1 / 26

Overview of Kenya ’ s Cybersecurity Framework

ITU Workshop on “ ICT Security Standardization for Developing Countries ” (Geneva, Switzerland, 15-16 September 2014). Overview of Kenya ’ s Cybersecurity Framework. Michael K. Katundu Director, Information Technology Communications Authority of Kenya (CA) katundu@ca.go.ke.

xena
Download Presentation

Overview of Kenya ’ s Cybersecurity Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications Authority of Kenya (CA) katundu@ca.go.ke

  2. The Nature of the Internet Anonymity on the Internet drives the tendency towards abuse. “On the Internet, nobody knows who really is on the other end”

  3. The Nature of the Internet …

  4. The Nature of the Internet …

  5. Uses of the Internet

  6. Uses of the Internet …

  7. Uses of the Internet …

  8. What is Cybersecurity? • Cybersecurity is also referred to as Information Technology (IT) Security. • The protection of computers, networks, programs and data from unintended or unauthorized access, change or destruction.

  9. Why is Cybersecurity a global concern? • Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. • With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.

  10. Examples of Cyber attacks • Hate messages: Propagated through the Internet, Computers, Mobile phones, tablets • Common in Kenya especially during the electioneering period

  11. Examples of Cyber attacks … • Distributed Denial of Service (DDOS)

  12. Examples of Cyber attacks … • Phishing scams: Kenyan banks have been targeted.

  13. Examples of Cyber attacks ... • Website Defacement: • 103 GoK Websites defaced in 2013 • 3 Government Websites defaced in 2014 • Government Twitter accounts hacked in 2014

  14. Examples of Cyber attacks … • Espionage: Stealing a country’s/company secrets.

  15. Examples of Cyber attacks … • SPAM email: This is a global problem.

  16. Why Cybersecurity Agenda in Kenya? • WSIS: Governments have a role to Promote Confidence and Trust in the use of ICTs. • The landing of four undersea fiber optic cables (TEAMs and SEACOM in 2009, EASSy in 2010 and Lion-2 in 2012) brought an additional capacity to the country, resulting in faster Internet connectivity rates and growth in Internet usage. • The country is increasingly becoming dependent on computer networks and information infrastructure, and that dependency is growing.

  17. Why Cybersecurity Agenda in Kenya? … • In Kenya there are: • 31.3 M mobile subscribers in (77% penetration). • 26M mobile money subscribers (65% penetration). • 21M Internet users (53.3% penetration). • Internet Social Networking tools such as blogs, Facebook and Twitter, amongst others, have gained popularity throughout the country. • Kenya Cybersecurity Report 2014 by TESPOK and SERIANU: In 2013 the rate of increase of Cybersecurity attacks is 108% (2.6M to 5.4M attacks). • The Boderless nature of the Internet.

  18. Kenya’s Policy and Legal framework in Cybersecurity

  19. The Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC) • A technical means of management of Cyber attacks. • Implemented by the Communications Authority of Kenya in Oct. 2012. • ITU/IMPACT, under the GCA, provided technical support. • Has speeded up resolution of cyber attacks. • Consulting with the ITU to upgrade the operations of the National KE-CIRT/CC.

  20. Functions of the National KE-CIRT/CC

  21. National KE-CIRT/CC Collaboration

  22. How to report Cyber attacks in Kenya • CA Website: http://www.ca.go.ke (Information Security); • National KE-CIRT/CC website: http://www.ke-cirt.go.ke; • Email: incidents@ke-cirt.go.ke; or • Telephone, a letter or by visiting CA.

  23. The National Public Key Infrastructure (NPKI) • Coordinated by the Communications Authority of Kenya (CA) in collaboration with the Kenya’s Ministry of ICT. • National KE-CIRT/CC project. • To ensure Confidentiality, Integrity and non-repudiation and operate under the Kenyan law.

  24. The National Public Key Infrastructure (NPKI) … Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Internet IDs).

  25. Conclusions and Recommendations • Put in place relevant Policies, Laws and Regulatory frameworks. • Implement a National CIRT to be the country’s Trusted Point of Contact. • Encourage implementation of sector CIRTs to support the National CIRT. • Create awareness and capacity building in Cybersecurity. • Put in place National, Regional and international collaborations/partnerships for effective management of cyber attacks. • Implement National Public Key Infrastructure (NPKI).

  26. Thank You Email: katundu@ca.go.ke

More Related