Global Aspirations. Local Imperatives
A paper delivered at the: International Telecommunication Union (ITU) Arab Regional Cyber Security Centre Fourth Regional Cyber Security Summit Hosted by: Information Technology Authority through Oman National CERT (OCERT) by: Abdul-Hakeem Ajijola [email protected] Muscat, Sultanate of Oman 29 March 2015 WHO HOLDS THE CYBER BALANCE OF POWER? • WikiLeaks, Anonymous or Government? • Do these episodes require new laws of war? – Stuxnet, Duqu & Flame worms – 600,000 botnet attacks a day against UK MoD • “Operation PayBack”, in late 2010 brought down Master Card, Visa & PayPal sites because of their perceived stance against “Wikileaks” • Hackers interfered with two US satellites four times between 2007 and 2008, according to reports. BBC 28 October 2011http://www.bbc.com/news/business-15490687 • Iraqi Militants Hack $4.5m Predator Drones With $26 Windows Shareware. Gizmodo http://gizmodo.com/5428716/iraqi-militants-hack-45m-predator-drones-with-26-windowsshareware • How we use new media – Social Network – Sexting/ Era of never forgetting – Gossip/ half-truths/ Compliance with norms WHO IS USING CYBER-SPACE? – Daesh: Islamic State – Boko Haram: Jama’atu Ahlis-Sunnah Lid Da’awati Wal Jihad [People involved in Call to Islam & Jihad] – MEND: Movement for the Emancipation of the Niger Delta – FARC–EP and FARC: Revolutionary Armed Forces of Colombia—People's Army – Liberation Tigers of Tamil Eelam Propaganda, Financing & Recruitment MATTERS ARISING LOCAL IMPERATIVES: NATIONAL STRATEGIC INTERESTS Develop, nurture & patronize a home grown Cyber Security Solutions economic sub-sector Foster confidence in our economy & Broadband as well as related ICT infrastructure Increase incomes & Government revenue Promote Knowledge Generation & empowered Human Resources Enhance human safety & national wellbeing Reduce the cost of ICT services by ensuring that they carry only what they are designated to carry OIC-CERT GLOBAL ASPIRATIONS: MANDATE & MEMBERS OIC: 57 Members States OIC-CERT 32 Members 21 Counties represented Chair: Secretariat: OIC-CERT: STRATEGIC PARTNERSHIP Mission •"OIC-CERT is to provide a platform for member countries to explore & to develop collaborative initiatives & possible partnerships in matters pertaining to cyber security that shall strengthen their self reliant in the cyberspace." Eligibility •OIC-CERT is open to any suitable CERT, either supported & / or funded by the government, private sector or combination thereof that is interested in sharing the objectives of the OIC-CERT. Membership levels •Full, •General, •Professional, •Affiliate, •Commercial, •Fellows. Objectives • Strengthening relationships amongst CERTs in OIC Member Countries • Encouraging experience & information sharing in ICT Security • Preventing & reducing cyber-crimes • Cultivating & fostering education & outreach ICT security programs • Promoting collaborative technology research, development & Innovation in ICT security fields • Promoting good practices &/ or recommending to help address legal & regulatory issues • Assisting member countries in establishing National CERTs OIC-CERT: STRATEGIC PILLARS & ACTIVITIES Standards & Regulations Standardization of Member CERT Operating Policies & Procedures Research Analysis Consultation Compliance Monitoring Technical & Technology Early Warning System Tools & Measures Development & Testing Tools Measures Approval Guidelines & Capacity Building Certification Guidelines Training Content & Standardization Women & Youth Focus Cyber Drills Evaluation International Cooperation Collaboration & Cooperation Stakeholders Engagement Promotion & Awareness Development of Guidelines & Targets Membership Drive IntraCommunicatio n Media Showcase Development of Frameworks Cybersecurity Competitions 8 OIC-CERT: STRATEGIC PILLARS & OUTCOMES Standards & Regulations Policy Framework Adoption Manuals Technical & Technology Deterrence, Detection & Containment of Threats Global Competitiveness International Cooperation Enhanced Global Security Change Readiness Harmonized Incidence Response Implementat ion Feedback Capacity Building Jobs Creation Wealth Generation & Feedback Best Practice Sharing Sponsorship Influence Global Policy Sustainability Feedback Promotion & Awareness Enhanced Recognition Increased Visibility Increased Memberships 9 CYBER DRILL Annual test of the response capability of members Emergency Response Teams 2012 2013 2014 2014 SUGGESTED CYBER SOLUTIONS ECOSYSTEM ARCHITECTURE FOR NIGERIA Industry / Institutional Sectorial National National Coordinating CERT with Coordination Centre (CC) Technology National Security NITDA CERRT.ng ONSA NGCERT Service providers Intelligence Cyber Forensics Laboratory Financial Sector CERT Central Bank of Nigeria (CBN) Other Technology Law Enforcement Other Security NITDA/ Critical Information Infrastructure providers Other financial institutions Innovators Specialised CERT’s Government (GCERT) Oil and Gas entities UniAbuja/ CS2 Military Clearing House ICT Vendors Higher Education Institutions Private Sector Cyber Institute: Banks Country Domain and DNS Academic CERT’s FUT Minna, Dept. of CyberSecurity Business Service Providers Nuclear Aviation CS2 Forensics Lab Research Institutes Other Business Other Academic NGO CSEAN Water Other Specialised STRATEGIC BUSINESS OPPORTUNITY New threats create New Opportunities OIC Market Aggregation & Integration E.g. Islamic financial services, as measured by the total volume of Shariah compliant assets, US$ 1.1 trillion at end 2011 Africa has the highest mobile broadband growth rate in the world with nearly 900 million mobiles: users, their transactions & equipment must be secure to ensure confidence MSME INCOME MODELS & OPPORTUNITIES Pay As You Go Malware Mitigation Leveraging on advertising revenues Social Entrepreneurship Vulnerability Management Youth initiatives Cyber Solutions clearing house MSME Opportunities Associations/ Professional body Cyber Help desk, Backup & Reporting Cyber Forensics Law Enforcement collaboration Certification/ Capacity Building Standards & Testing Access Control Multilateral initiatives Public Private Partnership (PPP) Intrusion Detection Cyber fraud, scams & hoaxes Mitigation Monitoring & filtering Towards the Future of Cyber Attacks In sha Allah, We can succeed by working together. شكرا النتباهكم [email protected] www.oic-cert.org
© Copyright 2024