile, …)
eGovernment eHealth eLearning eBusiness
www.uneca.org/aisi
E-government indexThe Web Measure Index - 5 stage model (Emerging, Enhanced, Interactive, Transactional & Connected) measuring the country’s online presence/absence;
Telecommunication Infrastructure Index - 5 indices relating to a country’s infrastructure capacity i.e.-Internet Users; PCs; Main Tel Lines; Mobile phones; and Broadband availability/100 persons;
Human Capital Index - composite index of the adult literacy rate & the combined primary, secondary & tertiary gross enrolment ratio.
www.uneca.org/aisi
0.28790.3403
0.3446
0.24660.197
0.4514
0
0.1
0.2
0.3
0.4
0.5
Africa e-gov readiness
C0MESA
North Africa
SADC
Central Africa
ECOWAS
World
www.uneca.org/aisi
0.92
0.45
0
0.2
0.4
0.6
0.8
1
E-gov rest of the world Sweden
Denmark
Norway
USA
Netherlands
Rep of Korea
Canada
Australia
France
UK
Japan
Switzerland
World
www.uneca.org/aisi
www.uneca.org/aisi
E-Gov readiness - EAC
Web Measure Index Infrastructure Index Human Capital Index E-Gov Readiness Index 0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
KenyaUgandaTanzania
www.uneca.org/aisi
Infrastructure index
Algeria
Angola
Benin
Botsw
ana
Burkin
a Fa
so
Burun
di
Camer
oon
Cape
Verde
Centra
l Afri
can
Rep.
Chad
Congo
Comor
os
Cote
d'Ivo
ire
DRC
Equat
orial
Guin
ea
Gabon
Guinea
-Biss
au
Leso
tho
Liber
iaLib
ya
Madag
asca
r
Malawi
Mali
Maurit
ania
Maurit
ius
Moroc
co
Mozam
bique
Namibi
a
Niger
Nigeria
Kenya
Rwanda
Sao T
ome
and
Princip
e
Seneg
al
Seych
elles
Sierra
Leo
ne
Somali
a
South
Afri
ca
Sudan
Swazila
ndTo
go
Tunis
ia
Ugand
a
Tanz
ania
Zambia
Zimba
bwe
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
www.uneca.org/aisi
ECA’s response - What is AISI?
Launched in 1996 by African Ministers of planning, economic & social development;
A vision for ICT development in Africa;
A cooperation framework for partners to support ICT development in Africa
Activities: Policy development; Training & capacity building; Sectoral applications; Infrastructure development
www.uneca.org/aisi
E-Strategies
• Regional Information and Communication Infrastructure (RICI)
• National Information and Communication Infrastructure (NICI)
• Sectoral Information and Communication Infrastructure (SICI)
• Village Information and Communication Infrastructure (VICI)
RICI
VICI
AISI
NICI
SICI
SC
AN
-IC
T
SC
AN
-ICT
Stakeholder Involvement
www.uneca.org/aisi
Policy process deliverables
Framework: Why? Baseline scenario
The Policy: What?Gov policy commitments on what needs to be done
The Plan: How? Policy commitments translated into concrete programmes
The inter-related Entities
Framework Policy
Plan
www.uneca.org/aisi
The AISI and security
Within the AISI framework, the security aspect is addressed in :
The formulation of National and Regional ICT policies and strategies; and
The design of legal frameworks for the Information Society.
www.uneca.org/aisi
E-Strategy Status (April 2008)
www.uneca.org/aisi
International Framework- Resolution adopted by the UN General Assembly [on the report of the Second Committee (A/58/481/Add.2)] 30 Jan 2004
58/199. Creation of a global culture of cyber security and the protection of critical information infrastructures
- WSIS Plan of Action
C5. Building confidence and security in the use of ICTs - Confidence and security are among the main pillars of the Information Society
- Connect Africa goal (Oct 2007) Goal 5. Adopt a national e-strategy, including a cyber security framework and deploy at least one flagship e-government service as well as e-education, e-commerce and e-health services using accessible technologies in each country in Africa by 2012, with the aim of making multiple e-government and other e-services widely available by 2015.
www.uneca.org/aisi
ECA Survey – status of implementation of WSIS PoA
ICT Security Issue Addressed in the country ICT policies and plans
Existence of Legislation to enforce this issue
Information security and network security issues
58% 8%
Education and raising awareness on security and use of ICTs
58% 17%
Prevention, detection and response to cyber-crime and misuse of ICTs
50% 0%
Effective investigation and prosecution for misuse of ICTs
33% 0%
Government to actively promote user education and awareness about online privacy and the means of protecting privacy
33% 0%
www.uneca.org/aisi
e-Security in AfricaLegal Framework
Countries with laws on electronic signatures:Mauritius, Tunisia, Cape Verde, South Africa, Egypt…..
Countries with Draft laws on electronic signatures: Algeria, Burkina Faso, Cameroon, Morocco, Senegal
EAC - Regional e-Gov framework was approved in Nov 2006 & there is a Regional Taskforce, spearheading the development and implementation of the Regional legal framework for cyber laws.
www.uneca.org/aisi
PKI Development in Africa A PKI (public key infrastructure) - enables users of
a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair
South Africa (Private Sector : Thawte - a certificate authority (CA) for X.509 certificates - an ITU-T standard for a PKI)
Tunisia (ANCE) Egypt (ITIDA) Mauritius (ICT authority CCA) Efforts are underway to create an African PKI
Forum
www.uneca.org/aisi
Info-Security - challenges
www.uneca.org/aisi
An African Cyber Security Strategy ECA/Global ePolicy Resource Network (ePol-NET) involved in the
development of a cyber security framework for Burkina Faso, Ghana, Kenya and Mozambique – a programme that looks at the policy, legislative, regulatory and infrastructure requirements;
Policy requirements set out duties and responsibilities of the various domestic, regional and international stakeholders and beneficiaries of this security policy;
Legislative and regulatory requirements - sets limits, establishes a code of conduct, defining standards and some of the technical issues which may be imposed on stakeholders such as service providers, financial institutions, vendors/merchants, as well as work towards building the necessary trust and confidence demanded by users, key stakeholders, both within Africa and from around the world.
Infrastructure requirements will provide for minimum security standards and ensure providers are able to address the evolving demands of users and protect their networks against increasingly sophisticated attacks, originating from around the world.
www.uneca.org/aisi
What is e-security policy?
A plan of action for tackling security issues, or a set of regulations for maintaining a certain level of security
Practices for securing computers, buildings, or vital infrastructure
Strategies articulated at both the organizational & national Organisational level - a high-level document outlining
management commitment to IT security by defining IT security & its supporting sub-policies;
National level - a government’s approach to ensuring the security of its national interests through legislation, regulations, training, investment & awareness
www.uneca.org/aisi
Project status Kenya - enabling legislation for the e-Gov Security Strategy in
support of the operationalizing the Kenya e-Government Strategy;
Ghana - the design and development of a national e-security policy which complement its ICT4D Policy and a comprehensive operational e-security strategy in support of the existing e-gov initiatives e.g. E-customs and intranet;
Mozambique - the design and development of a national e-security policy which addresses all aspects required to secure the critical ICT infrastructure and technology. An e-gov security strategy with guidelines and standards which all systems and users must adhere to ensure the availability and safety of these critical systems;
Burkina Faso - policy on the protection of the essential ICT infrastructure.
www.uneca.org/aisi
Conclusion
ECA with partners to continue assistance on experience sharing amongst the RECs on:
Policy, Legal and Regulatory Frameworks; and Cyber laws and Information Security.
ECA and RECs to cooperate with Governments for the implementation at the national levels;
Support the creation of the Africa PKI Forum including the sharing of experiences
www.uneca.org/aisi
Thank You !http://www.uneca.org/
aisi/