overview of kenya ’ s cybersecurity framework
DESCRIPTION
ITU Workshop on “ ICT Security Standardization for Developing Countries ” (Geneva, Switzerland, 15-16 September 2014). Overview of Kenya ’ s Cybersecurity Framework. Michael K. Katundu Director, Information Technology Communications Authority of Kenya (CA) [email protected]. - PowerPoint PPT PresentationTRANSCRIPT
Geneva, Switzerland, 15-16 September 2014
Overview of Kenya’s Cybersecurity Framework
Michael K. KatunduDirector, Information Technology
Communications Authority of Kenya (CA)[email protected]
ITU Workshop on “ICT Security Standardizationfor Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
The Nature of the InternetThe Nature of the Internet
Anonymity on the Internet drives the tendency towards abuse.
“On the Internet, nobody knows who really is on the other end”
The Nature of the Internet …The Nature of the Internet …
The Nature of the Internet …The Nature of the Internet …
Uses of the InternetUses of the Internet
Uses of the Internet …Uses of the Internet …
Uses of the Internet …Uses of the Internet …
What is Cybersecurity?What is Cybersecurity?
Cybersecurity is also referred to as Information Technology (IT) Security.
The protection of computers, networks, programs and data from unintended or unauthorized access, change or destruction.
Why is Cybersecurity a global Why is Cybersecurity a global concern?concern?
Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.
Examples of Cyber attacksExamples of Cyber attacks
Hate messages: Propagated through the Internet, Computers, Mobile phones, tabletsCommon in Kenya especially during the electioneering period
Examples of Cyber attacks …Examples of Cyber attacks …
Distributed Denial of Service (DDOS)
Examples of Cyber attacks …Examples of Cyber attacks …
Phishing scams: Kenyan banks have been targeted.
Examples of Cyber attacks ...Examples of Cyber attacks ...Website Defacement:
103 GoK Websites defaced in 20133 Government Websites defaced in 2014Government Twitter accounts hacked in 2014
Examples of Cyber attacks …Examples of Cyber attacks …
Espionage: Stealing a country’s/company secrets.
Examples of Cyber attacks …Examples of Cyber attacks …
SPAM email: This is a global problem.
Why Cybersecurity Agenda in Kenya?Why Cybersecurity Agenda in Kenya?
WSIS: Governments have a role to Promote Confidence and Trust in the use of ICTs. The landing of four undersea fiber optic cables (TEAMs and SEACOM in 2009, EASSy in 2010 and Lion-2 in 2012) brought an additional capacity to the country, resulting in faster Internet connectivity rates and growth in Internet usage. The country is increasingly becoming dependent on computer networks and information infrastructure, and that dependency is growing.
Why Cybersecurity Agenda in Kenya? Why Cybersecurity Agenda in Kenya? ……
In Kenya there are:31.3 M mobile subscribers in (77% penetration). 26M mobile money subscribers (65% penetration).21M Internet users (53.3% penetration).
Internet Social Networking tools such as blogs, Facebook and Twitter, amongst others, have gained popularity throughout the country. Kenya Cybersecurity Report 2014 by TESPOK and SERIANU: In 2013 the rate of increase of Cybersecurity attacks is 108% (2.6M to 5.4M attacks).The Boderless nature of the Internet.
Kenya’s Policy and Legal framework Kenya’s Policy and Legal framework in Cybersecurityin Cybersecurity
The Kenya Computer Incident The Kenya Computer Incident Response Team – Coordination Centre Response Team – Coordination Centre
(National KE-CIRT/CC)(National KE-CIRT/CC)
A technical means of management of Cyber attacks.Implemented by the Communications Authority of Kenya in Oct. 2012.ITU/IMPACT, under the GCA, provided technical support.Has speeded up resolution of cyber attacks. Consulting with the ITU to upgrade the operations of the National KE-CIRT/CC.
Functions of the National KE-CIRT/CCFunctions of the National KE-CIRT/CC
National KE-CIRT/CC CollaborationNational KE-CIRT/CC Collaboration
How to report Cyber attacks in How to report Cyber attacks in KenyaKenya
CA Website: http://www.ca.go.ke (Information Security);
National KE-CIRT/CC website: http://www.ke-cirt.go.ke;Email: [email protected]; orTelephone, a letter or by visiting CA.
The National The National Public Key Infrastructure (NPKIPublic Key Infrastructure (NPKI))
Coordinated by the Communications Authority of Kenya (CA) in collaboration with the Kenya’s Ministry of ICT.National KE-CIRT/CC project.To ensure Confidentiality, Integrity and non-repudiation and operate under the Kenyan law.
The National The National Public Key Infrastructure (NPKIPublic Key Infrastructure (NPKI) …) …
Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Internet IDs).
Conclusions and Recommendations
Put in place relevant Policies, Laws and Regulatory frameworks. Implement a National CIRT to be the country’s Trusted Point of Contact.Encourage implementation of sector CIRTs to support the National CIRT.
Create awareness and capacity building in Cybersecurity.Put in place National, Regional and international collaborations/partnerships for effective management of cyber attacks.Implement National Public Key Infrastructure (NPKI).
Geneva, Switzerland, 15-16 September 2014 25
