PRESENTATION DURING NEW STAFF INDUCTION

ON THE

INFORMATION TECHNOLOGY (IT) DEPARTMENT

BY: MICHAEL K. KATUNDU,

Director, Information Technology (IT)

Mandate of the IT Department

1. Align Information Technology (IT) systems to the Authority’s Strategy

2. Facilitate the development of the Electronic Commerce (E-Commerce) framework in Kenya

3. Conduct technical Research and Development (R&D) on new and emerging technologies and trends

ALIGN INFORMATION TECHNOLOGY (IT) SYSTEMS TO THE AUTHORITY’S STRATEGY

Align the Information Technology (IT) systems to the Authority’s Strategy

Automation of the Authority’s systems and processesManagement of the Authority’s IT systemsAwareness creation and capacity building on IT issues (Internal and Regulatory)Advise on IT issues (Internal and Regulatory)

FACILITATE THE DEVELOPMENT OF THE ELECTRONIC COMMERCE (E-COMMERCE) FRAMEWORK IN

KENYA

Over v iew of Kenya’s National Cybersecur i ty Framework

VISION 2030

ICT Sector Policy

Kenya Information & Communications Act of 1998

National Cybersecurity Strategy

National Computer Incident Response Team/Co-ordination Centre (National KE-CIRT/CC)

National Public Key Infrastructure (NPKI)

Facilitate the development of the Electronic Commerce (E-Commerce) framework in Kenya

2.1. Coordination of the implementation of the national Cybersecurity framework

2.2. Coordination of the implementation of a framework for the administration and management of the dot KE country code Top Level Domain (ccTLD)

Coordination of the implementation of the national Cybersecurity framework

i. What is Cybersecurity:Cybersecurity is also referred to as

Information Technology (IT) security; It’s the protection of computers,

networks, programs and data from unintended or unauthorized access, change or destruction.

Coordination of the implementation of the national Cybersecurity framework (Cont’d)

ii. Types of Cybersecurity incidentsHate messages propagated through the Internet/Computer;Distributed Denial of Service (DDOS);Phishing;Website Defacement;Espionage

The National Computer Incident Response Team - Coordination

Centre

(National KE-CIRT/CC)

“ E n h a n c i n g I n t e r n e t S e c u r i t y i n K e n y a ”

Implementation of the national Cybersecurity framework (Cont’d)

The National Computer Incident Response Team-Coordination Centre (National KE-CIRT/CC)

The Authority implemented the National KE-CIRT/CC in Oct. 2012 with the technical support of the ITU The Authority is currently liaising with the ITU to upgrade the services of the National KE-CIRT/CCThe functions of the National KE-CIRT/CC are to:

a) Coordinate technical response to cybersecurity incidents in Kenya in collaboration with the national, regional and international cybersecurity actors;

Implementation of the national Cybersecurity framework (Cont’d)

The National Computer Incident Response Team-Coordination Centre (National KE-CIRT/CC)

The Authority implemented the National KE-CIRT/CC in Oct. 2012 with the technical support of the ITU The Authority is currently liaising with the ITU to upgrade the services of the National KE-CIRT/CCThe functions of the National KE-CIRT/CC are to:

a) coordinate technical response to cybersecurity incidents in Kenya in collaboration with the national, regional and international cybersecurity actors;

The functions of the National KE-IRT/CC (Cont’d):

b) To create awareness and build capacity on Cybersecurity in Kenya

Functions of the National KE-CIRT/CC: (c) Put in place Network Early Warning Systems (NEWS) in order to identify possible cybersecurity incidents in advance.

(d) Collect, compile and disseminate national statistics on cybersecurity incidents.

The National KE-CIRT/CC operates as follows:

i. Users report cybersecurity incidents to the National KE-CIRT/CC (via the website, email, telephone, a letter or by visiting)

ii. The National KE-CIRT/CC conducts technical analysisiii. Respond to the cybersecurity incidentsiv. Escalation of the cybersecurity incidents of criminal

nature to the law enforcement (for investigation and possible prosecution)

v. Providing Network Early Warning information (advisories) to stakeholders

National KE-CIRT/CC

Implement National

Cybersecurity Policies, Laws &

Regulations

Cybersecurity Awareness &

Capacity Building at the National Level

Technical Co-ordination &

Response to Cybersecurity

Incidents

Early Warning & Technical Advisories

Collect, collate and disseminate

national statistics on cybersecurity

incidents

Development & Implementation of a National Public Key

Infrastructure (NPKI)

Research & Development

(R&D) on Cybersecurity

Establish Collaboration

(National, Regional & International) on

Cybersecurity

Summary of the Functions of the National KE-CIRT/CC

National KE-CIRT/CC

National Police

Service (NPS)

NationalIntelligence Service (NIS)

Kenya Defence

Forces (KDF)Directorate of

Public Prosecutions

(DPP)

Mobile Telecom Operators &

ISPs

Financial Institutions

Academia

National, Regional &

International CIRTs

National KE-CIRT/CC Collaboration (Stakeholders)

The National Publ ic Key Infrastructure(NPKI)

“ E n h a n c i n g I n t e r n e t S e c u r i t y i n K e n y a ”

The National PKI

Anonymity on the Internet drives the tendency towards abuse.

“On the Internet, nobody knows who really is on the other end”

The ICT Sector Policy of 2006 and the Kenya Information and Communications Act of 1998 mandate the Communications Authority of Kenya (CA) to license entities to provide Electronic Certification Service Provider (E-CSP) services.

E-CSP entities issue digital certificates (virtual identities) to Internet users to enable them carry out safe and secure electronic transactions.

The National PKI

The Ministry of ICT in collaboration with the Communications Authority of Kenya (CA) and the ICT

Authority (ICTA) have implemented the National Public Key Infrastructure (NPKI).

The National PKI

The NPKI comprises of two parts:

The Root Certification Authority (RCA) A function of the Communications Authority of Kenya (CA) and is

used as a regulatory tool in the licensing of Electronic Certification Service Providers (E-CSPs). The RCA accredits (endorses) the E-CSPs so that the digital certificates they issue are recognized by the law

at the national level

The Government-owned E-CSP ICT Authority (ICTA) will be licensed to operate the government-

owned E-CSP to issue digital certificates (virtual identities) to Internet users using government services. This will be the first E-

CSP licensee for the Communications Authority of Kenya (CA).

The National PKI

REAL WORLD CYBERSPACE

National Identity (ID) Card bearing an individual’s photo and finger print is used for identification.

An Digital Certificate (virtual identity) bearing an individual’s public key is used for identification.

A re-usable hand signature or signature-seal is used for authentication.

A digital signature (virtual signature), using an asymmetric encryption method, is used for authentication. The signature is unique for each e-transaction. For example, if a document is changed, the digital signature also changes.

The National PKI

Root Certification Authority (RCA)

Technical Standards Development

Awareness Creation & Capacity Building

Licensing & Accreditation of E-

CSPsGovernme

nt-owned E-CSP

Issue

Digital Certificates

Private-

owned E-CSPsIssu

e Digital Certificates

International Co-operation

The National Public Key Infrastructure (NPKI)

Key: E-CSP: Electronic Certification Service Provider licensed by the Communications Authority of Kenya (CA) to issue Digital Certificates (Internet IDs).

25

User Environment For Electronic

SignaturesLegal and

Policy Issue

Technical Specifications

Accredit Certificate

Authorities International Cooperation

Root Certification

Authority(RCA)

Issue and manage E-CSP certificate; Audit E-CSPDevelop and

standardize

Research and development

Public awareness and Capacity Building

Support for mutual recognition

The National PKI

26

Auditing Unit

Registration Authorities

Directory Services

Subscribers

Government-owned E-CSP

Generate & issue certificates

Storage and management of Certificate revocation lists

Act as agents of Certificate Authorities

Logs, History and Integrity Checks

The National PKI

Benefits of a NPKI

• Ability to digitally sign electronic data and information to ensure integrity of the data and non-repudiation

• Ability to encrypt electronic data and information to ensure confidentiality.

Implementation of a framework for the management of the dot KE country code Top Level Domain (ccTLD)

i. What is a Domain Name System (DNS)?A system that maps IP addresses to EASY-TO-REMEMBER Domain Names (CA.GO.KE). Include ccTLDs (country identity) and gTLDs (generic).

ii. What is a ccTLD?country code Top-Level Domain, and acts as an Internet Identity for a country or territory. Examples are: dot KE (Kenya), dot TZ (Tanzania), dot UK (United Kingdom), dot US (USA).

iii. Licensing framework for dot KE ccTLDKenya Network Information Centre (KENIC) started in 2002 under facilitation by CAThe Law (KICA) requires that dot KE Registry and Registrars are licensedThe Licensing framework is awaiting final approval by the Board

CONDUCT TECHNICAL RESEARCH AND DEVELOPMENT (R&D) ON NEW AND EMERGING TECHNOLOGIES AND TRENDS

Conduct technical Research and Development (R&D) on new and emerging technologies and trends

Development of White papers on new and emerging technologies

Research and Development (R&D) in Cybersecurity trends

Structure of the IT Department

DirectorInformation Technology

(IT)

Assistant DirectorInformation Systems

(IS)

ManagerSystems Development &

Administration(SDA)

Assistant DirectorE-Commerce (EC)

http://www.google.co.tz/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=acttZos8UjPcoM&tbnid=GxF5zjAqe5EoZM:&ved=0CAUQjRw&url=http://www.123rf.com/photo_15463276_computer-keyboard-with-thank-you-key-business-concept.html&ei=9EyfU7O4DYyVqAbX3YCYCg&bvm=bv.68911936,d.d2k&psig=AFQjCNELI8hWVSHCxP_Whd6ILfNBgG5wlA&ust=1403035008299590