ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications Authority of Kenya (CA) katundu@ca.go.ke Geneva, Switzerland, 15-16 September 2014 The Nature of the Internet Anonymity on the Internet drives the tendency towards abuse. “On the Internet, nobody knows who really is on the other end” The Nature of the Internet … The Nature of the Internet … Uses of the Internet Uses of the Internet … Uses of the Internet … What is Cybersecurity? Cybersecurity is also referred to as Information Technology (IT) Security. The protection of computers, networks, programs and data from unintended or unauthorized access, change or destruction. Why is Cybersecurity a global concern? Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security. Examples of Cyber attacks Hate messages: Propagated through the Internet, Computers, Mobile phones, tablets Common in Kenya especially during the electioneering period Examples of Cyber attacks … Distributed Denial of Service (DDOS) Examples of Cyber attacks … Phishing scams: Kenyan banks have been targeted. Examples of Cyber attacks ... Website Defacement: 103 GoK Websites defaced in 2013 3 Government Websites defaced in 2014 Government Twitter accounts hacked in 2014 Examples of Cyber attacks … Espionage: Stealing a country’s/company secrets. Examples of Cyber attacks … SPAM email: This is a global problem. Why Cybersecurity Agenda in Kenya? WSIS: Governments have a role to Promote Confidence and Trust in the use of ICTs. The landing of four undersea fiber optic cables (TEAMs and SEACOM in 2009, EASSy in 2010 and Lion-2 in 2012) brought an additional capacity to the country, resulting in faster Internet connectivity rates and growth in Internet usage. The country is increasingly becoming dependent on computer networks and information infrastructure, and that dependency is growing. Why Cybersecurity Agenda in Kenya? … In Kenya there are: 31.3 M mobile subscribers in (77% penetration). 26M mobile money subscribers (65% penetration). 21M Internet users (53.3% penetration). Internet Social Networking tools such as blogs, Facebook and Twitter, amongst others, have gained popularity throughout the country. Kenya Cybersecurity Report 2014 by TESPOK and SERIANU: In 2013 the rate of increase of Cybersecurity attacks is 108% (2.6M to 5.4M attacks). The Boderless nature of the Internet. Kenya’s Policy and Legal framework in Cybersecurity VISION 2030 ICT Sector Policy Kenya Information & Communications Act of 1998 National Cybersecurity Strategy (NCS) The Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC) A technical means of management of Cyber attacks. Implemented by the Communications Authority of Kenya in Oct. 2012. ITU/IMPACT, under the GCA, provided technical support. Has speeded up resolution of cyber attacks. Consulting with the ITU to upgrade the operations of the National KE-CIRT/CC. Functions of the National KE-CIRT/CC Establish Collaboration (National, Regional & International) on Cybersecurity Research & Development (R&D) on Cybersecurity Implement National Cybersecurity Policies, Laws & Regulations Cybersecurity Awareness & Capacity Building at the National Level National KECIRT/CC Technical Co-ordination & Response to Cybersecurity Incidents Development & Implementation of a National Public Key Infrastructure (NPKI) Early Warning & Technical Advisories National KE-CIRT/CC Collaboration National, Regional & International CIRTs & Organizations (FIRST) The Law Enforcement Agencies Directorate of Public Prosecutions (DPP) National KECIRT/CC Academia Mobile Telecom Operators & ISPs Financial Institutions How to report Cyber attacks in Kenya CA Website: http://www.ca.go.ke (Information Security); National KE-CIRT/CC website: http://www.ke-cirt.go.ke; Email: incidents@ke-cirt.go.ke; or Telephone, a letter or by visiting CA. The National Public Key Infrastructure (NPKI) Coordinated by the Communications Authority of Kenya (CA) in collaboration with the Kenya’s Ministry of ICT. National KE-CIRT/CC project. To ensure Confidentiality, Integrity and non-repudiation and operate under the Kenyan law. The National Public Key Infrastructure (NPKI) … Root Certification Authority (RCA) Technical Standards Development Awareness Creation & Capacity Building Licensing & Accreditation of E-CSPs International Co-operation Government-owned E-CSP Private-owned E-CSPs To issue Digital Certificates To issue Digital Certificates Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Internet IDs). Conclusions and Recommendations Put in place relevant Policies, Laws and Regulatory frameworks. Implement a National CIRT to be the country’s Trusted Point of Contact. Encourage implementation of sector CIRTs to support the National CIRT. Geneva, Switzerland, 15-16 September 2014 Create awareness and capacity building in Cybersecurity. Put in place National, Regional and international collaborations/partne rships for effective management of cyber attacks. Implement National Public Key Infrastructure (NPKI). 25 Thank You Email: katundu@ca.go.ke
© Copyright 2024