IT Presentation During COMESA Pre-Event.ppt [Compatibility Mode]

8/13/2019 IT Presentation During COMESA Pre-Event.ppt [Compatibility Mode]

1/16

COMESA Cyber Secur i ty and PK I Meet ingCOMESA Cyber Secur i ty and PK I Meet ing( P r e( P r e -- e v e n t A w a r e n e s s W o r k s h o p )e v e n t A w a r e n e s s W o r k s h o p )

2020 thth November 2013November 2013

By:By:

Michael K. KatunduMichael K. Katundu

Director, Information TechnologyDirector, Information TechnologyCommunications Commission of Kenya (CCK)Communications Commission of Kenya (CCK)


2/16

Content1. Introduction

2. Implementation of Kenyas National CybersecurityManagement framework

3. Collaboration in Cyber Crime Management.

5. How to Report Cybercrime attacks in Kenya

6. Kenyas Public Key Infrastructure (PKI)

7. COMESA Cyber Security and PKI Meeting

2


3/16

Introduction

What is Cyber Security?

Cyber security is the defense againstCybercrime or cyber-attacks.

It is the defense against attacks on

Information and CommunicationsTechnology (ICT) infrastructure.

What is Cyber Crime?

Cyber crime refers to attacks on theInformation and CommunicationsTechnology (ICT) infrastructure.

Cyber-attacks are mainly directed tocomputer networks, computer data,

It is a means of safeguarding

computer networks and theinformation they contain frompenetration and malicious damage or

disruption.

Facebook, emails, Bank accounts and

websites, among others.

Cyber-attacks can lead to maliciousdamage or disruption of services,

including loss of money. Cyber-attackscan be committed through the Internetusing Computers, Tablets , Mobile

phones, among others. Many types ofcybercrimes are simply extensions ofexisting physical criminal activities.

3


4/16

Introduction (Contd)

National CIRTsA National CIRT is a technicalcyber security management

entity that acts as a Trusted Pointof Contact for a given country

where Citizens, regional andinternational communities report

cybercrime incidents for assistance.

Sector CIRTsThis refers to a technical cybersecurity management framework

that serves a particular industry.

Examples include a lawenforcement CIRT, a financial

sector CIRT, aTelecommunications Operators

To effectively discharge its

mandate, best practice requiresthat a National CIRT establishes

relevant partnerships at theNational, Regional and

International level.

In Kenya the National CIRT is theKE-CIRT/CC

sector CIRT, an Academia sectorCIRT, among others

Stakeholders interest groups are

encouraged to form their respective sector CIRTs to

coordinate cyber securitymanagement within their sectors,

in collaboration with the NationalKE-CIRT/CC.

4


5/16

Introduction (Contd)

Cybersecurity management framework in Kenya includes:

The Kenya Information and Communications Technology SectorPolicy of 2006;

The Kenya Information and Communications Act CAP411A of1998; and

The Kenya Information and Communications (Electronic

5

2010, among other legal instruments;

The national Kenya Computer Incident Response TeamCoordination Centre (KE-CIRT/CC)


6/16

Implementation of Kenyas National Cyber Security

Management Framework

The Kenya Information and Communications Act CAP411A of 1998mandates the CCK to implement Kenyas national cyber securitymanagement framework

In October 2012, the CCK established the Kenya Computer Incident

Response Team/Coordination Centre (KE-CIRT/CC), Kenyas nationaltrusted point of contact for cyber security matters.

The functions of the KE-CIRT/CC include;

Offering advisories on cyber security matters to its constituents and coordinatingcyber incident response in collaboration with relevant actors locally, regionallyand internationally.

Gathering and disseminating technical information on computer securityincidents;

Carrying out research and analysis on computer security;

Facilitating the development of a national Public Key Infrastructure (PKI); and,

Capacity building in information security and creating and maintaining

awareness on cyber security-related activities.

6


7/16

Implementation of Kenyas National Cybersecurity

Management Framework

To enhance collaboration with local cyber security stakeholders, inApril 2012 the CCK put in place the National Cybersecurity SteeringCommittee (NCSC) to facilitate the establishment of the national KE-

CIRT/CC, as well as oversee the operations of the national KE-CIRT/CC.

The NCSC is chaired by CCK and draws members from:

The Ministry of Information, Communication and Technology (MICT);

e ecommun ca ons erv ce rov ers o enya ,

Internet Service Providers (ISPs) and Undersea Fibre Optic Cable Providers;

Law Enforcement;

Academia;

The Financial sector;

Critical Utilities Infrastructure entities (Kenya Airways, Kenya Civil Aviation,Nairobi Water and Sewerage Company, Kenya Pipeline Corporation, KenyaPower Limited and Kengen Limited); and Government Agencies.

7


8/16

Collaboration in Cyber Crime Management

To effectively discharge its mandate, best practice requiresthat a national CIRTestablishes relevant partnerships at the National, Regional and International level.

KE-CIRT/CC has established the following partnerships:

National level: National cyber security Steering Committee (NCSC) whosemembers are drawn from the Ministry of ICT, TESPOK/ISPs/Mobile Operators,

academia, the financial sector and the law enforcement;

Regional level: EACO cyber security Taskforce (E.A Point of Contact) andother E.A National CIRTs; and

International level:ITU, IMPACT, FIRST (ongoing), etc.

8


9/16

Overview of Cyber Incidents in Kenya

9

Source: KE-CIRT/CC 2013


10/16

How to Report Cybercrime attacks in Kenya

Cybercrime incidents can be reported to the KE-CIRT/CCthrough:

Web portal:http://cirt.cck.go.ke/contact

Email:[email protected]

Tel: +254-703-0422000/446 or +254-20-4242000/446

Fax:+254-20-4451866

A letter addressed to:

Director GeneralCommunications Commission of Kenya (CCK)Waiyaki Way

P.O. Box 14448, 00800 WestlandsNAIROBI, KENYA

10


11/16

Kenyas National

Public Key Infrastructure

11


12/16

A Public Key Infrastructure (PKI) refers to a system for thecreation, storage, and distribution of digital certificates whichare used to verify that a particular public key belongs to acertain entity.

A Public Key Infrastructure (PKI) creates digital certificateswhich map public keys to entities, securely stores these

Kenyas National Public Key Infrastructure (PKI)

12

cer ca es n a cen ra repos ory, an revo es em nee e .The PKI framework uses public key cryptography, acryptographic technique that enables users to securelycommunicate on an insecure public network, and reliably

verify the identity of a user via digital signatures.


13/16

Generally a PKI Consists of:

Registration Authorities (RAs)

RAs are the first point of contact for prospective users of PKI services.

The role of RAs is to verify the identity of a user. This function is usually performed by aCertification Authority (CA).

Certificate Authorities (CAs)


13

CAs issue and verify digital certificates that authenticate the identity of organizationsand individuals over a public system like the Internet.

The digital certificates are also used to sign electronic messages and documents, whichensure that the electronic messages and documents are not tampered with during thetransmission process.

A Root Certification Authority (RCA)

RCAs accredit CAs who issue digital certificates to users.

Accreditation ensures that digital certificates issued by the CA are recognized &trusted globally.


14/16

In Kenyas framework, the RA and CA functions will be performedby CCK licensed Electronic Certification Service Providers.

The RCA is a regulatory instrument and thus this function will beperformed by the CCK

Already, the technical implementation of Kenyas PKI (RA, CA and


14

s n p ace.

The CCK is currently in the process of developing a licensingframework for the Electronic Certificate Services Providers (E-CSPs).The framework is currently available for public/stakeholderconsultations until 25th November 2013.


15/16

COMESA Cyber Security and PKI Meeting

Objectives Sharing experiences among the COMESA

member states on the implementation of

national cyber security frameworks, national

Public Key Infrastructure (PKI) and consideration

of the COMESA cyber security and PKI road map.

Dates 26th to 28th November 2013

15

Venue Safari Park hotel, Nairobi

Target Group Academia, financial institutions, cyber security

committees/taskforces, investigators, judges, law

enforcement, lawyers, national and sector CIRTs,

prosecutors, policy makers, information security

professionals, among other cyber crimemanagement stakeholders.


16/16

T H A N K Y O UT H A N K Y O U

ka tundu@cck .go .keka tundu@cck .go .ke

Documents

IT Presentation During COMESA Pre-Event.ppt [Compatibility Mode]