ICC Survey of CERT Capacity in Africa July 2010 Joseph Richardson Senior Fellow, ICC.
Download ReportTranscript ICC Survey of CERT Capacity in Africa July 2010 Joseph Richardson Senior Fellow, ICC.
ICC Survey of CERT Capacity in Africa July 2010 Joseph Richardson Senior Fellow, ICC Develop a better understanding of cyber security and CERT capacity in Africa. Input from all participants; ◦ ◦ ◦ ◦ Governments Private Sector Civil Society Academia The African Union (AU) ◦ An international organization consisting of 53 African states whose objectives include to coordinate and intensify cooperation for development. The World Information Technology and Services Alliance (WITSA) ◦ A consortium of over 60 information technology (IT) industry associations from economies around the world. Incident management Legal infrastructure National Strategy for Cyber security ◦ Which of 23 identified potential functions associated with incident management (CERT activity) are being performed in country? ◦ On a scale of 0-5 what progress has been made on six (6) key cybercrime elements (from review of laws to international cooperation)? ◦ What other laws associated with cyber security have been addressed (privacy, data protection, commercial law, etc)? ◦ Which of 17 potential national objectives for cyber security are included in a national strategy or being done outside such a strategy? 26 valid responses from 12 countries ◦ 35 % government employees ◦ 50 % private sector ◦ 11 % academia ◦ 4 % civil society 22 % report their country has a CERT with national responsibility (N-CERT) 30 % report their country is addressing 16 or more of the 23 cyber incident management functions. 61 % report their country is addressing 6 or fewer of the 23 functions. For each of the 6 cyber crime functions ◦ 45 % of respondents reported no action. ◦ 5% of respondents reported completed action. For other legal infrastructures associated with cyber security ◦ 50 % reported no action on any of the other legal infrastructures 35 % have a national strategy ◦ Addressing on average 62% of the 17 objectives. 65 % have no national strategy ◦ Yet they are addressing 13 % of the 17 objectives Efforts are underway in most countries of Africa to address cyber security providing a base upon which to build. ◦ Including across a range of N-CERT functions An N-CERT is correlated with activity across the full range of incident management functions. The development of a national cyber security strategy is correlated with a comprehensive response to cyber security.