ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013

Transcription

1 ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC

2 CONTENT INTRODUCTION COMESA CYBER SECUIRTY PROGRAMME CYBER SECURITY ECONOMICS WHY PPPs? PPPs ACTORs CHALLENGES OPPORTUNITIES CONCLUSION 2

3 Definition of cyber security INTRODUCTION I. Actions and measures, both technical and non-technical, with the express purpose of protecting computers, networks, software, data and other related digital technologies from all threats II. the degree of protection resulting from the adoption of these activities and measures III. Professional activity of implementing the above mentioned actions and measures, including research, analysis and policy development Cyber security spans all security issues such as national security, economic security and human security Protection and advancement of economic interests in such a way as to ensure a prosperous and secure national economy economic prosperity, access to food, health care, clean environment, personal safety, safety of the community, and political freedom. 3

4 Types of cyber security INTRODUCTION Passive security: relates to processes such as system hardening where the system defence is bolstered in such a way as to resist attack or minimize damage. Active security: involves actually tracking attackers and retaliating in an effort to stop an existing attack or to prevent another. Examples: downloading illegal music files, stealing money from online bank accounts, creating and distributing viruses, posting confidential business information on the Internet, identity theft (phishing pharming ) Hackers n(deceptive Duo, Global Hell, Darkside Hackers, Conflict), Virus Creators, Employees (former, disgruntled ), Financial Institution Insiders 4

5 INTRODUCTION Crimes and Criminals Theft, Fraud, Industrial espionage, Facilitation of prostitution, Forgery, Terrorism, viruses, Hackers n(deceptive Duo, Global Hell, Darkside Hackers, Conflict), Virus Creators, Employees (former, disgruntled ), Financial Institution Insiders 5

6 COMESA CYBER SECUIRTY PROGRAMME The main goal of the policy guidelines is to assist member countries in the development of a safe and secure cyberspace within the COMESA region which will facilitate and promote regional cooperation. Legal issues covered by the cyber law are: Contract validation and legality of electronic transactions. E-signature and e- payment. Consumer protection and cyber security. Intellectual property rights. Data protection and privacy. E-jurisdiction, liability and dispute settlement E- commerce and e-taxation Cyber Crime such as computer crimes, internet crimes, data and devices. 6

7 COMESA CYBER SECUIRTY PROGRAMME Capacity Building: Training for judges and prosecutors, investigators and lawyers. Training for CIRT experts; Training for PKI regulators and experts Raising the awareness of users, Study tour Regional & International Cooperation: The classical criminal co-operation between the countries is not capable of handling this type of crime, this classical cooperation may take months to conduct a procedure in another country or to operate a particular investigation on the territories of different jurisdictions. Mechanisms of co-operation across national borders to solve 7 and prosecute crimes are complex and slow.

8 CYBER SECURITY ECONOMICS cybercrime achieved US$1trillion in revenues which puts cybercrime close to 2% of the global economy credit card fraud estimated at US$37 billion which represents 1.1% of the US$3.34 trillion in credit card transactions in Malicious cyber activity costs the US economy US$100 billion each year which translates to half a million jobs, three times the number of jobs created by the US economy in August the cost for cybercrimes stood at US$8 billion for Brazil, US$3 billion for Mexico, and US$464 million for Colombia in million Brazilians and 6 million Colombians were victims of cybercrime

9 CYBER SECURITY ECONOMICS The different areas of malicious cyber activity that contribute to the overall costs associated with cyber-crime and cyber espionage, include: The loss of intellectual property and business information Cybercrime, which costs hundreds of millions of dollars The loss of sensitive business information, including possible stock market manipulation Opportunity costs, including service and employment disruptions, and reduced trust for online activities The additional cost of securing networks, insurance, and recovery, from cyber attacks Reputational damage to the hacked company Insurance will manage the cyber security risks which will offer several key benefits to society such as incentive to individuals and organizations to take appropriate precautions, and security investment by lowering premiums for less risky actors 9

10 WHY PPPs? An effective public-private partnership for cyber security would provide the abilities to detect threats and dangerous or anomalous. behaviors, to create more secure network environments through better, standardized security programs and protocols and to respond with warnings or technical solutions. An effective partnership has: Inclusion: both public and private parties endeavor to include all pertinent Equality both public and private parties have an equal voice and the ability to participate in all phases of the partnership and its component Trust the partnership provides for institutional and relationship based trust mechanisms to foster collaboration and information exchange; Operational Outcomes the partnership provides for an on going collaboration mechanism that fulfills its strategic and planning 10 objectives as well as its operational cooperation goals;.

11 PPPs ACTORS INTEREST CAPABILITIES LIMITATIONS Deliver services, protect customers. privacy, regulation will not stifle development Ensure CIIP and reliability Integrity and protection of internet transactions Use rs.. Accessibility on demand, protection of data and computers, lack of trust in government Internet availability to provide services Accessibility on demand, secure e-business Have technical knowledge, block down stream attacks, enforce standards Enforcement of regulation Provide a platform for international action, More incentive to encourage greater PS participation Collect and distribute information on attacks Networks and data Apply security measures Not ready for info-sharing due to privacy and customers protection, unwilling to incur high cost Difficulty in coordination Have fractured and diffuse authority, Conflicts with privacy Low awareness of cyber security risks with no measures of protection Poor capacity for new technology, Lack of coordination Lack of info-sharing for 11 privacy reasons

12 CHALLANGES non existence of central information security body to educate the layman around Internet security and other cyber security issues; Availability, reliability and affordability of users protection ; Freeware downloads offer no guarantees on functionality and do not provide support; and Lack of regional framework for cooperation, protection and tracking Rapid advances in deployment of new technologies (NGN standards, LTE etc.) Mapping legal and regulatory instruments with existing and new technologies There may be conflicts in partnership between both sectors preventing its success, including factors related to bureaucracy, 12 regulations, data privacy and leakage of classified information

13 OPPORTUNITIES Confidence and security in the use of ICTs by Government, business, society and the individual; Identification and protection of critical infrastructure; A safe and secure cyberspace will attract investment; Secure environment for electronic communication and conducting electronic transactions will increase economic growth and competitiveness of the countries; Reduction of cyber crime impact on the economy Public-private partnerships can enhance hiring, resource utilization, specialization, building trust, improving efficiency and effectiveness, ensure transfer of technological innovation and contribute substantially to public protection. 13

14 CONCLUSION Enhancement of trust and confidence with cyber Security stakeholders especially with private sector will pave the way for the digital economy development and growth Improve cyber security not only to save money but to make money 14

15 Internet Site: 15