mwesigwa uganda case study june 09
TRANSCRIPT
-
8/12/2019 Mwesigwa Uganda Case Study June 09
1/20
CYBER SECURITYCYBER SECURITYLEGISLATION AND POLICYLEGISLATION AND POLICY
INITIATIVESINITIATIVES
--
UGANDAUGANDA
CASECASE
2009 ITU Regional Cybersecurity Forumfor Africa and Arab States
Tunis, 4-5 June 2009
Patrick Mwesigwa, Director/Technology & Licensing, UgandaPatrick Mwesigwa, Director/Technology & Licensing, UgandaCommunications CommissionCommunications Commission
-
8/12/2019 Mwesigwa Uganda Case Study June 09
2/20
Outline of presentationOutline of presentationIntroduction on UgandaIntroduction on UgandaCyber laws formulation processCyber laws formulation processOverview of proposed cyber lawsOverview of proposed cyber lawsProgress in harmonisation of Cyber LawsProgress in harmonisation of Cyber Lawsin East Africain East Africa
National and Regional CERT initiativesNational and Regional CERT initiativesChallenges in countering cyber crimeChallenges in countering cyber crime
Concluding remarksConcluding remarks
-
8/12/2019 Mwesigwa Uganda Case Study June 09
3/20
Background on UgandaBackground on Uganda -- locationlocation
-
8/12/2019 Mwesigwa Uganda Case Study June 09
4/20
Economic indicatorsEconomic indicators
PopulationPopulation 30 million30 million
Surface AreaSurface Area 241,000 sq. km241,000 sq. kmGDP per capitaGDP per capita -- US$ 230US$ 230
Economic Growth (1995Economic Growth (1995 --2008)2008) 6%6%p. ap. a
-
8/12/2019 Mwesigwa Uganda Case Study June 09
5/20
Cyber laws formulation processCyber laws formulation processFormulation of cyber laws initiated in 2003Formulation of cyber laws initiated in 2003
Cyber laws drafted by National Task Force comprisingCyber laws drafted by National Task Force comprisingseveral stakeholders led by Uganda Law Reformseveral stakeholders led by Uganda Law ReformCommission that includedCommission that included
Ministries of Justice, Trade and Industry, Water, Lands &Ministries of Justice, Trade and Industry, Water, Lands &Environment, Ministry of FinanceEnvironment, Ministry of FinanceMinistry of Works Housing & Communications, now MinistryMinistry of Works Housing & Communications, now Ministryof ICTof ICTUganda Communications CommissionUganda Communications Commission
Uganda Law Society, National Bureau of StandardsUganda Law Society, National Bureau of StandardsBank of Uganda, Uganda Investment Authority, MakerereBank of Uganda, Uganda Investment Authority, MakerereUniversity, Uganda Insurance Commission etcUniversity, Uganda Insurance Commission etc
Draft went through public consultationDraft went through public consultationBenchmarking with other countries undertakenBenchmarking with other countries undertaken
-
8/12/2019 Mwesigwa Uganda Case Study June 09
6/20
Overview of proposed cyber lawsOverview of proposed cyber laws
-
8/12/2019 Mwesigwa Uganda Case Study June 09
7/20
Cyber Security legal framework Cyber Security legal framework
Legal framework consists of 3 mainLegal framework consists of 3 mainlaws:laws:
Electronic Transactions Bill, 2003Electronic Transactions Bill, 2003
Computer Misuse Bill, 2003Computer Misuse Bill, 2003Electronic Signatures bill, 2003Electronic Signatures bill, 2003
-
8/12/2019 Mwesigwa Uganda Case Study June 09
8/20
The Electronic Transactions BillThe Electronic Transactions BillThe Bill creates a light handed regulatory regimeThe Bill creates a light handed regulatory regime
for electronic transactions.for electronic transactions.It facilitates the development of eIt facilitates the development of e --commerce incommerce in
Uganda by broadly removing existing legalUganda by broadly removing existing legal
impediments that may prevent a person fromimpediments that may prevent a person fromtransacting electronically because of a lacuna intransacting electronically because of a lacuna inthe traditional laws.the traditional laws.
it makes provision for functional equivalence,it makes provision for functional equivalence,thus paper transactions and electronicthus paper transactions and electronictransactions are treated equally before the law.transactions are treated equally before the law.
-
8/12/2019 Mwesigwa Uganda Case Study June 09
9/20
Electronic Transactions BillElectronic Transactions Bill contd contd
Establishes rules that validate andEstablishes rules that validate and recognisesrecognisescontracts formed through electronic meanscontracts formed through electronic meansSets default rules for contract formation andSets default rules for contract formation andgovernance of electronic contract performancegovernance of electronic contract performanceDefines the characteristics of a valid electronicDefines the characteristics of a valid electronic
writing and an original documentwriting and an original documentSupports the admission of computer evidenceSupports the admission of computer evidencein courts and arbitration proceedingsin courts and arbitration proceedings
-
8/12/2019 Mwesigwa Uganda Case Study June 09
10/20
The Electronic Signatures BillThe Electronic Signatures Bill
The BillThe Bill makes provision for the use ofmakes provision for the use ofelectronic signatures in order to ensure thatelectronic signatures in order to ensure thattransactions are carried out in a securetransactions are carried out in a secure
environment.environment.It establishes a public key infrastructure forIt establishes a public key infrastructure forauthenticity and security of documentsauthenticity and security of documents
RecognisesRecognises the different signature creatingthe different signature creatingtechnologiestechnologiesProvides effective administrative structures e.g.Provides effective administrative structures e.g.
establishment of Certification Authoritiesestablishment of Certification Authorities
-
8/12/2019 Mwesigwa Uganda Case Study June 09
11/20
The Computer Misuse BillThe Computer Misuse BillThe Bill takesThe Bill takes cognisancecognisance of the fact that allof the fact that all
computer operations are susceptible tocomputer operations are susceptible tocomputer crimes and our current legal systemcomputer crimes and our current legal systemdoes notdoes not recogniserecognise computer crimes thus thecomputer crimes thus the
importance of a legislation to provide forimportance of a legislation to provide forcomputer crimes.computer crimes.It creates several computer misuse offencesIt creates several computer misuse offences
e.g.e.g. unauthorisedunauthorised modification of computermodification of computermaterialmateriallays down mechanisms for investigation andlays down mechanisms for investigation and
prosecution of the offences.prosecution of the offences.
-
8/12/2019 Mwesigwa Uganda Case Study June 09
12/20
-
8/12/2019 Mwesigwa Uganda Case Study June 09
13/20
Harmonisation of cyber laws inHarmonisation of cyber laws inEast African RegionEast African Region
Ongoing process to harmonise cyber laws in the 5 E A countriesOngoing process to harmonise cyber laws in the 5 E A countriesunder EACunder EACBeing undertaken by Task Force consisting of 4 members fromBeing undertaken by Task Force consisting of 4 members fromeach countryeach country
Laws to be harmonised in 2 phases;Laws to be harmonised in 2 phases;Phase 1: Electronic Transactions, Electronic Signatures andPhase 1: Electronic Transactions, Electronic Signatures and
Authentications, Data Protection and Privacy, Consumer Protectio Authentications, Data Protection and Privacy, Consumer Protectio n andn andComputer CrimeComputer Crime
Phase 2: Intellectual Property Rights, Domain Names, Taxation anPhase 2: Intellectual Property Rights, Domain Names, Taxation an
dd
Freedom of InformationFreedom of Information
several regional meetings held, legal framework expected toseveral regional meetings held, legal framework expected tobe adopted by relevant organs of EAC and Partner Statesbe adopted by relevant organs of EAC and Partner Statesexpected to enact the cyber laws by 2010expected to enact the cyber laws by 2010
-
8/12/2019 Mwesigwa Uganda Case Study June 09
14/20
Source: Report of 2nd EAC TaskSource: Report of 2nd EAC TaskForce MeetingForce Meeting
Status of cyber laws in E AfricaStatus of cyber laws in E AfricaElectroniElectroniccSignatureSignature
ConsumerConsumerProtectionProtection
PrivacyPrivacy CyberCyberCrimeCrime
OnlineOnlineContentContentRegulatiRegulationon
DigitalDigitalCopyrigCopyrightht(WIPO(WIPO
Treaty,Treaty,1996)1996)
ElectrElectroniconicContraContractingcting
OnlineOnlineDisputeDisputeResolutioResolutionn
BurundiBurundi NoneNone NoneNone NoneNone NoneNone NoneNone NoNo NoneNone NoneNone
KenyaKenya DraftDraft DraftDraft DraftDraft DraftDraft NoneNone SignatSignatoryory
DraftDraft NoneNone
RwandaRwanda DraftDraft DraftDraft DraftDraft DraftDraft NoneNone NoNo DraftDraft NoneNone
TTaa
nzaninzaniaa NoneNone NoneNone NoneNone NoneNone NoneNone NoNo NoneNone
UgandaUganda DraftDraft DraftDraft NoneNone DraftDraft NoneNone NoNo DraftDraft NoneNone
-
8/12/2019 Mwesigwa Uganda Case Study June 09
15/20
-
8/12/2019 Mwesigwa Uganda Case Study June 09
16/20
National Information SecurityNational Information SecurityWorking GroupWorking Group
Uganda is in process of establishment of InformationUganda is in process of establishment of InformationSecurity Working Group under Ministry of ICT with theSecurity Working Group under Ministry of ICT with thefollowing keyfollowing key ToRsToRs among others:among others:
Developing guidelines for Computer SecurityDeveloping guidelines for Computer SecurityEmergency Response TeamsEmergency Response TeamsCoordinating Computer security incident responseCoordinating Computer security incident response
Collaboration with national, regional and internationalCollaboration with national, regional and internationalpartners in information securitypartners in information securityConducting regular seminars, conferences, andConducting regular seminars, conferences, and
workshops for local and central governmentworkshops for local and central government
-
8/12/2019 Mwesigwa Uganda Case Study June 09
17/20
Composition of Working GroupMinistry of ICTMinistry of Finance, Planning & Econ. Development
Ministry of Internal AffairsMinistry of Foreign AffairsExternal Security OrganisationInternal Security OrganisationUganda PoliceDirectorate of Public ProsecutionJudiciaryUganda Communications Commission
Makerere University
-
8/12/2019 Mwesigwa Uganda Case Study June 09
18/20
Proposed East AfricanProposed East African CERTsCERTs At the recent EARPTO Congress the 5 E A countries At the recent EARPTO Congress the 5 E A countries
agreed to set up Nationalagreed to set up National CERTsCERTs whose mandatewhose mandateincludes:includes:
Monitoring cybersecurity incidents and respondMonitoring cybersecurity incidents and respond
appropriatelyappropriatelyGiving recommendations, advice and guidelines forGiving recommendations, advice and guidelines forimprovement of cybersecurityimprovement of cybersecurity
Dissemination information on management ofDissemination information on management ofcybersecurity incidentscybersecurity incidentsCollaboration with service providers, security andCollaboration with service providers, security andinternational organisations on cybersecurity mattersinternational organisations on cybersecurity matters
-
8/12/2019 Mwesigwa Uganda Case Study June 09
19/20
Concluding remarksConcluding remarks
Need to sensitize policy makers, networkNeed to sensitize policy makers, networkoperators and individuals on the mattersoperators and individuals on the mattersrelated to cyber security and in particularrelated to cyber security and in particular
encourage all countries to put in place robustencourage all countries to put in place robustlegal frameworks to combat cyber securitylegal frameworks to combat cyber securitythreats.threats.
Because of the borderless nature ofBecause of the borderless nature ofcyberspace, international cooperation is crucialcyberspace, international cooperation is crucial
in ensuring a safe online environment.in ensuring a safe online environment.
-
8/12/2019 Mwesigwa Uganda Case Study June 09
20/20
Thank you for your attention!Thank you for your attention!
EE--mail:mail: [email protected]@ucc.co.ug