Upload
lynn-baldwin
View
215
Download
3
Embed Size (px)
Citation preview
International Cyber Center
Joseph RichardsonSenior Fellow, ICC
ICC Survey of CERT Capacity in AfricaJuly 2010
Develop a better understanding of cyber security and CERT capacity in Africa.
Input from all participants;◦ Governments◦ Private Sector◦ Civil Society◦ Academia
Survey Objectives
The African Union (AU) ◦ An international organization consisting of 53
African states whose objectives include to coordinate and intensify cooperation for development.
The World Information Technology and Services Alliance (WITSA)◦ A consortium of over 60 information technology
(IT) industry associations from economies around the world.
Survey Partners
Incident management◦ Which of 23 identified potential functions associated with
incident management (CERT activity) are being performed in country?
Legal infrastructure◦ On a scale of 0-5 what progress has been made on six (6)
key cybercrime elements (from review of laws to international cooperation)?
◦ What other laws associated with cyber security have been addressed (privacy, data protection, commercial law, etc)?
National Strategy for Cyber security◦ Which of 17 potential national objectives for cyber security
are included in a national strategy or being done outside such a strategy?
Elements of Survey
26 valid responses from 12 countries◦ 35 % government employees◦ 50 % private sector◦ 11 % academia◦ 4 % civil society
Results Survey Participants
22 % report their country has a CERT with national responsibility (N-CERT)
30 % report their country is addressing 16 or more of the 23 cyber incident management functions.
61 % report their country is addressing 6 or fewer of the 23 functions.
ResultsIncident Management
For each of the 6 cyber crime functions ◦ 45 % of respondents reported no action.◦ 5% of respondents reported completed action.
For other legal infrastructures associated with cyber security◦ 50 % reported no action on any of the other legal
infrastructures
ResultsLegal Infrastructure
35 % have a national strategy◦ Addressing on average 62% of the 17 objectives.
65 % have no national strategy◦ Yet they are addressing 13 % of the 17 objectives
ResultsNational Strategy
Efforts are underway in most countries of Africa to address cyber security providing a base upon which to build.◦ Including across a range of N-CERT functions
An N-CERT is correlated with activity across the full range of incident management functions.
The development of a national cyber security strategy is correlated with a comprehensive response to cyber security.
SurveyConclusions