ITU’s contribution
to Cybersecurity in
Africa
Anne Rita Ssemboga
[email protected]
March 2016, Harare
International
Telecommunication
Union
Committed to Connecting the World
Agenda
1. Introduction
1
2
1. ITU Mandate in Cybersecurity
3
1. Global Cybersecurity Index
4
1. CIRT Program
5
1. National Strategies
1. Center of excellences
6
1. Up coming events
7
2
Introduction
Committed to Connecting the World
Importance of Cybersecurity
• From industrial age to information societies
-
Increasing dependence on the availability of ICTsNumber of Internet users growing constantly
(47.2 % of world’s population, 2015)
• Statistics and reports show that cyber-threats are
on the rise
-
The likely annual cost to the global economy from
Cybercrime is estimated at more than $455 billion (Source:
McAfee Report on Economic Impact of Cybercrime, 2013).
• Developing countries most at risk as they adopt
broader use of ICTs
-
E.g. Africa leading in Mobile-broadband penetration:
almost 20.7% in 2015 - up from less than 2% in 2010
(Source: ITU ICT Statistics)
•
Need for building cybersecurity capacity
-
Protection is crucial for the socio-economic wellbeing of
a country in the adoption of new technologies
Source: Symantec 2015 Internet Security Threat Report
3
Introduction
Committed to Connecting the World
Key Cybersecurity Challenges
 Inadequate national and global organizational





structures to deal with cyber incidents
Lack of interoperable national and regional legal
frameworks
Limited information security professionals and skills
within governments
Lack of basic awareness among users
Unsecure Software and ICT-based applications
Limited international cooperation between industry
experts, law enforcements, regulators, academia &
international organizations, etc. to address a global
challenge
Cybersecurity not seen yet as a cross-sector, multi-dimensional concern. Still seen as a
technical/technology problem.
4
ITU mandate in cybersecurity
Committed to Connecting the World
• A fundamental role of ITU based on the guidance of the World
Summit on the Information Society (WSIS) and the ITU
Plenipotentiary Conference
• At WSIS 2003 , 50 Heads of States and world leaders and 175
countries entrusted ITU to be the Facilitator of Action Line C5,
"Building confidence and security in the use of ICTs",
• ITU launched, in 2007, the Global Cybersecurity Agenda (GCA),
as a framework for international cooperation in this area.
5
ITU mandate in cybersecurity
Committed to Connecting the World
Global Cybersecurity Agenda (GCA)
• GCA is designed for cooperation and
efficiency, encouraging collaboration with
and between all relevant partners, and
building on existing initiatives to avoid
duplicating efforts.
• GCA builds upon five pillars:
1. Legal Measures
2. Technical and Procedural Measures
3. Organizational Structure
4. Capacity Building
5. International Cooperation
•
Since its launch, GCA has attracted the
support and recognition of leaders and
cybersecurity experts around the world.
6
Global Cybersecurity index
Committed to Connecting the World
Objective
The Global Cybersecurity Index (GCI)
measures each nation state’s level of
cybersecurity commitment in five main
areas:
• Legal
• Technical
• Organizational
• Capacity Building
• Cooperation
Goals
• help countries identify areas for
improvement
• motivate action to improve relative
GCI rankings
• raise the level of cybersecurity
worldwide
• help to identify and promote best
practices
• foster a global culture of
cybersecurity
Final Global and Regional Results
2014 are on ITU Website
7
Join us for the Next iteration – we are looking for partners
http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx
7
Global Cybersecurity index
Committed to Connecting the World
National cybersecurity commitment
8
Global Cybersecurity index
Committed to Connecting the World
Cyberwellness Country
Profiles
Factual information on
cybersecurity achievements on
each country based on the GCA
pillars
Over 195 profiles to date
Live documents –
Invite countries to assist us in
maintaining updated information
[email protected]
9
9
Global Cybersecurity index
Committed to Connecting the World
Next GCI – Reference Model
MEMBERS STATES
RESPONSES
GCI 2014
CONCEPTUAL
FRAMEWORK
QUESTIONNAIRE
SECONDARY
DATA
INDEX
OPEN CONSULTATIONS- MULTISTAKEHOLDER PLATFORM
AUTOMATED DATA COLLECTION- STORAGE AND ANALYSIS PLATEFORM
PARTNERS: SECONDARY DATA, RESPONSE ACTIVATION, STATISTICAL ANALYSIS ,
QUALITATIVE APPRECIATION & MORE…
Existing Indices
Compendium
Regional
Reports
GCI 2016
193 country
profiles
Good Practices
Thematic
reports
ITU-D SG2Q3
Legal, Organizational
Technical, Capacity building
10
Cooperation
Global Cybersecurity index
Committed to Connecting the World
In order to complete the GCI we kindly request the members states to respond to the
letter of BDT Director dated 11 December 2015 which invites Member States to
participate in the GCI 2016 highlighting that this time questionnaire is purely online and
deadline for submission currently stands at 11 March 2016
We wish to thank all Member States that have already appointed Focal ​Points:
Angola, Cameroon, Ethiopia, Ghana, Lesotho, Madagascar, Mauritius, Rwanda, Senegal,
Sierra Leone, South Africa, Togo, Uganda, Zimbabwe. ​
11
Role of National CIRT
Committed to Connecting the World
First line of cyber-response
• Providing incident response support;
• Dissemination of early warnings and alerts;
• Facilitating communications and information
sharing among stakeholders;
• Developing mitigation and response strategies
and coordinating incident response;
• Sharing data and information about the
incident and corresponding responses;
• Publicizing best practices in incident response
and prevention advice;
• Coordinating international cooperation on
cyber incidents;
102 National CIRTs Worldwide
Need to fill the gaps
In Africa 12 countries have
& 32 countries do not
12
National CIRT program
Committed to Connecting the World
Educate / Plan
Establish/ Operate
Collaborate
• Assessments conducted for 26 countries
• Implementation completed for 7 countries
Burkina Faso, Côte d'Ivoire, Ghana, ​Kenya​, Tanzania, Uganda, Zambia​.​
• Implementation in progress for 2 countries
•
Burundi, Gambia,
CIRT Enhancement in progress in Kenya
2 cyber drills conducted with participation of over 20 countries
Upcoming cybredrill 4-8 april 2016 in Mauritius
13
National CIRT program
Committed to Connecting the World
Enhancement of Kenya’s National CIRT
Agreement signed on 29 May 2015
“the strengthening of Kenya’s
National Computer Incident
Response Team will give new
impetus to our efforts to create
confidence in the use of ICTs.”
Mr Francis Wangusi, Director General of
the Communications Authority of Kenya
14
National CIRT program
Committed to Connecting the World
Cooperation with ECOWAS
MoU signed with ITU on 8 June 2015
• elaboration of regional Cybersecurity
initiatives through ECOWAS;
• enhancing the Cybersecurity posture of
ECOWAS member countries through
country specific initiatives as well as
regional initiatives including:







the National CIRT/CERT programme
capacity building initiative
elaboration of a sustainable Cybersecurity roadmap
Global Cybersecurity Index
Child Online Protection initiative
harmonization and enhancement of legislations
elaboration of national Cybersecurity strategies
15
National strategies
Committed to Connecting the World
…we can achieve our goal of adding value to members by
creating a framework that leverages global best practices
Strengths of Toolkit
A nation-neutral toolkit that can be applied globally:
Europe, Africa, Americas, Asia Pacific, …
Measuring improvements:
provide best practice
indicators to assess
improvements over time
1
5
Reference to other
guidelines/references:
link to existing models and
evaluation tools
2
Toolkit
Value
Add
4
3
Pragmatic reference guide
can be used by all
countries, including microcountries: developed
strategies, new strategies
under development, …
Accompanying evaluation tool:
easily identify key areas for
improvement and how they can be
addressed
National Strategies Repository:
http://www.itu.int/en/ITU-D/Cybersecurity/Pages/National-Strategies-repository.aspx
16
National strategies
Committed to Connecting the World
Co-authored and Co-owned by Partners on the new National
cybersecurity toolkit
11 Partners who have been active in devising models and implementing
cybersecurity strategies and is facilitated by experts at
ITU invites project partners to contribute their knowledge and expertise in the National Cyber
Security domain, thereby providing high added value to the toolkit definition
17
National strategies
Committed to Connecting the World
positioning and functionality of the new national cybersecurity
strategy toolkit…
National Cybersecurity Strategy Process
Primary Focus
Identify
Purpose and
Content
• The NCS Toolkit will provide national policy developers
with a means to evaluate their current status and identify
areas for improvement regarding:
- Identifying the purpose and content of their own NCS
- Outlining the strategic areas that their NCS would
address
- Defining a management lifecycle process to govern the
implementation of the NCS
- Establishing a structured process for NCS development
- Finding additional resources to support NCS
development
Outline National Strategy
Develop Cyber Security National
Plan, including capability
development/implementation
Secondary Focus
• The NCS Toolkit will provide national policy
developers with links to other best practice
guidelines for insights on how to:
- Develop National Plan
- Evaluate the current maturity levels of NCS
capabilities
- Compare their strategies / capabilities against
peers through ranking systems and criteria
- …
18
Committed to Connecting the World
Training- Centre of excellences
 Institutions sharing expertise, resources and capacity-building
know-how in telecommunications and ICTs training/education,
distributed around the world
 32 World wide with 7 offering Cybersecurity expertise
 Africa
 Ecole Supérieure Africaine des Technologies de l’Information et
de la Communication (ESATIC), Côte d’Ivoire
 University of Rwanda, College of Science and Technology
(URCST), Rwanda.
19
Committed to Connecting the World
Upcoming events
• Cyberdrill for Africa, Mauritius, 4-8 April 2016,
• ITU-ATU Workshop on Cybersecurity Strategy in African Countries,
Khartoum, Sudan (Republic of the), 24 – 26 July 2016
• SG17 meeting, Khartoum, Sudan (Republic of the), 27-28 July
2016
20
Committed to Connecting the World
Conclusion
 Continue national dialogue - multi
sectorial
 Prioritizing on the conclusion of the
Policy, draft bills and legislation
 Cyber Incidence Response Team
(CIRT) as Interim measure
 ITU committed to support the
Government of Zimbabwe in this
effort
21
Committed to Connecting the World
 Thank you for your attention
22