Embed Size (px)
Citation preview
Kenya Ministry of Information Communications and Technology, Kenya
National Cybersecurity Strategy &
Master Plan for the Government of
Kenya
Executive Summary
Ministry of Information Communications and Technology, Kenya
Kenya Ministry of Information Communications and Technology, KenyaKenya Ministry of Information Communications and Technology, Kenya
Agenda
� Cybersecurity as a Global Concern
� Cybersecurity in Kenya
� Kenya Cybersecurity Strategy and Master Plan
� Cybersecurity Benefits to Kenya
Kenya Ministry of Information Communications and Technology, Kenya
Cyber attacks are not a new epidemic but are becoming more prevalent and sophisticated every day
1980–1985
1985–1990
1990–1995
1995–2000
2000–2005
� Password Guessing
� Self Replicating Code
� Password Cracking
� Exploiting Known Vulnerabilities
� Disabling Audits
� Back Doors
� Hijacking Sessions
� Sweepers
� Sniffers
� Stealth Diagnostics
� Packet Spoofing
� Intruder Toolkits
� Automated Probes
� Automated Scans
� Denial of Service
� Distributed Attacks
� Commercialization of hacking
� Blended Attacks
� Mutatable Malware
� Phishing/Pharming
� Spear Phishing
� Infrastructure attacks
� Advanced Persistent Threat
� Botnets
� Converged Attacks
� Cyber-Based Terrorism
� Organized Crime
� Nation-State Cyber-warfare
� Next Generation DoS
� Targeted Malicious Code
2006–2012Compounding Cyber Attack Progression
COMMON IMPACT STATISTICS
Computer Economics:Cybercrime accounted for 22%
of all economic crime reported by Kenyan financial services organizations over the last 12
months
DataMonitor: Forensic
experts estimate cybercrime
costs the Kenyan economy
up to KSH 3 billion annually
Computer Emergency Response
Team (CERT) : The estimated
combined threat of cybercrimes to
East African financial institutions in
the regions is estimated at USD 245
million.
CSI/FBI: A 2012 study
estimated the global cost of
information and
communication technology
(ICT) crime and remediation
efforts to be USD 110 billion
Attack
Sophistication
Increasing
Time
Kenya Ministry of Information Communications and Technology, Kenya
Cybersecurity is an international issue requiring attention from the international community as well as individual nation states at the public
and private sector level.
Kenya, as an emerging global
ICT player, is a target.
• Police website defaced in 2011
• 103 GOK websites defaced by an
Indonesian Hacker in Jan 2012
• ATM skimming attack on 24th Dec 2012
affecting approximately 5 major banks
• Mobile transfer fraud through Social
Engineering
• Insider Threats with government or
financial sector employees
Kenya Ministry of Information Communications and Technology, Kenya
As digital access to government increases, greater need to
diligently manage access to ICT resources of citizens,
suppliers and businesses
Types of attacks have increased dramatically in recent
years, driven by a variety of information-related sources
(e.g., insider threat, e-intrusion, etc.)
Challenges to security arise due to growing access to
information assets, and is only expected to increase as e-
Government programs have a wider reach
Societies are becoming increasingly dependent on
information resulting in need to proactively create
procedures to ensure non-stop service delivery
Organized crime and the “decreasing” size of the world
create a need for tighter control through secure electronic
identification capabilities
Terrorists and rogue individuals are increasingly capable of
more sophisticated attacks allowing them to critically
incapacitate and/or harm GoK reputation and operations
With major ICT advances, the GoK is operating in an evolving risk environment which presents substantial security challenges
Increasing Accessto Government
Information
Technology-driven Threats
Infrastructure Vulnerabilities
Increased Socio-Economic Dependence
on Information
Globalization and Organized Crime
Emerging Risk Area Risk Description
Increased Capabilities of Threat Actors
Kenya ICT Challenges
� Technology is seen as a solution
– Implementation of cutting-edge technologies is viewed as panacea and not part of a larger solution
� Systems are being developed without effective security controls in place
– There is a lack of fundamental knowledge of existing vulnerabilities, threats, and risk management
� Cybersecurity is not part of the government culture
– Risks are misunderstood, unidentified, or seen as “far off” and not likely to happen in this environment
� Outsourcing is seen as a solution
– This compounds the potential for risks if proper security measures aren’t part of third party agreements
� Cybersecurity is neither proactive nor providing resiliency for IT resources
– Isolated cybersecurity functionality and lack of consolidated threat intelligence limits actionable and productive risk management
Kenya Ministry of Information Communications and Technology, Kenya
To address these challenges, the GoK has developed a Kenya Cybersecurity Strategy and Master Plan in support of Kenya Vision 2030
To create a globally competitive and prosperous
nation with a high quality of life
The Economic Pillar seeks to
improve the prosperity of all
regions of the country and
all Kenyans
The Social Pillar is
investing in the people of
Kenya in order to improve
the quality of life
The Political Pillar objective is moving to
the future as one nation
1 2 3
PILLARS OF GROWTH
Promotes the strategic value of information and its fundamental role in managing risks to government processes
Enables the continuity and effectiveness by assuring availability of information assets
Enables increased program performance and refinement of procedures through a more streamlined feedback
Enables increased communications and availability of government services and assets
Promotes an empowered workforce that understands the importance of sharing and securing information
Cybersecurity Strategy & Master Plan Benefits
Kenya Ministry of Information Communications and Technology, Kenya
This image cannot currently be displayed.
3 7
At the core of Kenyan Cybersecurity efforts lies the
Government’s vision, goals, an objectives for the country’s growth, safety, and prosperity.
Kenya’s Cybersecurity Strategy
• Publicizes Kenya’s dedication to and
focus on cybersecurity domestically and
internationally
• Clearly defines Kenya’s cybersecurity
vision, goals, and objectives
• Develop comprehensive governance
structures and policies
• Raise awareness in public and private
sectors
• Expand cybersecurity education to build
the Kenyan workforce
Kenya Ministry of Information Communications and Technology, Kenya
Kenya
Cybersecurity
Implementing a comprehensive and effective Cybersecurity Master Plan requires more than applying technology
Kenya Ministry of Information Communications and Technology, Kenya
Implementing the CSMP will support the evolution of the Government of Kenya ICT to providing a modern cyber security posture and effective risk management.
� Directly support Kenyan GDP growth and improved international ICT reputation
� Potential for immediate gains in public and private sector security of IT and data assets
� Enabling a secure environment for business to operate and thrive (local and foreign investment)
� Increased confidence in cyber transactions
� Increased safety and security for industry and populace
� Improved efficiency in providing national, county, and local government services (eGovernment)
� Establishing a Gold Standard for Kenya Cybersecurity
