Challenges and Successes in the Zambian ICT Security Sector
advertisement
ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Challenges and Successes in the Zambian ICT Security Sector Mainza Siamubayi Handongwe, Student Research Fellow, Information and Communications University Email: msh12600@gmail.com Geneva, Switzerland, 15-16 September 2014 Introduction Zambia has made so much progress in the ICT sector Over the years, we have seen the following major developments; Three mobile telecommunication companies Online services (e-commerce, elearning, etc) Web hosting Internet Service Provision Geneva, Switzerland, 15-16 September 2014 2 Introduction cont' This has lead to exposure to several information security risks including; Website defacement Debit card stealing and cloning Financial losses due to debit card cloning Phishing Internet bundle and mobile credit stealing Denial of Service Wireless network hacking Geneva, Switzerland, 15-16 September 2014 3 Introduction cont' This, in most cases, has adversely affected socio-economic activities especially where cyber security preparedness is lacking Geneva, Switzerland, 15-16 September 2014 4 Challenges Zambia, like many developing countries, is faced with several challenges in the ICT sector These include; Inadequate policies to curb cyber crime Inadequate qualified personnel to fight cyber crime Inadequate ICT infrastructure to prevent and investigate cyber crime Inadequate sensitization on cyber crime Geneva, Switzerland, 15-16 September 2014 5 Inadequate policies to curb cyber crime Zambia had no specific legislation towards address cyber crime until 2004 Computer Crime and Misuse Act number 13 of 2004 enacted following defacement of State House website in 1999 Though it criminalizes some cyber crimes, the act still does not prohibit other major cyber crimes Geneva, Switzerland, 15-16 September 2014 6 Inadequate policies to curb cyber crime cont' Offence Legislation Penalty Unauthorised access Legislated Fifty thousand penalty units or 2-5yrs imprisonment or both Unauthorised modifications Legislated Fifty thousand penalty units or up to 3yrs imprisonment or both Denial of Service Legislated Five thousand penalty units or up to 10 yrs imprisonment or both Unsolicited e-mails (Spam) Not fully legislated. Crime if causes damage to computer system Unauthorised Interception Legislated Geneva, Switzerland, 15-16 September 2014 Two thousand penalty units or up to 5yrs imprisonment or both 7 Inadequate policies to curb cyber crime cont' Offence Pornography Legislation Child pornography legislated, adult access to online pornography without downloading to hard drive not clearly legislated Penalty Not less than 15yrs imprisonment or fine Manufacture of hardware Not legislated and software for furthering cybercrime Computer-related Fraud Not specifically legislated Computer-related Forgery Not legislated. e-Commerce Not legislated Identity Theft Not legislated Geneva, Switzerland, 15-16 September 2014 8 Inadequate policies to curb cyber crime cont' Act imposes lighter sentences for crimes that would require hefty ones The National ICT Policy of 2007 indicates government's commitment to promote safety in electronic frontier (Lupiya, 2009) Geneva, Switzerland, 15-16 September 2014 9 Inadequate policies to curb cyber crime cont' However, the policy does not give mandate to relevant government departments and private sector to combat some cyber crime Geneva, Switzerland, 15-16 September 2014 10 Inadequate qualified personnel to fight cyber crime 'According to an ICT industry skills survey, there were three hundred (300) people with graduate qualifications in ICTs in 2008'- S. Habeenzu Lack of ICT Staff structure (rural areas) Most network and systems administrators lack cyber security skills This could be attributed to limited number of institutions offering cyber security training Geneva, Switzerland, 15-16 September 2014 11 Inadequate qualified personnel to fight cyber crime cont' The cost of training and certification is also limiting This makes networks/systems that are managed by such personnel vulnerable to attacks Investigation of such incidences becomes difficult due to lack of computer forensic skills Geneva, Switzerland, 15-16 September 2014 12 ICT Staff Per Institution Institution Cyber Security Skilled ICT Staff CBU 40 1 UNZA 25 3 NRDC 2 1 ZCA-Monze 1 0 ZCA-Mpika 0 0 ICU 5 3 Nkhrumah College 2 0 Rusangu Univeristy 4 0 Cooperative College 2 0 Evelyn Hone College 3 0 Geneva, Switzerland, 15-16 September 2014 13 ICT Staff Per Institution ICT staff per institution and those with cyber security skills 40 35 30 25 20 15 10 5 0 ICT Staff Cyber Security Skilled Geneva, Switzerland, 15-16 September 2014 CBU UNZA NRDC ZCA-Monze ZCA-Mpika ICU Nkhrumah College Rusangu Univeristy Cooperative College Evelyn Hone College 14 Inadequate ICT infrastructure to prevent and investigate cyber crime Prevention and investigation of cyber crime requires specialized hardware and software These include firewalls, intrusion detection systems, forensic software etc These usually call for huge investments Geneva, Switzerland, 15-16 September 2014 15 Inadequate ICT infrastructure to prevent and investigate cyber crime cont' This tends to be the limiting factor for most government and private institutions Geneva, Switzerland, 15-16 September 2014 16 Inadequate sensitization on cyber crime The fight against cyber crime would be fruitless without involvement of ICT end users Information sharing with citizens on cyber crime and counter measures was not done in the past, hence the ‘information gap' Geneva, Switzerland, 15-16 September 2014 17 Inadequate sensitization on cyber crime cont' The Zambia Information Communication Technology Authority (ZICTA) is currently sensitizing citizens on online child protection However, ZICTA's efforts are not adequate considering the the huge task to be undertaken Geneva, Switzerland, 15-16 September 2014 18 Successes-Govt and Private Sector Establishment of the Zambia Information Communication Authority (ZICTA) to regulate ICT in Zambia Government has set up the first ever Computer Forensic Laboratory based at the Zambia Police Headquarters Geneva, Switzerland, 15-16 September 2014 A number of police officers have been trained in Information Security and Computer Forensics The Zambian government has partnered with several local and international organizations (including ITU) in the fight against cyber crime 19 Conclusions and Recommendations Formulate policies that will mandate relevant departments to prevent and investigate cyber crime, and prosecute perpetrators of such crimes Invest more in systems that prevent and help investigate cyber crime Ensure that private institutions invest in systems that guarantee Geneva, Switzerland, 15-16 September 2014 security to users or clients Train and/or recruit more personnel in cyber security Establish Computer Incident Response Teams at all levels in govt structures and the private sector Sensitize citizens on cyber crime and counter measures, and encourage reporting of cyber crimes 20 Bibliography HABEENZU S. (2010), Zambia ICT Sector Performance Review 2009/2010 LUPIYA S. (2009), Cyber Crime and the Law in Zambia Geneva, Switzerland, 15-16 September 2014 21
