Post on 04-Mar-2020
B.P6170YaoundéTél:(+237)694405868Email:das@antic.cm Website :http://www.antic.cm
Windhoek,30thMay2017
Presented by:Njei CheckHead, Audit Security Division, ANTIC
SUMMARY
INTRODUCTION
COMMONTHREATSFACEDINCAMEROON’S CYBERSPACE
SECURITYSOLUTIONSDEPLOYEDTOSECURECAMEROON’SCYBERSPACE
PERSPECTIVES
CONCLUSION
1
2
3
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-conference event
5
4
1.CONTEXT
1.1.ICTDevelopment inCameroon
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
vThe Government of Cameroon is committed to deploying ICT relatedsolutions across government agencies and departments. Benefits of thiseffort include: greater efficiency, improved public services, reducedcorruption and enhanced engagement with citizens.
vIn 2009, Cameroonian government put in place a framework which focuseson cybersecurity activities and considering cybersecurity risks as part of thecountry’s risk management processes
vSecurity related solutions are highly needed to protect citizens andgovernment information systems in terms of ensuring information availability,integrity and confidentiality.
v Our Government has established a National Public Key Infrastructure (PKI), a Computer Incident Response Team (CIRT) and other cyber security solutions such as nationwide security audits of information systems.
vThe Government has also developed a legal and regulatory framework to help fight against cyber crimes.
1.2.Commonsecurity threats inCameroon
1. CONTEXT
1 • Scamming
2 • Phishing
3 • Skimming
4 • Webdefacement
5 • Hoax
6 • Unlicensed software
7 • Malware
8 • SIMBOX
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
§More than 8 Million USD loss incurred through scamming and phishing
§More than 7 Million USD loss incurred through skimming
§More than 300 cases of social network profiles spoofing and blackmail registered
§More than 400 thousand USD loss incurred through intrusion
§More than 25 million USD loss incurred through SIMBOX fraud
§ 28 webdefacement attacks perpetrated against public administration websites
§More than 12814 vulnerabilities detected on public administration websites
§ More than 150 requests related to cybercriminality received from INTERPOL and law enforcement
§Global cybersecurity index: 0,4118 (5th in Africa and 15thworld wide, ITU 2014)
1.3.Some statistics oncybersecurity inCameroon (2012– 2016)
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
1. CONTEXT
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
Awareness raising andCapacity buidling
CIRT(ComputerIncidentResponse Team)
SecurityAudit
Digitalcertification- PKI
ManagementofInternetresources (.cm&IPaddresses)
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
Legaland
Institu
tiona
lFram
ework
Legaland
Institu
tiona
lFram
ework
2.1.Legal andInstitutional Framework
• EnactmentofLawNo.2010/012oncybersecurityandcybercrimewhichpunishescybercrimessuchasintrusionintoinformationsystems,denialofserviceandprivacyrelatedattacks
• EnactmentofLawNo.2010/013ofDecember21,2010onelectroniccommunications,whichwassubsequentlyamendedbyLawNo.2015/006ofApril20,2015;
• ReorganizationofANTICbyDecreeNo.2012/180ofApril10,2012;
• Creationofaspecialfundtofinancecybersecurityrelatedprojects.
30/05/2017WINDHOEK IST AFRICA 2017, Pre-Conference event
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
2.2.Awareness raising andcapacity building
• Development ofbestpracticeguidelines
• Organization ofsensitization seminars
• Animate radioprogramdedicated tocybersecurity
• Creation ofcybersecurity programinuniversities
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
• MonitoringofcriticalITinfrastructures
• Issuingsecuritybulletinsandalerts
• Providingassistancetoenduserandcompaniesinhandlingsecurityincidents
• Developingcybersecurityrelatedstandards(policy,procedures)
• DigitalForensicinvestigations
• EstablishingandmaintainingpartnershipswithotherCIRTsandsecurityorganizations.
2.3.CIRT
30/05/2017WINDHOEK IST - AFRICA 2017, Pre-Conference event
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
Analysis of critical information systems aimed at detecting vulnerabilities,evaluating risks and proposing measures to correct the vulnerabilities detected.
2.4.Securityaudit
§ Over 100 security audit missions carried out in both public
and private organisations (2013 - 2016);
§ Over 10 000 vulnerabilities detected (2013 - 2016);
§ Improvement of ICT user’s awarness on cybersecurity
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
Using Public Key Infrastructure (PKI) technology in securing automated processes
- Setting up of a Root Certification Authority- Setting up of an accredited certification authority
Secured applications- e-GUCE (GUCE)- e-Procurement (MINMAP)- e-Billing (ANTIC)
2.5Digitalcertification(operational ,2012)
Ongoing- Teledéclaration (CNPS)- Teledéclaration (DGI)- NEXUS (DGD)- Driving license (MINT)- PrideSoft (ARMP)
30/05/2017WINDHOEKE
IST- AFRICA 2017, Pre-Conference event
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
• Development ofanIPv6migrationstrategy
• Development of.CMchart andanIPaddress chart
• Settingupofanational.CMmailserviceplatform
• Implementation ofDNSSEC
• Settingupoftwo IXP
• Nationalcampaign ofTelcom subscriber identification
• BuildingofWhoisplatform forpublicIPaddresses
• OrganisationofnationalInternetGovernance Forum(annually)
2.6.ManagementofInternetresources
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK
q Improve on the sensitization and capacity building
q Reinforce the national CIRT
q Construct a backup for the national PKI
q Construct a national government datacenter
q International recognition of SSL certificates issued by Cameroon’s PKI
q Accredit private companies to carry out security audits
q Improve on the development of local content
q Reinforce the legal and regulatory framework
q Promote the migration from IPv4 to IPv6
3.PERSPECTIVES
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
In the last few years, the digital economy, as a catalyst for innovationand competitiveness, has become an important lever for economicdevelopment. As an illustration, a recent report of the world bank advocates thatan increase of 10% in broadband usage can lead to an increase of 2% in theGDP.
Unfortunately, the development of digital economy is jeopardized bycybercriminality that thrives on the virtuality of the cyberspace and seriouslydamaging the trust within the cyberspace.
Therefore, to reach the expectations of digital economy, it is imperiousto reinforce the security of our cyberespace.
30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event
4.CONCLUSION
Thank you for your kind attentionContact: njei.check@antic.cm