mwesigwa uganda case study june 09

8/12/2019 Mwesigwa Uganda Case Study June 09

1/20

CYBER SECURITYCYBER SECURITYLEGISLATION AND POLICYLEGISLATION AND POLICY

INITIATIVESINITIATIVES

--

UGANDAUGANDA

CASECASE

2009 ITU Regional Cybersecurity Forumfor Africa and Arab States

Tunis, 4-5 June 2009

Patrick Mwesigwa, Director/Technology & Licensing, UgandaPatrick Mwesigwa, Director/Technology & Licensing, UgandaCommunications CommissionCommunications Commission


2/20

Outline of presentationOutline of presentationIntroduction on UgandaIntroduction on UgandaCyber laws formulation processCyber laws formulation processOverview of proposed cyber lawsOverview of proposed cyber lawsProgress in harmonisation of Cyber LawsProgress in harmonisation of Cyber Lawsin East Africain East Africa

National and Regional CERT initiativesNational and Regional CERT initiativesChallenges in countering cyber crimeChallenges in countering cyber crime

Concluding remarksConcluding remarks


3/20

Background on UgandaBackground on Uganda -- locationlocation


4/20

Economic indicatorsEconomic indicators

PopulationPopulation 30 million30 million

Surface AreaSurface Area 241,000 sq. km241,000 sq. kmGDP per capitaGDP per capita -- US$ 230US$ 230

Economic Growth (1995Economic Growth (1995 --2008)2008) 6%6%p. ap. a


5/20

Cyber laws formulation processCyber laws formulation processFormulation of cyber laws initiated in 2003Formulation of cyber laws initiated in 2003

Cyber laws drafted by National Task Force comprisingCyber laws drafted by National Task Force comprisingseveral stakeholders led by Uganda Law Reformseveral stakeholders led by Uganda Law ReformCommission that includedCommission that included

Ministries of Justice, Trade and Industry, Water, Lands &Ministries of Justice, Trade and Industry, Water, Lands &Environment, Ministry of FinanceEnvironment, Ministry of FinanceMinistry of Works Housing & Communications, now MinistryMinistry of Works Housing & Communications, now Ministryof ICTof ICTUganda Communications CommissionUganda Communications Commission

Uganda Law Society, National Bureau of StandardsUganda Law Society, National Bureau of StandardsBank of Uganda, Uganda Investment Authority, MakerereBank of Uganda, Uganda Investment Authority, MakerereUniversity, Uganda Insurance Commission etcUniversity, Uganda Insurance Commission etc

Draft went through public consultationDraft went through public consultationBenchmarking with other countries undertakenBenchmarking with other countries undertaken


6/20

Overview of proposed cyber lawsOverview of proposed cyber laws


7/20

Cyber Security legal framework Cyber Security legal framework

Legal framework consists of 3 mainLegal framework consists of 3 mainlaws:laws:

Electronic Transactions Bill, 2003Electronic Transactions Bill, 2003

Computer Misuse Bill, 2003Computer Misuse Bill, 2003Electronic Signatures bill, 2003Electronic Signatures bill, 2003


8/20

The Electronic Transactions BillThe Electronic Transactions BillThe Bill creates a light handed regulatory regimeThe Bill creates a light handed regulatory regime

for electronic transactions.for electronic transactions.It facilitates the development of eIt facilitates the development of e --commerce incommerce in

Uganda by broadly removing existing legalUganda by broadly removing existing legal

impediments that may prevent a person fromimpediments that may prevent a person fromtransacting electronically because of a lacuna intransacting electronically because of a lacuna inthe traditional laws.the traditional laws.

it makes provision for functional equivalence,it makes provision for functional equivalence,thus paper transactions and electronicthus paper transactions and electronictransactions are treated equally before the law.transactions are treated equally before the law.


9/20

Electronic Transactions BillElectronic Transactions Bill contd contd

Establishes rules that validate andEstablishes rules that validate and recognisesrecognisescontracts formed through electronic meanscontracts formed through electronic meansSets default rules for contract formation andSets default rules for contract formation andgovernance of electronic contract performancegovernance of electronic contract performanceDefines the characteristics of a valid electronicDefines the characteristics of a valid electronic

writing and an original documentwriting and an original documentSupports the admission of computer evidenceSupports the admission of computer evidencein courts and arbitration proceedingsin courts and arbitration proceedings


10/20

The Electronic Signatures BillThe Electronic Signatures Bill

The BillThe Bill makes provision for the use ofmakes provision for the use ofelectronic signatures in order to ensure thatelectronic signatures in order to ensure thattransactions are carried out in a securetransactions are carried out in a secure

environment.environment.It establishes a public key infrastructure forIt establishes a public key infrastructure forauthenticity and security of documentsauthenticity and security of documents

RecognisesRecognises the different signature creatingthe different signature creatingtechnologiestechnologiesProvides effective administrative structures e.g.Provides effective administrative structures e.g.

establishment of Certification Authoritiesestablishment of Certification Authorities


11/20

The Computer Misuse BillThe Computer Misuse BillThe Bill takesThe Bill takes cognisancecognisance of the fact that allof the fact that all

computer operations are susceptible tocomputer operations are susceptible tocomputer crimes and our current legal systemcomputer crimes and our current legal systemdoes notdoes not recogniserecognise computer crimes thus thecomputer crimes thus the

importance of a legislation to provide forimportance of a legislation to provide forcomputer crimes.computer crimes.It creates several computer misuse offencesIt creates several computer misuse offences

e.g.e.g. unauthorisedunauthorised modification of computermodification of computermaterialmateriallays down mechanisms for investigation andlays down mechanisms for investigation and

prosecution of the offences.prosecution of the offences.


12/20


13/20

Harmonisation of cyber laws inHarmonisation of cyber laws inEast African RegionEast African Region

Ongoing process to harmonise cyber laws in the 5 E A countriesOngoing process to harmonise cyber laws in the 5 E A countriesunder EACunder EACBeing undertaken by Task Force consisting of 4 members fromBeing undertaken by Task Force consisting of 4 members fromeach countryeach country

Laws to be harmonised in 2 phases;Laws to be harmonised in 2 phases;Phase 1: Electronic Transactions, Electronic Signatures andPhase 1: Electronic Transactions, Electronic Signatures and

Authentications, Data Protection and Privacy, Consumer Protectio Authentications, Data Protection and Privacy, Consumer Protectio n andn andComputer CrimeComputer Crime

Phase 2: Intellectual Property Rights, Domain Names, Taxation anPhase 2: Intellectual Property Rights, Domain Names, Taxation an

dd

Freedom of InformationFreedom of Information

several regional meetings held, legal framework expected toseveral regional meetings held, legal framework expected tobe adopted by relevant organs of EAC and Partner Statesbe adopted by relevant organs of EAC and Partner Statesexpected to enact the cyber laws by 2010expected to enact the cyber laws by 2010


14/20

Source: Report of 2nd EAC TaskSource: Report of 2nd EAC TaskForce MeetingForce Meeting

Status of cyber laws in E AfricaStatus of cyber laws in E AfricaElectroniElectroniccSignatureSignature

ConsumerConsumerProtectionProtection

PrivacyPrivacy CyberCyberCrimeCrime

OnlineOnlineContentContentRegulatiRegulationon

DigitalDigitalCopyrigCopyrightht(WIPO(WIPO

Treaty,Treaty,1996)1996)

ElectrElectroniconicContraContractingcting

OnlineOnlineDisputeDisputeResolutioResolutionn

BurundiBurundi NoneNone NoneNone NoneNone NoneNone NoneNone NoNo NoneNone NoneNone

KenyaKenya DraftDraft DraftDraft DraftDraft DraftDraft NoneNone SignatSignatoryory

DraftDraft NoneNone

RwandaRwanda DraftDraft DraftDraft DraftDraft DraftDraft NoneNone NoNo DraftDraft NoneNone

TTaa

nzaninzaniaa NoneNone NoneNone NoneNone NoneNone NoneNone NoNo NoneNone

UgandaUganda DraftDraft DraftDraft NoneNone DraftDraft NoneNone NoNo DraftDraft NoneNone


15/20


16/20

National Information SecurityNational Information SecurityWorking GroupWorking Group

Uganda is in process of establishment of InformationUganda is in process of establishment of InformationSecurity Working Group under Ministry of ICT with theSecurity Working Group under Ministry of ICT with thefollowing keyfollowing key ToRsToRs among others:among others:

Developing guidelines for Computer SecurityDeveloping guidelines for Computer SecurityEmergency Response TeamsEmergency Response TeamsCoordinating Computer security incident responseCoordinating Computer security incident response

Collaboration with national, regional and internationalCollaboration with national, regional and internationalpartners in information securitypartners in information securityConducting regular seminars, conferences, andConducting regular seminars, conferences, and

workshops for local and central governmentworkshops for local and central government


17/20

Composition of Working GroupMinistry of ICTMinistry of Finance, Planning & Econ. Development

Ministry of Internal AffairsMinistry of Foreign AffairsExternal Security OrganisationInternal Security OrganisationUganda PoliceDirectorate of Public ProsecutionJudiciaryUganda Communications Commission

Makerere University


18/20

Proposed East AfricanProposed East African CERTsCERTs At the recent EARPTO Congress the 5 E A countries At the recent EARPTO Congress the 5 E A countries

agreed to set up Nationalagreed to set up National CERTsCERTs whose mandatewhose mandateincludes:includes:

Monitoring cybersecurity incidents and respondMonitoring cybersecurity incidents and respond

appropriatelyappropriatelyGiving recommendations, advice and guidelines forGiving recommendations, advice and guidelines forimprovement of cybersecurityimprovement of cybersecurity

Dissemination information on management ofDissemination information on management ofcybersecurity incidentscybersecurity incidentsCollaboration with service providers, security andCollaboration with service providers, security andinternational organisations on cybersecurity mattersinternational organisations on cybersecurity matters


19/20

Concluding remarksConcluding remarks

Need to sensitize policy makers, networkNeed to sensitize policy makers, networkoperators and individuals on the mattersoperators and individuals on the mattersrelated to cyber security and in particularrelated to cyber security and in particular

encourage all countries to put in place robustencourage all countries to put in place robustlegal frameworks to combat cyber securitylegal frameworks to combat cyber securitythreats.threats.

Because of the borderless nature ofBecause of the borderless nature ofcyberspace, international cooperation is crucialcyberspace, international cooperation is crucial

in ensuring a safe online environment.in ensuring a safe online environment.


20/20

Thank you for your attention!Thank you for your attention!

EE--mail:mail: [email protected]@ucc.co.ug

mwesigwa uganda case study june 09

Documents