Presentedby: Njei Check - IEEE Internet Init....B.P 6170 Yaoundé Tél : (+237) 694 405 868 Email :...

B.P6170YaoundéTél:(+237)694405868Email:[email protected] Website :http://www.antic.cm

Windhoek,30thMay2017

Presented by:Njei CheckHead, Audit Security Division, ANTIC

SUMMARY

INTRODUCTION

COMMONTHREATSFACEDINCAMEROON’S CYBERSPACE

SECURITYSOLUTIONSDEPLOYEDTOSECURECAMEROON’SCYBERSPACE

PERSPECTIVES

CONCLUSION

1

2

3

30/05/2017WINDHOEK IST- AFRICA 2017, Pre-conference event

5

4

1.CONTEXT

1.1.ICTDevelopment inCameroon

30/05/2017WINDHOEK IST- AFRICA 2017, Pre-Conference event

vThe Government of Cameroon is committed to deploying ICT relatedsolutions across government agencies and departments. Benefits of thiseffort include: greater efficiency, improved public services, reducedcorruption and enhanced engagement with citizens.

vIn 2009, Cameroonian government put in place a framework which focuseson cybersecurity activities and considering cybersecurity risks as part of thecountry’s risk management processes

vSecurity related solutions are highly needed to protect citizens andgovernment information systems in terms of ensuring information availability,integrity and confidentiality.

v Our Government has established a National Public Key Infrastructure (PKI), a Computer Incident Response Team (CIRT) and other cyber security solutions such as nationwide security audits of information systems.

vThe Government has also developed a legal and regulatory framework to help fight against cyber crimes.

1.2.Commonsecurity threats inCameroon

1. CONTEXT

1 • Scamming

2 • Phishing

3 • Skimming

4 • Webdefacement

5 • Hoax

6 • Unlicensed software

7 • Malware

8 • SIMBOX


§More than 8 Million USD loss incurred through scamming and phishing

§More than 7 Million USD loss incurred through skimming

§More than 300 cases of social network profiles spoofing and blackmail registered

§More than 400 thousand USD loss incurred through intrusion

§More than 25 million USD loss incurred through SIMBOX fraud

§ 28 webdefacement attacks perpetrated against public administration websites

§More than 12814 vulnerabilities detected on public administration websites

§ More than 150 requests related to cybercriminality received from INTERPOL and law enforcement

§Global cybersecurity index: 0,4118 (5th in Africa and 15thworld wide, ITU 2014)

1.3.Some statistics oncybersecurity inCameroon (2012– 2016)


1. CONTEXT

2.CAMEROON’SCYBERSECURITY&INTERNETGOVERNANCEFRAMEWORK

Awareness raising andCapacity buidling

CIRT(ComputerIncidentResponse Team)

SecurityAudit

Digitalcertification- PKI

ManagementofInternetresources (.cm&IPaddresses)


Legaland

Institu

tiona

lFram

ework

Legaland

Institu

tiona

lFram

ework

2.1.Legal andInstitutional Framework

• EnactmentofLawNo.2010/012oncybersecurityandcybercrimewhichpunishescybercrimessuchasintrusionintoinformationsystems,denialofserviceandprivacyrelatedattacks

• EnactmentofLawNo.2010/013ofDecember21,2010onelectroniccommunications,whichwassubsequentlyamendedbyLawNo.2015/006ofApril20,2015;

• ReorganizationofANTICbyDecreeNo.2012/180ofApril10,2012;

• Creationofaspecialfundtofinancecybersecurityrelatedprojects.

30/05/2017WINDHOEK IST AFRICA 2017, Pre-Conference event


2.2.Awareness raising andcapacity building

• Development ofbestpracticeguidelines

• Organization ofsensitization seminars

• Animate radioprogramdedicated tocybersecurity

• Creation ofcybersecurity programinuniversities



• MonitoringofcriticalITinfrastructures

• Issuingsecuritybulletinsandalerts

• Providingassistancetoenduserandcompaniesinhandlingsecurityincidents

• Developingcybersecurityrelatedstandards(policy,procedures)

• DigitalForensicinvestigations

• EstablishingandmaintainingpartnershipswithotherCIRTsandsecurityorganizations.

2.3.CIRT

30/05/2017WINDHOEK IST - AFRICA 2017, Pre-Conference event


Analysis of critical information systems aimed at detecting vulnerabilities,evaluating risks and proposing measures to correct the vulnerabilities detected.

2.4.Securityaudit

§ Over 100 security audit missions carried out in both public

and private organisations (2013 - 2016);

§ Over 10 000 vulnerabilities detected (2013 - 2016);

§ Improvement of ICT user’s awarness on cybersecurity



Using Public Key Infrastructure (PKI) technology in securing automated processes

- Setting up of a Root Certification Authority- Setting up of an accredited certification authority

Secured applications- e-GUCE (GUCE)- e-Procurement (MINMAP)- e-Billing (ANTIC)

2.5Digitalcertification(operational ,2012)

Ongoing- Teledéclaration (CNPS)- Teledéclaration (DGI)- NEXUS (DGD)- Driving license (MINT)- PrideSoft (ARMP)

30/05/2017WINDHOEKE

IST- AFRICA 2017, Pre-Conference event


• Development ofanIPv6migrationstrategy

• Development of.CMchart andanIPaddress chart

• Settingupofanational.CMmailserviceplatform

• Implementation ofDNSSEC

• Settingupoftwo IXP

• Nationalcampaign ofTelcom subscriber identification

• BuildingofWhoisplatform forpublicIPaddresses

• OrganisationofnationalInternetGovernance Forum(annually)

2.6.ManagementofInternetresources



q Improve on the sensitization and capacity building

q Reinforce the national CIRT

q Construct a backup for the national PKI

q Construct a national government datacenter

q International recognition of SSL certificates issued by Cameroon’s PKI

q Accredit private companies to carry out security audits

q Improve on the development of local content

q Reinforce the legal and regulatory framework

q Promote the migration from IPv4 to IPv6

3.PERSPECTIVES


In the last few years, the digital economy, as a catalyst for innovationand competitiveness, has become an important lever for economicdevelopment. As an illustration, a recent report of the world bank advocates thatan increase of 10% in broadband usage can lead to an increase of 2% in theGDP.

Unfortunately, the development of digital economy is jeopardized bycybercriminality that thrives on the virtuality of the cyberspace and seriouslydamaging the trust within the cyberspace.

Therefore, to reach the expectations of digital economy, it is imperiousto reinforce the security of our cyberespace.


4.CONCLUSION

Thank you for your kind attentionContact: [email protected]

Presentedby: Njei Check - IEEE Internet Init....B.P 6170 Yaoundé Tél : (+237) 694 405 868 Email :...

Documents

Transcript of Presentedby: Njei Check - IEEE Internet Init....B.P 6170 Yaoundé Tél : (+237) 694 405 868 Email :...