Cyber security Country Experience: Establishment of Information Security Projects.

Transcription

1 Cyber security Country Experience: Establishment of Information Security Projects. Mr. Vincent Museminali Internet and New media regulations Rwanda Utilities Regulatory Authority (RURA)

2 Outline Introduction Challenges Mission & Vision Current status Status of Information Security Projects NICI Plan III Establishment PKI- Role of Root CA CSIRT Expected Results CSIRT Services Cyber security Legal Framework Regional & International cooperation on Cyber Security Recommendations

3 Introduction Rwanda is convinced that to secure the cyberspace, Rwanda requires regional and international collaboration given the trend of global interconnection of ICT s. To secure Rwanda cyberspace, there is an urgent need to develop, adopt, implement and monitor cyber security protocols, standards both technical and operational including software and hardware. In summary, the goal of the cyber security regulatory framework is to ensure that the Rwanda cyberspace within an environment of open and robust competitive ICT industry is secured

4 Grooming Piracy estalking Viruses Worms Spam DoS Trade Secrets efraud Hacking evandalism Skimming Cyber Terrorism Cyber Crime Scams Spoofing Harassment DDos Trojan Horses Child Safety Pornography malware Spyware Identity Theft

5 Mission & Vision Rwanda has a mission of establishing a Government s most trusted coordination Centre(s) for cyber security that will be responsible for implementation of proactive measures to reduce the risks of ICT security incidents. The vision is to have a 24/7 One Stop Center for all cyber security technical support that will be limiting damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures on Government s systems/infrastructure.

6 Cont d Promoting a National Culture of Cyber security and Creating awareness aimed at protecting organizations from cyber security attacks. Establishing National Government Private Sector Collaboration; this involves bringing key stakeholders and partners from governments, private sector companies and academia together to provide their expertise, and to effectively address cyber-threats. 6

7 Cont d Deterring Cybercrime; Enact and enforce a comprehensive set of security guidelines relating to cyber security and ensure Critical Information Infrastructure Protection. Based on ITU Recommendations adopt the security standards. Mobilize National, Regional and International investors to invest in certification service provision and facilitate the use of digital signatures. 7

8 Cont d Assess and periodically reassess the current state of cyber security efforts and develop program priorities. Building International Law Enforcement Cooperation and Collaboration with other regional and international Agencies Worldwide to enable Rwanda tackle the menace of Cybercrime and, Initiating National Incident Management Capabilities; CERT. Identify risks and vulnerabilities to children in cyberspace and Create the awareness; September 25,

9 Current Status National Cybersecurity Policy approved Establishment of a National Cybersecurity Agency RW-CSIRT has been established and fully operational PKI- RootCA fully established Regulations governing CSPs; Awaits approval of the regulatory board

10 Status of Information Security Projects NICI III CyberSecurity Projects Initiatives towards Implementation 1. Computer Emergency and Security Incident Response Team (CSIRT) 2. Establish Public Key Infrastructure (PKI) 3. Security Operation Centre (SOC) 4. Establish an Information Infrastructure Security System 5. Cyber Security Capacity Building 6. Establish National Cyber Security Research Centre (NSRC) 1. The Government of Rwanda established a strategic partnership with the Government of South Korea through Korea Internet and Security Agency (KISA) to protect ICT infrastructure and share information related to cyber security incidents. 2. IT security team has been established 3. Training of the IT Professionals to run the projects has been conducted 4. Now in the phase of Construction of security Centres 10

11 NICI Plan III 2015 E-GOVERNANCE 11

12 Establishment of PKI- Role of Root CA Root CA System Technical Specificat ion Issue & Manage CA Certifcate Develop & Standardize Research Legal & Policy Issue Accredite d CA Audit Root CA (RURA) Promote & P.R. Support Internation al Cooperatio n Environmen t of Usage of Electronic Signature

13 CSIRT Expected Results Provide a trusted focal point for reporting incidents. Assist the Country s constituency and general computing community in preventing and handling computer security incidents. Limit incident damages and lower the cost of recovery. Share information and lesson learned with CSIRT from other countries and other response teams from other organization. Provide security best practices & guidance. Provide cyber security awareness, education & trainings. 13

14 14 CSIRT SERVICES Reactive Services Proactive Services Security Quality Management Services Alerts and Warnings Announcements Risk Analysis Incident Handling: Incident analysis Incident response on site Incident response support Incident response coordination Vulnerability Handling: Vulnerability analysis Vulnerability response Vulnerability response coordination Artifact Handling: Artifact analysis Artifact response Artifact response coordination Technology Watch Security Audits or Assessments Configuration and Maintenance of Security Tools, Applications, and Infrastructures Development of Security Tools Intrusion Detection Services Security-Related Information Dissemination Business Continuity and Disaster Recovery Planning Security Consulting Awareness Building Education/Training Product Evaluation or Certification

15 Cyber security Legal Framework Key stakeholders Legal and Regulatory Framework MYICT RURA: Rwanda Utilities Regulatory Authority RDB-IT SERVICE PROVIDERS: Licensed Telecom Operators and ISP s Civil society: IGF, ISOC- Rwanda, Consumer s associations 1. Telecommunications Law of Interception Law 3. E-Messages, E-Signatures and E-Transactions Law of 05/ Draft Regulations Governing CSPs 5. ICT bill (Electronic Communications, Information Society/ Cyber security, Broadcasting and Postal Services, Currently under the Parliament) 6. Cybersecurity Policy approved

16 International and regional cooperation on Cyber Security Rwanda has a strong partnership with Korea Internet and Security Agency (KISA) Some Member countries are partnering with ITU IMPACT Active member of ITU (Study Group 17) East Africa Community Legal framework for Cyber Laws EACO Cybersecurity Working Group 5 AU Convention on Cybersecurity and Pesonal Data protection adopted on 27 th June 2014 East African Community Electronic Transaction Bill,2014 Data protection laws are under development in most East Africa Members countries Members countries are looking for mechanisms that will help the National Root Certification Authorities to interoperate. Regional ITU Cyberdrill training 16

17 Recommendations Member States to establish adequate policy and legal frameworks to deal with Cybersecurity and personal data protection. Member States to promote information sharing/awareness on cybersecurity. Member States to establish mechanisms for Regional and International cooperation on cybersecurity. Member States to put in place mechanism for cooperation amongst national institutions dealing with cybersecurity. Member countries to develop the COP legislations and guidelines 17

18 THANK YOU