Kenya s Experience in CERT Implementation

Similar documents
Kenya s Presentation to CAFRAD Conference of ICT Security and Defence Experts Tangier, Morocco, June 2014

Declaration of Principles of the World Summit. Tunis in 2005 adopted by Heads of States and Governments stated that:

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Cyber security Country Experience: Establishment of Information Security Projects.

Cyber Security ( Lao PDR )

Cyber ITU. By Tomas Lamanauskas, ITU

Cybersecurity in the Commonwealth: Setting the Stage

RWANDA CONTRIBUTION TO CWG-INTERNATIONAL INTERNET RELATED PUBLIC POLICY ISSUES.

SRO-EA s Cyber security Initiatives in Eastern Africa

ITU National Cybersecurity/CIIP Self-Assessment Tool

ITU GLOBAL CYBERSECURITY AGENDA AND CHILD ONLINE PROTECTION. International Telecommunication Union

Developing and Enhancing Cyber Security Capabilities in the Region. Khaled Gamo Technology Advisor Ministry of communication and informatics

INCO for Cyber Security. PTCIF: 21st Feb 2014

National Cyber Security Strategy of Afghanistan (NCSA)

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Business-Facilitati on Steering Group APEC CYBERSECURITY STRATEGY

Capacity Building to Strengthen Cybersecurity: Thailand Update

National Cyber Security Policy -2013

The global challenge

Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Cyber security Indian perspective & Collaboration With EU

REGULATING DEVELOPMENT

NGN Migration Strategies and Access Modernization. 26 May 2011 Dhaka

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

Cybersecurity for ALL

(BDT) BDT/POL/CYB/Circular

ITU. Carla Licciardello Policy Analyst Carla.licciardello@itu.int.

ITU Global Cybersecurity Agenda (GCA)

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

Cybersecurity Governance

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

REPUBLIC OF GHANA MINISTRY OF COMMUNICATIONS. Ghana National Cyber Security Policy & Strategy

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union

REPUBLIC OF GHANA MINISTRY OF COMMUNICATIONS. Ghana National Cyber Security Policy & Strategy

Harmonizing cyberlaws and regulations: the experience of the East African Community CTO Cybersecurity Forum April 2013 Yaoundé, Cameroon

Regional Seminar on Cyber Preparedness ITU s work in Cybersecurity and Global Cybersecurity Index (GCI)

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

The Geneva Protocol on Cybersecurity and Cybercrime

Open Source Incident Management Tool for CSIRTs

International Training Program 2011 ITU Global Cybersecurity Agenda

INFORMATION SECURITY AWARENESS & TRAINING PROGRAM

Cybersecurity: Taking Stock and Looking Ahead

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED March 2015

CYBER SECURITY. Marcin Olender Head of Unit Information Society Department

National Cyber Security Policy (Draft) March 2015

Cybersecurity Initiatives

CYSPA - EC projects supporting NIS

Making our Cyber Space Safe

2 Gabi Siboni, 1 Senior Research Fellow and Director,

TELECOMMUNICATIONS SERVICE PROVIDERS ASSOCIATION OF KENYA

Pacific Islands Telecommunications Association

Critical Information Infrastructure Protection A perspective & Reality from the Commonwealth

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS

Policies and Practices on Network Security of MIIT

Promoting a cyber security culture and demand compliance with minimum security standards;

Overview of ITU Cybersecurity Activities

Council 2014 Geneva, 6-15 May 2014

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

New challenges in Data privacy.

ITU Regional Cybersecurity Forum 2008 Lusaka, Zambia

Lith Networking and Network Marketing Safety

1. This report outlines the Force s current position in relation to the Policing of Cyber Crime.

Romanian National Computer Security Incident Response Team CERT-RO.

How To Discuss Cybersecurity In European Parliament

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

Global Cybersecurity Center for Development. Korea Internet & Security Agency Ministry of Science, ICT and Future Planning

How To Write An Article On The European Cyberspace Policy And Security Strategy

COMMUNIQUE. AFRICAN ICT MINISTERIAL ROUND-TABLE ON 42 nd MEETING OF ICANN. Hotel Méridien Dakar, SENEGAL. 21 Octobre 2011

iwr vw bs ww G-1 AwZwi³ msl v KZ cÿ KZ K cökvwkz g½jevi, gvp 11, 2014

Authenticating and policing the internet for consumer confidence and security

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

How To Be A Successful Member Of The European Agency For Security And Safety

Capacity Building in Cyberspace Security

Cybersecurity Risk Management in the Telecom Sector. MUSTAPHA HUNEYD Corporate Information Security

National Cyber Security Strategy

THE FUTURE OF BROADBAND & IMPACT ON BUSINESS

National Cybersecurity Management System: Framework, Maturity Model and Implementation Guide

Egyptian Best Practices Securing E-Services

Overview TECHIS Carry out risk assessment and management activities

Introduction of the GCCD. (Global Cybersecurity Center for Development)

Cyber Incident Response Management: Breaking Glass. Presented by Darrell Switzer Sr. Director Incident Response Services BAE Systems

Breakout Session B: Cyber Security and Cybercrime Trends in Africa

Cyber Security: Policy of the Internet Infrastructure

Executive Director Centre for Cyber Victim Counselling /

Cybersecurity in Nepal

Cyber Security in EU: ENISA approach

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

CYBER SECURITY IN TANZANIA COUNTRY REPORT

ESKISP Conduct security testing, under supervision

Global Cybersecurity Index Good Practices

Towards closer EU-ASEAN collaboration in cybersecurity

Cyber Security a Global Challenge; What and how Thailand is doing

National Cyber Crime Unit

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Protecting Malaysia in the Connected world

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

INTERNATIONAL TELECOMMUNICATION UNION

Overview TECHIS Carry out security testing activities

Transcription:

Kenya s Experience in CERT Implementation Commonwealth Cybersecurity Forum 2015 22-24 th April 2015, London, UK

Outline Cybersecurity Agenda in Kenya Cybersecurity Governance Framework in Kenya ITU Technical support The National KE-CIRT/CC The National PKI Conclusions and Recommendations

Why Cybersecurity Agenda in Kenya? WSIS: Governments have a role to Promote Confidence and Trust in the use of ICTs as a key driver of economic development The landing of four undersea fiber optic cables (TEAMS/SEACOM/EASSy/Lion-2) brought an additional capacity to the country, resulting in faster Internet connectivity rates and growth in Internet usage. The country is increasingly becoming dependent on computer networks and information infrastructure, and that dependency is growing.

Why Cybersecurity Agenda in Kenya? In Kenya there are: o 33.6 M mobile subscribers in (82.6% penetration). o 26M mobile money subscribers (65% penetration). o 26.1 M Internet users (64.3% penetration). Internet Social Networking tools such as blogs, Facebook and Twitter, amongst others, have gained popularity throughout the country. Kenya Cybersecurity Report 2014 by TESPOK and SERIANU: In 2013 the rate of increase of Cybersecurity attacks is 108% (2.6M to 5.4M attacks). The Borderless nature of the Internet.

Cybersecurity Governance Framework in Kenya Policy and Strategy National ICT Sector Policy of 2006 addresses ELECTRONIC SECURITY. Under review. National Cybersecurity Strategy of 2014. Legislation and Regulations Kenya Information and Communications Act of 1998 (Part VI A on E-transactions) as amended in 2013. Kenya Information and Communications (Electronic Certification and Domain Name Administration) Regulations, 2010. Currently under review. Currently developing regulations on Cybersecurity and E-Commerce. Technical The National KE-CIRT/CC) under the Communications Authority of Kenya (CA). National trusted Point of Contact (POC) for cyber crime management in Kenya. Phased implementation in collaboration with the ITU through the Global Cybersecurity Agenda (GCA).

Why the ITU? Mandated by WSIS Action Line C5 and ITU Plenipotentiary 2006 Has capacity within and through collaboration with IMPACT Has a CIRT Capacity Building Program under GCA: o 64 National CIRT assessments so far in all continents o Supported establishment of 9 National CIRTs with 6 in progress o Conducted 9 cyber drill exercises involving more than 100 countries from all continents o Facilitating the joining of FIRST to expand the trust network of National CIRTs

The National Kenya Computer Incident Response Team - Coordination Centre (National KE-CIRT/CC) Enhancing Internet Security in Kenya

Enhanced Mandate: Review of the KICA 1998 1 To promote and facilitate the efficient management of Critical Internet Resources 2 3 Develop a framework to facilitating the investigation and prosecution of cybercrime offenses To develop regulations with respect to Enhancing Cybersecurity

About the National KE-CIRT/CC A technical means of Cybercrime management. Implemented by the Communications Authority of Kenya in Oct. 2012. ITU/IMPACT, under the GCA, provided technical support. Has speeded up resolution of cybercrime Consulting with the ITU to upgrade the operations of the National KE-CIRT/CC to include proactive services.

Overview of Kenya s National Cybersecurity Framework VISION 2030 ICT Sector Policy Kenya Information & Communications Act of 1998 National Cybersecurity Strategy National Computer Incident Response Team/Co-ordination Centre (National KE-CIRT/CC) National Public Key Infrastructure (NPKI)

Kenya s Cybersecurity Governance National Security Council (NSC) (Chaired by the President) National Security Advisory Committee (NSAC) (Chaired by the Head of Public Service) National Cybersecurity Steering Committee (NCSC) (Chaired by the PS/MoICT) National KE-CIRT/CC (Co-ordinated by CA) Threat Intelligence (Co-ordinated by NIS) E-Government Programmes (Co-ordinated by ICTA)

The National KE-CIRT/CC Establish Collaboration (National, Regional & International) on Cybersecurity Implement National Cybersecurity Policies, Laws & Regulations Cybersecurity Awareness & Capacity Building at the National Level Research & Development (R&D) on Cybersecurity National KE- CIRT/CC Technical Co-ordination & Response to Cybersecurity Incidents Development & Implementation of a National Public Key Infrastructure (NPKI) Early Warning & Technical Advisories

National KE-CIRT/CC Collaboration (Stakeholders) Law Enforcement National, Regional & International CIRTs Directorate of Public Prosecutions (DPP) National KE-CIRT/CC Academia Mobile Telecom Operators & ISPs Financial Institutions

The National KE-CIRT/CC operates as follows: 1.Users report cybersecurity incidents to the National KE-CIRT/CC: http://www.ca.go.ke (Information Security) OR http://www.ke-cirt.go.ke, incidents@ke-cirt.go.ke, Telephone OR a letter OR by visiting our offices; 2.The National KE-CIRT/CC conducts technical analysis; 3.The National KE-CIRT/CC responds to the cybersecurity incidents; 4.Escalation of the cybersecurity incidents of criminal nature to the law enforcement (for investigation and possible prosecution); 5.Providing Network Early Warning information (advisories) to stakeholders and the general public.

The National Public Key Infrastructure (NPKI) Enhancing Internet Security in Kenya

THE NATIONAL PKI The NPKI comprises of two parts: The Root Certification Authority (RCA) A function of the Communications Authority of Kenya (CA) and is used as a regulatory tool in the licensing of Electronic Certification Service Providers (E-CSPs). The RCA accredits (endorses) the E-CSPs so that the digital certificates they issue are recognized by the law at the national level The Government-owned E-CSP ICT Authority (ICTA) will be licensed to operate the government-owned E-CSP to issue digital certificates (virtual identities) to Internet users using government services. This will be the first E-CSP licensee for the Communications Authority of Kenya (CA).

The National Public Key Infrastructure (NPKI) Root Certification Authority (RCA) Technical Standards Development Awareness Creation & Capacity Building Licensing & Accreditation of E-CSPs International Co-operation Government-owned E-CSP Private-owned E-CSPs Issue Digital Certificates Issue Digital Certificates Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Internet IDs).

Conclusions and Recommendations Put in place relevant Policies, Strategy, Laws and Regulatory frameworks. Implement a National CIRT/sector CIRTs. Create awareness and capacity building in Cybersecurity. Put in place National, Regional and international partnership for effective cybercrime management. Implement National Public Key Infrastructure (NPKI).

Thank You!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information