1. www.uneca.org/aisi ECA Regional Perspective on E- Security Cyber security workshop & training 25-28 August 2008 Lusaka, Zambia Dr Sizo D. Mhlanga Regional Advisor ICT Policies & Strategies ISTD/UNECA

2. www.uneca.org/aisi Security Is The Absence Of All Insecurity

3. www.uneca.org/aisi Contents  General  ECA’s response & International Frameworks  Security status in Africa e.g.  ECA programmes

4. www.uneca.org/aisi Cyber Crime in Africa  Limited connectivity, smaller number of users, are factors that currently shield potential African “targets” from most attacks - Africa is still very vulnerable to most major attacks;  Africa is faced with weak underlying technology and inherently vulnerable software;  Uninformed, misguided and malicious users contribute to the problem - lack of awareness & cyber security culture;  Impact of increased capacity with weak or non-existent legal, regulatory & policy environments & insufficient security technology render Africa a lucrative entry point for cyber criminals using it as a hub to coordinate & launch attacks.

5. www.uneca.org/aisi Network Security – Trust & Confidence  IT is becoming more prevalent in Africa & users are more & more depended on these systems - the Internet has created a borderless space for information exchange & the keyword for the deployment of Internet applications, e-gov, e-com, e-trade etc.. is TRUST;  As the Information Society becomes more & more important to business & society, ensuring the security of both the infrastructure & the information traversing through it is critical;  Solutions to combat the security threats already exist but implementation is at times costly & complex & if poorly executed, may cause more problems than they resolve;  This calls for systematic & careful planning - proper policies, laws, regulations & awareness can help mitigate the threat;  Success depends on various key stakeholders & policies must be enacted & enforced by government, industry & individuals.

6. www.uneca.org/aisi

7. www.uneca.org/aisi eGov: a key pillar of eStrategies Security Broadband (wired, wireless), multi-platform (PC, TV, mobile, …) eGovernment e Health eLearning eBusiness

8. www.uneca.org/aisi E-government index The Web Measure Index - 5 stage model (Emerging, Enhanced, Interactive, Transactional & Connected) measuring the country’s online presence/absence; Telecommunication Infrastructure Index - 5 indices relating to a country’s infrastructure capacity i.e.-Internet Users; PCs; Main Tel Lines; Mobile phones; and Broadband availability/100 persons; Human Capital Index - composite index of the adult literacy rate & the combined primary, secondary & tertiary gross enrolment ratio.

9. www.uneca.org/aisi

10. www.uneca.org/aisi

11. www.uneca.org/aisi

12. www.uneca.org/aisi E-Gov readiness - EAC

13. www.uneca.org/aisi Infrastructure index

14. www.uneca.org/aisi ECA’s response - What is AISI?  Launched in 1996 by African Ministers of planning, economic & social development;  A vision for ICT development in Africa;  A cooperation framework for partners to support ICT development in Africa Activities:  Policy development;  Training & capacity building;  Sectoral applications;  Infrastructure development

15. www.uneca.org/aisi E-Strategies Regional Information and Communication Infrastructure (RICI) National Information and Communication Infrastructure (NICI) Sectoral Information and Communication Infrastructure (SICI) Village Information and Communication Infrastructure (VICI) RICI VICI AISI NICI SICI SCAN-ICT Stakeholder Involvement

16. www.uneca.org/aisi Policy process deliverables  Framework: Why? Baseline scenario  The Policy: What? Gov policy commitments on what needs to be done  The Plan: How? Policy commitments translated into concrete programmes The inter-related Entities Framework Policy Plan

17. www.uneca.org/aisi The AISI and security Within the AISI framework, the security aspect is addressed in :  The formulation of National and Regional ICT policies and strategies; and  The design of legal frameworks for the Information Society.

18. www.uneca.org/aisi E-Strategy Status (April 2008)

19. www.uneca.org/aisi International Framework - Resolution adopted by the UN General Assembly [on the report of the Second Committee (A/58/481/Add.2)] 30 Jan 2004 58/199. Creation of a global culture of cyber security and the protection of critical information infrastructures - WSIS Plan of Action C5. Building confidence and security in the use of ICTs - Confidence and security are among the main pillars of the Information Society - Connect Africa goal (Oct 2007) Goal 5. Adopt a national e-strategy, including a cyber security framework and deploy at least one flagship e- government service as well as e-education, e-commerce and e-health services using accessible technologies in each country in Africa by 2012, with the aim of making multiple e-government and other e- services widely available by 2015.

20. www.uneca.org/aisi ECA Survey – status of implementation of WSIS PoA ICT Security IssueAddressed in the country ICT policies and plans Existence of Legislation to enforce this issue Information security and network security issues 58%8% Education and raising awareness on security and use of ICTs 58%17% Prevention, detection and response to cyber- crime and misuse of ICTs 50%0% Effective investigation and prosecution for misuse of ICTs 33%0% Government to actively promote user education and awareness about online privacy and the means of protecting privacy 33%0%

21. www.uneca.org/aisi e-Security in Africa Legal Framework  Countries with laws on electronic signatures: Mauritius, Tunisia, Cape Verde, South Africa, Egypt…..  Countries with Draft laws on electronic signatures: Algeria, Burkina Faso, Cameroon, Morocco, Senegal  EAC - Regional e-Gov framework was approved in Nov 2006 & there is a Regional Taskforce, spearheading the development and implementation of the Regional legal framework for cyber laws.

22. www.uneca.org/aisi PKI Development in Africa  A PKI (public key infrastructure) - enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair  South Africa (Private Sector : Thawte - a certificate authority (CA) for X.509 certificates - an ITU-T standard for a PKI)  Tunisia (ANCE)  Egypt (ITIDA)  Mauritius (ICT authority CCA)  Efforts are underway to create an African PKI Forum

23. www.uneca.org/aisi Info-Security - challenges

24. www.uneca.org/aisi An African Cyber Security Strategy  ECA/Global ePolicy Resource Network (ePol-NET) involved in the development of a cyber security framework for Burkina Faso, Ghana, Kenya and Mozambique – a programme that looks at the policy, legislative, regulatory and infrastructure requirements;  Policy requirements set out duties and responsibilities of the various domestic, regional and international stakeholders and beneficiaries of this security policy;  Legislative and regulatory requirements - sets limits, establishes a code of conduct, defining standards and some of the technical issues which may be imposed on stakeholders such as service providers, financial institutions, vendors/merchants, as well as work towards building the necessary trust and confidence demanded by users, key stakeholders, both within Africa and from around the world.  Infrastructure requirements will provide for minimum security standards and ensure providers are able to address the evolving demands of users and protect their networks against increasingly sophisticated attacks, originating from around the world.

25. www.uneca.org/aisi What is e-security policy?  A plan of action for tackling security issues, or a set of regulations for maintaining a certain level of security  Practices for securing computers, buildings, or vital infrastructure  Strategies articulated at both the organizational & national  Organisational level - a high-level document outlining management commitment to IT security by defining IT security & its supporting sub-policies;  National level - a government’s approach to ensuring the security of its national interests through legislation, regulations, training, investment & awareness

26. www.uneca.org/aisi Project status  Kenya - enabling legislation for the e-Gov Security Strategy in support of the operationalizing the Kenya e-Government Strategy;  Ghana - the design and development of a national e-security policy which complement its ICT4D Policy and a comprehensive operational e-security strategy in support of the existing e-gov initiatives e.g. E-customs and intranet;  Mozambique - the design and development of a national e- security policy which addresses all aspects required to secure the critical ICT infrastructure and technology. An e-gov security strategy with guidelines and standards which all systems and users must adhere to ensure the availability and safety of these critical systems;  Burkina Faso - policy on the protection of the essential ICT infrastructure.

27. www.uneca.org/aisi Conclusion  ECA with partners to continue assistance on experience sharing amongst the RECs on:  Policy, Legal and Regulatory Frameworks; and  Cyber laws and Information Security.  ECA and RECs to cooperate with Governments for the implementation at the national levels;  Support the creation of the Africa PKI Forum including the sharing of experiences

28. www.uneca.org/aisi Thank You ! http://www.uneca.org/aisi/