Upcoming SlideShare
Loading in...5

Like this? Share it with your network








Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

CTO-CybersecurityForum-2010-Trilok-Debeesing Presentation Transcript

  • 1. Protecting Investors and Industry How Mauritius handles cyber Security CTO Cyber Security Forum 2010 17 & 18 June 2010 UK, London
  • 2. Mauritius positioning itself as a regional hub
    • Commitment by Govt in the late 90’s to turn Mtius into a cyber island
      • legal framework financial incentives
        • double taxation treaties with approx. 32 countries
        • Low corporate tax of 15%
        • Business facilitation Act
          • Reduce administrative bureaucracy in the setting up of a business in Mauritius by foreigners
    • Affordable, secure & reliable infrastructure
      • Global connectivity @ competitive rates
      • Creation of state-of-the art technology parks (e.g. Ebene Cybercity)
    • A skilled, bilingual and cosmopolitan workforce
      • international companies like Infosys, Microsoft, Accenture, and TNT have a delivery center in Mauritius are now capitalizing on the local skills for their BPO operations
  • 3. State of health of the ICT Investment & Industry in Mauritius
    • Some indicators for the ICT sector between 2007 – 2009
      • Growth rate maintained @15% - 16%
      • Growth of Employment increased from 10,300 to 11,500
      • Number of ICT-BPO companies: 185 to 300 (90 in 2005)
        • BPO represents approx. 45% of the ICT industry
      • Turnover for IT services & IT enabled services industry
      • doubled in that period
      • Turnover for telecommunications increased by 25%
  • 4. ICT & BPO activities requirements
    • Activities include
      • payroll administration,
      • processing of receivables and payables, document and data management,
      • multimedia and web design,
      • emergence of higher end BPO activities
        • software development, web-enabled activities,
        • Business continuity & disaster recovery services
    • With ICT affirming itself as a resilient and growing economic pillar for the Mauritian economy,
      • monitoring & ensuring the security and privacy aspects of ICT & BPO companies is of prime importance
      • Warranted the adoption of the right cybersecurity strategy at the national level
  • 5. Holistic approach
    • The National Information Security Strategy Plan (NISS) as part of the National Information Communication Technologies Strategic Plan (NICTSP) 2007 - 2011
      • ICT as an economic pillar for Mauritius
      • Mauritius as a Regional ICT Hub
        • Image building as a safe e-harbour for the ICT BPO sector
    • Both NICTSP & NISS considered as
      • living and breathing resources
        • Used as dash boards for implementation of resulting Action Plans
  • 6. NICTSP & NISS as living and breathing resources
    • Legal framework
      • Electronic Transactions Act 2000
      • Information and Communication Technologies Act 2001
      • Computer Misuse and Cyber-Crime Act 2003
      • Data Protection Act 2004
      • Forthcoming legislations
        • New IP & Copyright Act (will include DRM)
        • Online Child Protection
        • Anti-spam
    • Implementation & institutional framework -
      • Parent ICT Ministry
      • ICT Authority (Regulator)
      • National Computer Board (promotion of ICTs in Mauritius)
      • Central Informatics Bureau (computerisation of Ministries)
    • Main Challenges
      • Mapping of cyber security responsibilities onto the local institutions, properly aligned with the legal framework
      • Operationalise cyber security services (confidentiality, integrity & availability) thru’ well thought out cybersecurity project plans
  • 7. NISS Action Plan Framework
    • Action Lines identified
      • Continuous improvement of policy, legal and regulatory frameworks for addressing cybersecurity
      • Capacity building to increase stakeholders awareness and transfer of knowledge.
      • Improved detection of and responses to detect breaches in cybersecurity.
      • Increased protection to reinforce cybersecurity
  • 8. Action Line 1: Policy, legal & regulatory frameworks improvements
      • Data Protection Act 2004 in accordance with EU directives
        • The right to know what information is held about you
        • Framework to ensure that personal information is protected & properly handled
        • Appointment of a Data Protection Commissioner
      • Electronic Transactions Act 2000
        • Legal sanctity to digital signatures for secure e-transactions
        • Setting up of the Mauritian Public Key Infrastructure (PKI) aligned with the Indian PKI
        • Regulation under way to set up a PKI licensing framework.
      • Information and Communication Technologies Act 2001
        • Creation of the ICT Regulatory body in 2002
        • Amendments presently proposed to include, amongst others,
          • further adapt the licensing framework to the converging ICT environment
          • definition of a Critical Information Infrastructure framework
      • Computer Misuse and Cyber-Crime Act 2003
        • Offences under the Act pertains to activities in which computers or networks are a tool, a target or a place of criminal activity (aligned with Council of Europe’s Convention on Cybercrime)
        • Setting up of the National Cybercrime Prevention Committee (NCPC)
  • 9. Action Line 1: Policy, legal & regulatory frameworks improvements (contd)
    • NCPC mandates (benchmarked with ITU HLEG report on Cybercrime)
      • Mapping the different types of cybercrimes with provisions of Computer Misuse & Cybercrime Act in terms of substantive criminal and procedural provisions therein.
      • Assessing the technical and procedural measures deployed.
      • Understanding the role of different organisational structures involved in combating cybercrime.
      • Identifying capacity building requirements; and
      • Optimising on the need for international cooperation.
  • 10. Action Line 1: Policy, legal & regulatory frameworks improvements (contd)
    • NCPC forthcoming projects
      • A Portal to centralise the initiatives taken by different stakeholders involved in cybercrime detection & prevention.
        • It will also host the online reporting mechanism to the citizens of Mauritius for filing of complaints.
      • A cybersecurity observatory which will collect data at the national and international level
        • analysis to detect patterns and trends can be performed.
      • Setting up of a National Cybercrime Watch Centre
        • identify and deal effectively with threats and risks related to cybercrime.
  • 11. Action Line 2: Capacity building to increase stakeholders awareness and transfer of knowledge.
    • Ongoing interventions of awareness and capacity building
      • To establish a culture of information security in businesses, government and society
        • Information Security Risk Management practices
        • ISO 27001 ISMS
      • on cyber crimes detection & prevention techniques for law enforcement and the industry.
      • To promote cooperation between industry and academia on knowledge sharing in information security areas through the holding of regular annual conferences on Information Security
  • 12. Action Line 3: Improved detection of and responses to detect breaches in cybersecurity.
    • Police Cybercrime Unit created in 2000
      • Takes into consideration
        • Data Protection Act
        • Information & Communication Technologies Act
        • Computer Misuse & Cybercrime Act
    • Computer Emergency Response Team (CERT-mu) set up in 2008
      • Security alerts & cybersecurity advisory roles
      • Will need to be upgraded to include
        • a monitoring infrastructure to proactively handle cybersecurity incidents
        • an Incident Management System to record reported incidents in order to provide statistics and status tracking
  • 13. Action Line 4: Increased protection to reinforce cybersecurity
    • Deployment of a Content Security Monitoring Solution in the pipeline
      • A centralised content filtering service that enables ISPs to effectively filter
        • Child Sexual Abuse sites &
        • web contents classified as illegal by local authorities
      • Two steps filtering solution to ensure minimal QoS degradation by
        • routing of blacklisted IP addresses by ISPs to a filtering server deployed at Internet gateway
        • filtering server checks the URL against the blacklist using packet inspection
        • if request is blocked, it is not passed on to the destination web site but redirected to a blocking server and displays a block page
  • 14. Conclusion
    • “ Much work is needed to increase the security of the Internet and its connected computers and to make the environment more reliable for everyone. Security is a mesh of actions and features and mechanisms. No one thing makes you secure.” Vint Cerf
    • Thank you