ABOUT I-NETWORK

I-Network is an ICT for development (ICT4D) organization that is mainly supported by the International Institute for Communication and Development (IICD).

Read more...
Follow us on Twitter
Home
TOP STORY: Cyber Security PDF Print E-mail

By Margaret Sevume,I-Network; with excerpts from James Wire, The Wire Perspective.

“For every technological innovation, an equivalent technological threat emerges”- James Wire. He states further, “Today, one doesn't need to be in a particular geographical location to rob or cause harm to a community. Gone are the days when to rob a bank, one had to plan for a getaway car, camouflage, guns and other assortments of weapons. You don't need access to URA's strong room to steal files or log books, nor do you need to carry out much physical surveillance of a location to be attacked.

 

Estonia had some troubles with Russia and during the heat of their differences, Estonia was cyber hack attacked and being a country that is one of the most advanced in e-governance, they suffered a big hit with many services countrywide grinding to a halt. It is alleged that Russia was behind the attack”.


Eight arrested in 'biggest' bank heist
Prosecutors in New York have accused eight men of being part of a vast and elaborate cyber-fraud against two banks that robbed them of $45 million in a matter of hours.

They allege a crime gang spanning 27 countries hacked into the computer systems of credit card processing companies, stealing the information they needed to allow them to make repeated big withdrawals from cash machines.

In a related incident in New York,  police have caught four people who they say stole more than $300,000 in a fake debit card scheme.  Two of the men were caught at separate Manhattan banks, withdrawing money from flagged accounts on Thursday. Two others were arrested in a hotel, where officers recovered cash and money orders as well as hundreds of fake cards and a magnetic strip encoding device. They've all been charged with grand larceny.
However, Edward Snowden, a former technical contractor of the US National Security Agency has demonstrated that an insider can do a lot more damage that any outsider’s attack. Snowden leaked reports of secret digital surveillance of American citizens which violates individual’s privacy.
Beza Belayneh, CEO/CISO of South African Centre for Information Security asserts that “People do not like to hear it and employers do not like to admit it, but the biggest threat to a company is their internal employees. Your employees or anyone with special access (like a contractor, temporary worker or partner) have more access than an outsider and therefore can cause a lot more damage.”
In June last year, Uganda Revenue Authority (URA) lost over sh2b in taxes in fraudulent transactions involving hacking of the computer system. A racket of people were hacking into their network and altering electronic documentation for illicit purposes.  Could there have been connivance with URA staff?
The case was resolved in April 2013 but what lessons do we learn from it? James Wire has some suggestions:
What Should be Done.

  • Our forces need to establish fully fledged digital departments not merely for managing websites and installing anti-viruses but to beef up our forensics work in the Uganda Police, counter intelligence efforts as well as thwart any potential digital attacks. Defacing of Uganda Government websites by various online groups has become as common as seeing potholes in Kampala.
  • The Uganda Government needs to adjust its policy especially for security sensitive items by ensuring that certain minimum expectations are met. Some of these could be;
  • Mandating the use of Open Source Software licenses for sensitive software systems thereby enabling our local IT personnel to comb through the software to identify any potential loopholes.
  • Ensuring thorough checks and due diligence on acquired hardware to be used in sensitive installations. This will thwart any potential back doors that are intentionally placed in them.
  • Training the existing staff and ensuring that they have high level skills that can match global standards.
  • Having a research team whose role is to continuously study digital vulnerabilities and carry out intrusion tests on various crucial government installations. This team can also come up with innovations on how best to secure our nation digitally.
  • Training teams of Digital forensic specialists and ensuring that they are well facilitated to carry out their work.
  • Partnering with the private sector to fill in gaps where the Government cannot readily get the right staffing to do so.
  • There is a need to digitally re-skill the top brass in the forces to have them embrace and appreciate the level of effectiveness and threats the digital age has brought with it.

While not all data breaches can be prevented, the majority are crimes of opportunity that rely on the failure of aggravatingly simple protections. Organizations can promote consumer confidence and loyalty by instituting better protections against the event of a data breach and by mitigating criminals’ ability to use stolen data to defraud consumers.
Just last month in May, Uganda fell prey once again to another cyber incidence in the form of hacking of government websites. In response to this and other similar incidents, government has come up with a comprehensive strategy to deal with this threat.
Computer Emergency Response Team (CERT) in Uganda

The International Telecommunications Union (ITU) has been tasked with the responsibility of building confidence and security in the use of ICTs by each country establishing a Computer Emergency and Response team -CERT to strengthen the fight against cyber threats and cyber crime.  CERT was launched on 7th June 2013 as the Communications Sector CERT.
This is a collaboration of the  Ministry of ICT and NITA-U as well as peer communication regulators in South Korea, Finland, Egypt and Kenya who have such facilities.  

The Communications Sector CERT shall focus on sensitising stakeholders on issues related to cyber crime and positioning the sector in dealing with incidents that are designed to destroy the country’s communication infrastructure, deny access to the critical communication infrastructure, and to disrupt the availability of dependent services.  

Cyber security is a fundamental component of ICT and without paying special attention to it, all benefits of using these tools will not be realised.



Joomla Templates and Joomla Extensions by JoomlaVision.Com
 
dscn0227.jpg
RELATED STORIES
MAILING LIST

To participate in ICT for development discussions, subscribe to our mailing list by sending an email with your full name, country of residence, job title and address to admin@i-network.or.ug

You could also fill out the form on Dgroup: I-Network Uganda.

More information on the mailing list can be found at http://www.dgroups.org


Follow I-Network updates on:

Twitter

Facebook

YouTube