ITU WSIS THEMATIC MEETING ON CYBERSECURITY, GENEVA, SWITZERLAND, 28 JUNE -1 JULY PAPER ON THE STATE OF CYBERSECURITY IN UGANDA.

Similar documents
Promoting Global Cybersecurity

Developing a Legal Foundation and Establishing Effective Enforcement: Case Study Kenya

Garry Mukelabai Communications Authority Zambia

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

RESOLUTION 45 (Rev. Hyderabad, 2010)

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

RESOLUTION 130 (Rev. Antalya, 2006)

ICT REGULATION AND SOCIAL MEDIA REGIONAL SG3RG-AFR. Makhtar FALL RME /IEE / BDT. Cotonou, Bénin, 8 9 May International Telecommunication Union

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

REPUBLIC OF KENYA MINISTRY OF INFORMATION, COMMUNICATIONS AND TECHNOLOGY

A Review Paper on Network Security Attacks and Defences

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Global Cybersecurity Agenda

International gateway liberalization

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Cybersecurity & Digital Privacy in the Energy sector

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Indonesia Cyber Security Market

Commonwealth Cyber Declaration

Japan s Measures against Spam

European Union Agency for Network and Information Security

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Emerging Technologies The risks they pose to your organisations

Caribbean Cyber Security: Not Only Government s Responsibility

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Here s a look at some of the latest technology trends and key offerings from providers.

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Cybersecurity for ALL

POSTAL AND TELECOMMUNICATIONS REGULATORY AUTHORITY OF ZIMBABWE (POTRAZ)

Program 1. THE USE OF CYBER ACTIVE DEFENSE BY THE PRIVATE SECTOR

Liberia ICT Policy

Related to the Internet

Global cybersecurity and international standards

A framework for community safety and resilience

ICT AS A DEVELOPMENT TOOL, BENEFITS, OPPORTUNITIES AND CHALLENGES TO DEVELOPING COUNTRIES: KENYA S EXPERIENCE

Assessment of the progress made in the implementation of and follow-up to the outcomes of the World Summit on the Information Society

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

COUNTERING COUNTERING SPAM IN A DIGITAL WORLD

RESOLUTION 130 (REV. BUSAN, 2014)

What do you see as GSMA s

CYBERSECURITY INITIATIVES IN VANUATU

Security Gap Analysis: Aggregrated Results

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Draft Resolution for Committee Consideration and Recommendation

Cybersecurity & Spam after WSIS: How MAAWG can help

Smart Sustainable Cities

Kaspersky Open Space Security

Package of initiatives on Cybersecurity

ENISA EU Threat Landscape

Securing Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Building digital societies in Asia: mobile government and m-services

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Joint Declaration by G7 ICT Ministers

UNITED STATES OF AMERICA COMMENTS ON THE REPORT OF THE WGIG

RESOLUTION 67 (Rev. Buenos Aires, 2017)

Valérie Andrianavaly European Commission DG INFSO-A3

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Cyber Security in Smart Commercial Buildings 2017 to 2021

Syed Ismail Shah, PhD Chairman, PTA,

HKISPA Response to the Consultation Paper on the Proposals to Contain the Problem of Unsolicited Electronic Messages.

Ms. Izumi Nakamitsu High Representative for Disarmament Affairs United Nations

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Mobile Connect Driving Global Economic Growth Through Secure Mobile Identity

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

INTERNATIONAL TELECOMMUNICATION UNION

Implementing Executive Order and Presidential Policy Directive 21

Presented by: Njei Check Head, Audit Security Division, ANTIC

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

THE UNITED NATIONS COMMISSION ON SCIENCE AND TECHNOLOGY FOR DEVELOPMENT 14 TH SESSION May 2011 Geneva. Contribution by ITU

Disaster Recovery Is A Business Strategy

ISO/IEC INTERNATIONAL STANDARD

Angela McKay Director, Government Security Policy and Strategy Microsoft

Cybersecurity, safety and resilience - Airline perspective

Countering Spam. ITU-T Study Group 17 Geneva, Switzerland 11 October 2005

Building a case for interconnection and peering in Africa

APNIC input to the Vietnam Ministry of Information and Communications ICT Journal on IPv6

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

ICT Policy Perspective for APEC. Ministry of Internal Affairs and Communications March 2015

Information technology Security techniques Information security controls for the energy utility industry

Kestävän kehityksen etiikka tietoliikennealan näkökulmasta Pekka Isosomppi Director, Social Regulation Nokia

Cybersecurity in Higher Ed

POSTAL AND TELECOMMUNICATIONS REGULATORY AUTHORITY OF ZIMBABWE (POTRAZ)

Broadband Internet Access Disclosure

Managing Information and Technology: Finding New Ways to Learn and Link

World Telecommunication Development Conference (WTDC- 14) Dubai, 30 March 10 April 2014

WSIS Forum 2012-Identifying Emerging Trends and a Vision beyond 2015!

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

POSTAL AND TELECOMMUNICATIONS REGULATORY AUTHORITY OF ZIMBABWE (POTRAZ)

IPv6 Migration Framework Case of Institutions in Ethiopia

Transcription:

ITU WSIS THEMATIC MEETING ON CYBERSECURITY, GENEVA, SWITZERLAND, 28 JUNE -1 JULY 2005. PAPER ON THE STATE OF CYBERSECURITY IN UGANDA. BY : UGANDA COMMUNICATIONS COMMISSION 1.0: Background Uganda, like many countries, has embraced ICT use in its entire social, economic and political structures. Uganda with a population of about 26 millions people, has an average real rate of GDP growth has been 6.9 per annum since 1990. The current teledensity of 4.2%, combining both mobile and fixed, is still low, but steadily growing internet utilization. This can be seen in the figure below. The above facts to one important fact that ICTs in Uganda are increasing in importance and uptake is also increasing, therefore issues of ICT security are important. This increased use of computers among organizations has seen many finally connect up to the Internet even if for only email services. The growth in bandwidth as shown in figure 2, and the growth in the number of domain names registered under the.ug Top Level Domain in figure 3 give a fair representation of this increased use of the Internet. Many companies have 1

opted to register using generic top level domain names like.com and.net and are therefore not included in the numbers shown in figure 3. Figure 2: Growth of bandwidth International Internet Bandwidth Growth in Uganda 60 50 Bandwidth (Mbps) 40 30 20 10 0 1998 1999 Feb-00 Feb-01 Sep-01 Jul-02 Feb-03 Jan-05 Up link 0.256 0.64 1.2 4.088 4.38 6.128 10.608 26.056 Dow n link 0.384 0.768 1.7 5.216 7.768 9.5 24.068 60.528 Period of observation Figure 3: Growth of number of Domain names. Cumulative number of.ug domain names Number of active domain names 1800 1600 1400 1200 1000 800 600 400 200 0 1998 1999 2000 2001 2002 2003 Year 2

This trend among organizations has provided a number of people the opportunity to obtain access to the Internet which at their work places and slowly discover the vast potential of the Internet as an information resource. Unfortunately the growth of the knowledge of the potential internet has not developed with the awareness of the potential dangers of related to cyber attacks. Many Ugandans remain unaware of cyber attacks. Uganda has already adopted a National ICT framework, whose major aim is it to ensure that ICTs play their rightful role in the development of the country. This coupled with Uganda s new policy, which is due for adoption by cabinet, has put in place several objectives which are specifically geared towards increasing both penetration and utilization of both traditional voice services and data and internet services. With this anticipated growth in ICTs, security of both the infrastructure and databases is vital. 2. Status of Cyber Security in Uganda. Up until now, the owners of the available communications networks and databases, are solely responsible for their, both cyber and physical security. There has not been a centralized system to ensure an overall country security. Big organizations owning communications and data networks have their own individual policies covering a range of security related issues. Individuals who have internet access are heavily reliant on the Internet Service Providers to provide them with some level of security. More sophisticated users have additional security through use of anti viruses, passwords and firewalls. Majority of internet users access internet through organization networks, and are hence are as protected as the organization are protected. Otherwise majority of the public access internet through public cafes in which case they are as protected as the Internet Service Providers serving them and as the cafes are protected. In the recent past Uganda as a country has not experienced large scale service interruptions or loss of data, due to cyber attacks. Most of the related attacks have been on data bases and computer networks and have been experienced by organizations and individuals, but not at a country level. 3

There have been few reported cases of attacks on communications networks, although virus attacks are increasingly being reports on mobile phones. In the recent past, most of the problems have been Indirect attacks, not aimed at any particular organization or individual, through viruses which have been transferred from one computer to another through sharing of diskettes. This is somewhat lessening as users have become aware of the dangers of sharing diskettes, and the increasing use of memory sticks rather than diskettes. The other possible reason for reduction in this kind of spread is the increasing networking of computers which means sharing files is done via the intra-network. The emerging cyber problems are through downloading of files from corrupted sources. This is exponentially increasing as more and more people are downloading a lot of information from the internet. Direct attacks, (aimed at organization or individuals), of networks and databases have not yet been rampant. There have been few software break-in reported, mainly in the banking sector. 3. Existing methods of protections Organizations which feel vulnerable have formulated organization ICT policies, which among things address security concerns. Such organizations make use of firewalls, virus guards etc to protect their networks and databases. Such organizations include; Academic institutions Banks Non-governmental Organization High Commissions and Embassies. Public organizations Internet Service Providers Telecommunication Service Providers There is however a limited number of organizations protecting themselves to this level, this is mainly because of the costs involved. Most of the software protection available involves regular renewal of licenses and subscriptions, and these costs are considered by many. The second reason is that most organizations do not have first hand experience of cyber problems and have little idea of the implications. Most of those who are taking great care have been hit and they know the implications. 4

The third reason is the lack of awareness of the seriousness of the problems related to cyber attacks. Individual users stay at the level of using virus guards, and in most cases once the subscription is over, it is not renewed, they just move to another free trail virus guard. This is mainly because of cost implications of keeping up subscriptions to virus protection vendors. 4. The need. Indeed use of internet, databases and networking of computers is growing. Already; Banks have set up operations which really need a lot of security. Organizations are now installing information systems which are interactive with external users Academic institutions are putting a lot of their services and products on the network, to be accessed externally Almost all government entities are going e-government. There is therefore a need for concerted efforts in addressing cyber security, from within and without. This will not replace the need for each individual person or organization to implement their own personal security, but will look at the broader issues which concern a network of networks in the country. 5. The challenges. There are several challenges facing the development of a concerted national cyber security program. These include; i) Lack of awareness Many individuals and organizations simply have no awareness of the problems of cyber attacks. Such individuals or organizations have ended up not putting in enough efforts in protecting themselves 5

or protecting others. They have no policy or guidelines in place and they pay little or no attention to such issues. This category of users forms a very big entry point of problems of viruses and their networks being used by other networks to launch malicious attacks. ii) Cost of Protection The cost of protection is still considered high mainly because it is really high in terms of the regular costs of buying or subscribing to protection agents. The cost is still high because some do not know the costs involved in case of an attack. Many simply give up and other resort to substandard products, when they feel that the cost of protection is high for them.. iii) Lack of Coordination As the networks and databases increase both in size and importance, there is going to be need for coordination for; Sharing information and experience Early warning Back up and recovery support. Many countries have such coordination bodies, which usually comprise of government and private sector working together. iv) Human Resource The amount of skilled labor in both computer networking and various Internet applications is increasing although it is not yet reached the necessary levels to address issues related to cyber attacks. More relevant training is needed to address this inadequacy. v) Lack of necessary laws Experience elsewhere has shown that the starting point of protection through enacting appropriate laws which declare what is legal and illegal through laws. In Uganda many of the laws in place today were drawn up before ICTs, more specifically the Internet, became significantly popular and as such did not properly address the problems being 6

encountered today, such as cyber attacks. Fortunately the Uganda Law Reform Commission, in collaboration with other stakeholders, is rigorously addressing these issues. Some of the bills in the offing, which are contributing towards addressing the challenge of cyber attacks include; E-transactions Bill, The Computer Misuse Bill, Electronic Signature Bill. Information Bill These cover computer misuse, facilitation of electronic transactions, consumer protection, and limitation of service providers liability, privacy protection, intellectual property rights and security. 6. Current Efforts. The main activity towards cyber security issues is the formulation of the relevant laws, which will result in the setting up of the necessary authorities to address such issues. Unfortunately cyber threats will not wait for one to be prepared to strike, so it is important to start moving, within the existing legal boundaries. The Uganda Communications Commission, as a big stakeholder, with security concern of public communication networks, is taking some steps in addressing the challenges of cyber security. UCC: Requires, through licenses issued, service providers to set up adequate protection of their networks. There is provision to review these regularly, to determine their suitability. Cyber threats are considered to be among the threats operators need to protect themselves against. Has joined both Kenya and Tanzania, as members of EARPTO, to among other things, raise awareness of the importance of the issues of security at regional levels. This is aimed at setting up a voluntary coordination body to deal with early warning and sharing of information. This, for the moment will only cover telecommunication networks but it is hoped that other bodies can join in. 7

Is raising awareness of telecommunication subscribers through its consumer awareness programs about issues of cyber attacks. 7 Conclusions. Uganda like many developing countries, has embraced ICTs as an important tool of development, though at still relatively slow pace, take up of ICTs is growing. Unfortunately lack of awareness of security issues related with ICTs still remains rampant among most users in Uganda. If not attended to, cyber security may turn out to be a hindrance to utilizing this important tool of development. Two key issues can be pointed out here; The lack of awareness, which must be addressed as soon as possible, and The cost of security, which is going higher with time. Uganda is of the view that both WSIS and ITU have a role to play in making cyber space secure enough to be trusted. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback