Cyber Security and Critical Information Infrastructure Protection from a South African <br />(Developing Countries) <br />...
Why?<br />Why should research about Cyber Security and Critical Information Infrastructure Protection for Africa (and Deve...
Africa through the Looking Glass<br />Africa: The Future Home of the World’s Largest Botnet? <br />‘IT experts estimate an...
Africa through the Looking Glass<br />‘Think that Russia and China pose the biggest hacking threats of our time? The virus...
Africa through the Looking Glass<br />‘Unfortunately, in cyberspace, the whole is only as strong as its weakest link -- an...
Africa through the Looking Glass<br />‘As Internet penetration increases across the continent, so does the risk of sophist...
Why is Africa at risk cyber security-wise?<br />‘Developing countries, such as those in Africa, are particularly vulnerabl...
high levels of computer illiteracy, and
ineffective legislation. </li></ul>These factors all introduce a higher level of cyber security risks and expose the criti...
What are the reasons for such quotes and <br />negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless ...
What are the reasons for such quotes and negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless techno...
What are the reasons for such quotes and negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless techno...
What are the reasons for such quotes and negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless techno...
What value can we add from an African perspective?<br /><ul><li>Any  research ignoring these factors, will not solve Afric...
Normal first world security solutions may not work in Africa
By researching these factors in cooperation with international</li></ul>      Partners, real solutions for Africa can be f...
What value can we add from an African perspective?<br />Four examples of models  following from relevant research <br />an...
1. Computer Security, Advisory and Warning (C-SAW) TeamTwo-Factor CIIP Development<br />Approach the development of a holi...
To provide “low-level” coordination<br />Bridge between small role players and the national computer security structure<br...
Web Connection<br />Anti Virus<br />Anti Spoofing<br />Web<br />Parental guidance<br />Firewall<br />2. A New Role for Inf...
                   ISP<br />Notification<br />Anti spam<br />Anti Spoofing<br />Web Connection<br />Web connection<br />Se...
Upcoming SlideShare
Loading in …5
×

Cyber security and critical information infrastructure protection from a south african (developing countries)

2,077 views

Published on

Seminar on Information and Network Security for Emerging Markets. Presentation material 20-21.9.2011.

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,077
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Cyber security and critical information infrastructure protection from a south african (developing countries)

  1. 1. Cyber Security and Critical Information Infrastructure Protection from a South African <br />(Developing Countries) <br />viewpoint<br />The Integritas System to enforce Integrity in Academic Environments<br />Prof Basie Von Solms<br />Academy for Computer Science and Software Engineering<br />University of Johannesburg<br />basievs@uj.ac.za<br />Prof Basie von Solms<br />Mr Jaco du Toit<br />
  2. 2. Why?<br />Why should research about Cyber Security and Critical Information Infrastructure Protection for Africa (and Developing countries in general) concentrate on specific aspects not necessarily relevant to developed countries?<br />Let us investigate a few quotes about ICT and Cyber Security made about Africa in the last few years:<br />
  3. 3. Africa through the Looking Glass<br />Africa: The Future Home of the World’s Largest Botnet? <br />‘IT experts estimate an 80% infection rate on all PCs continent-wide (in Africa), including government computers. It is the cyber equivalent of a pandemic. Few can afford to pay for anti-virus software…... ’<br />
  4. 4. Africa through the Looking Glass<br />‘Think that Russia and China pose the biggest hacking threats of our time? The virus-plagued computers in Africa could take the entire world economy offline.’<br />
  5. 5. Africa through the Looking Glass<br />‘Unfortunately, in cyberspace, the whole is only as strong as its weakest link -- and the majority of African countries are downright frail. <br />The biggest botnet the world has ever known could be lurking there.’<br />
  6. 6. Africa through the Looking Glass<br />‘As Internet penetration increases across the continent, so does the risk of sophisticated cyber-attacks, threatening African nations’ security, infrastructure, economic growth and citizen services.’ <br />
  7. 7. Why is Africa at risk cyber security-wise?<br />‘Developing countries, such as those in Africa, are particularly vulnerable to cyber-attacks due to a combination of factors, including <br /><ul><li>increasing Internet penetration rates,
  8. 8. high levels of computer illiteracy, and
  9. 9. ineffective legislation. </li></ul>These factors all introduce a higher level of cyber security risks and expose the critical infrastructures in such countries to higher levels of risk. ‘<br />
  10. 10. What are the reasons for such quotes and <br />negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless technologies and infrastructure<br />3 Lack of Cyber security awareness<br />4 Ineffective Legislation and Policies<br />5 Technical cyber security measures<br />6 Lack of Parliamentary oversight<br />
  11. 11. What are the reasons for such quotes and negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless technologies and infrastructure<br />‘Millions of Africans are using mobile phones to pay bills, move cash and buy basic everyday items. <br />Africa has the fastest-growing mobile phone market in the world and most of the operators are local firms.’.<br />
  12. 12. What are the reasons for such quotes and negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless technologies and infrastructure<br />3 Lack of Cyber security awareness<br />‘ as more individuals worldwide gain Internet access through mobile phones, Cyber criminals will have millions of inexperienced users to dupe with unsophisticated or well-worn scamming techniques that more savvy users grew wise to (or fell victim to) ages ago.’<br />
  13. 13. What are the reasons for such quotes and negativity?<br />1 Increasing Bandwidth <br />2 Increasing Use of Wireless technologies and infrastructure<br />3 Lack of Cyber security awareness<br />4 Ineffective Legislation and Policies<br />5 Technical cyber security measures<br />6 Lack of Parliamentary oversight<br />
  14. 14. What value can we add from an African perspective?<br /><ul><li>Any research ignoring these factors, will not solve Africa’s problems.
  15. 15. Normal first world security solutions may not work in Africa
  16. 16. By researching these factors in cooperation with international</li></ul> Partners, real solutions for Africa can be found.<br /><ul><li>Such solutions, originating from Africa, can help to address similar problems</li></ul> in other developing countries, and may form good cooperation<br /> research platforms between Africa and the rest of the world.<br />
  17. 17. What value can we add from an African perspective?<br />Four examples of models following from relevant research <br />and development efforts in South Africa:<br />A Community-Oriented Approach to CIIP in Developing Countries<br />(Computer Security, Advisory and Warning (C-SAW) Team)<br /><ul><li>Bottom-up approach vs Top down approach</li></ul>2. A New Role for Information Service Providers (ISPs) as Part of<br /> Critical Information Infrastructure Protection and Cyber Security in Africa<br /><ul><li>From Security-thick users to Security-thin users</li></ul> (prototype)<br />3. South African Academic Cyber Security Alliance (SAACSA)<br /><ul><li> UJ, NMMU, UNISA</li></ul>4. The Centre of Excellence in Cyber Security at the University of Johannesburg<br />
  18. 18. 1. Computer Security, Advisory and Warning (C-SAW) TeamTwo-Factor CIIP Development<br />Approach the development of a holistic cyber security structure on two fronts:<br />Top-Down<br />Large entities<br />Direct coordination from CSIRT<br />Bottom-up<br />Smaller entities<br />Interaction with C-SAW teams<br />Two structures are developed concurrently<br />Resulting in a comprehensive final structure<br />
  19. 19. To provide “low-level” coordination<br />Bridge between small role players and the national computer security structure<br />Focused on small role players:<br />Small Academic Entities<br />Primary and Secondary Schools, etc.<br />Small Commercial Entities<br />Small and Medium Enterprises<br />Individuals<br />The “man-on-the-street”<br />All of these role players have:<br />Limited computer facilities<br />Consume “small” amounts of bandwidth<br />Relatively little collective knowledge of computer security threats<br />15<br />1. Computer Security, Advisory and Warning (C-SAW) Team<br />
  20. 20. Web Connection<br />Anti Virus<br />Anti Spoofing<br />Web<br />Parental guidance<br />Firewall<br />2. A New Role for Information Service Providers (ISPs) as Part of<br /> Critical Information Infrastructure Protection and Cyber Security in Africa<br />Thick-security end user<br />ISP<br />
  21. 21. ISP<br />Notification<br />Anti spam<br />Anti Spoofing<br />Web Connection<br />Web connection<br />Secured access<br />Anti Virus<br />Web<br />Traffic analysis<br />Filtering<br />Parental guidance<br />Firewall<br />Thick- security ISP<br />
  22. 22. 3. South African Academic Cyber Security Alliance (SAACSA)<br /><ul><li>National Cyber Security Awareness Day
  23. 23. Cyber Security Awareness Workbook for Schools (hard copy)
  24. 24. Cyber Security Awareness Board games for Schools
  25. 25. DoC
  26. 26. DoE</li></li></ul><li>4. The Centre of Excellence in Cyber Security at the <br />University of Johannesburg<br /><ul><li>The Centre of Excellence in Cyber Security is being set up as a joint</li></ul> venture with the International Telecommunications Union (ITU)<br /><ul><li>Intends to provide a wide range of cyber security and CIIP services, </li></ul> expertize and knowledge to industry, government and ordinary citizens<br /><ul><li>Set up a C-SAW
  27. 27. Set up a ‘thick-security’ ISP
  28. 28. Success dependent of financial support</li></li></ul><li><ul><li>With international support from interested parties, Africa and </li></ul>South Africa in particular, can turn the negative view about <br />being the capital of cyber crime in the world<br /><ul><li>My thanks to the Finnish Embassy in SA for inviting me
  29. 29. I trust that Finland will become a big partner in some of the</li></ul> projects discussed above.<br />
  30. 30. Thanks<br />

×