This document discusses critical information infrastructure protection (CIIP) and the threats and challenges for developing countries. It outlines that CIIs like telecommunications, power, and water systems are essential to modern economies. Ensuring the confidentiality, integrity, and availability of these systems is important. Developing countries face challenges like limited financial resources, technical complexity, and lack of relevant policies and legal frameworks for CIIP. Cooperation and information sharing between stakeholders is key to addressing these challenges and deploying effective CIIP.

1. Critical Information Infrastructure Protection: Threats & Challenges for Developing Countries Dr Martin Koyabe Security Futures Practice, BT Innovate & Design CTO, Cyber Security Forum, London,UK 17-18 th June 2010

2. Basic Understanding of CII [1/2] Critical Information Infrastructures (CII) communications and/or information services whose availability, reliability and resilience are essential to the functioning of a modern economy CII also includes: telecommunications, power distribution, water supply, public health services, national defense, law enforcement, government services, and emergency services

3. Basic Understanding of CII [2/2] Critical Information Infrastructure Protection (CIIP) Focuses on protection of IT systems and assets Telecommunication, computers/software, Internet, Satellite, interconnected computers/networks (Internet) & services they provide Ensures C onfidentiality, I ntegrity and A vailability Required 27/4 (365 days) Part of the daily modern economy and the existence of any country Confidentiality Integrity Availability

4. Key levels of CII risks Technical Complexity and interdependencies Increased dependencies  increased vulnerabilities Trust relationships increasingly complex End-to-End mitigation can be difficult Actor State-sponsored actors Ideological and political extremist actors Frustrated insiders/social-engineering Organised criminal agents/individuals Supported by underworld economy

5. Global trends towards CIIP Increased awareness for CIIP & cyber security Countries aware that risks to CIIP need to be managed Whether at National, Regional or International level Cyber security & CIIP becoming essential tools For supporting national security & social-economic well-being At national level Increased need to share responsibilities & co-ordination Among stakeholders in prevention, preparation, response & recovery At regional & international level Increased need for co-operation & co-ordination with partners In order to formulate and implement effective CIIP frameworks

6. How about developed economies? Key Cybersecurity threat(s) are diverse, but related “ Established capable states...” Source: UK Cyber Security Strategy [2009] “ The role of nations in exploiting information networks...” Source: US Cyberspace Policy Review [2009] “ The dangers from IT crime, threat to government agencies...” Source: Swedish Emergency Management Agency (SEMA) [2008] “ Financial incentive for online criminal behaviour...” Source: Towards a Belgian strategy on Information Security [2008]

7. Challenges for developing countries #1 : Cost and lack of (limited) financial investment Economics for establishing a CIIP framework can be a hindrance Limited human & institutional resources

8. Challenges for developing countries #2 : Technical complexity in deploying CIIP Need to understand dependencies & interdependencies Especially vulnerabilities & how they cascade Lack of effective trust relationships among stakeholders Provides Technical & Policy assistance to member states

9. Challenges for developing countries #3 : Need for Cybersecurity education & culture re-think Create awareness on importance of Cybersecurity & CIIP By sharing information on what works & successful best practices Creating a Cybersecurity culture can promote trust & confidence It will stimulate secure usage, ensure protection of data and privacy

10. Challenges for developing countries #4 : Lack of relevant CII policies & legal framework Needs Cybercrime legislation & enforcement mechanisms Setup policies to encourage co-operation among stakeholders Especially through Public-Private-Partnerships (PPP) #5 : Lack of information sharing & knowledge transfer It is important at ALL levels National, Regional & International Necessary for developing trust relationships among stakeholders Including CERT teams

11. Future CII threat vectors Expanding Infrastructures Fiber optic connectivity TEAMS/Seacom/EASSy Mobile/Wireless Networks Africa – accounts for 30% of ALL mobile phones in the world Existence of failed states Increased ship piracy To fund other activities Cyber warfare platforms Doesn’t need troops or military hardware Cyber communities Social Networks – Attacker’s “gold mine”

12. Summary CIIP deployment in developing countries is working progress Despite the challenges, there are also success stories too E.g. TUNISIA (CERT/TCC) CIIP/Cybersecurity is a 24/7 (365 days) business It’s costly, but doing without it is even worse Co-ordination & co-operation among stake holders is crucial Encourages trust, knowledge sharing & skills transfer Future threat vectors need our full attention Dependencies & interdependencies will become more complex

13. Q&A Session Thank You [email_address]