International Cyber Center

Joseph RichardsonSenior Fellow, ICC

ICC Survey of CERT Capacity in AfricaJuly 2010

Develop a better understanding of cyber security and CERT capacity in Africa.

Input from all participants;◦ Governments◦ Private Sector◦ Civil Society◦ Academia

Survey Objectives

The African Union (AU) ◦ An international organization consisting of 53

African states whose objectives include to coordinate and intensify cooperation for development.

The World Information Technology and Services Alliance (WITSA)◦ A consortium of over 60 information technology

(IT) industry associations from economies around the world.

Survey Partners

Incident management◦ Which of 23 identified potential functions associated with

incident management (CERT activity) are being performed in country?

Legal infrastructure◦ On a scale of 0-5 what progress has been made on six (6)

key cybercrime elements (from review of laws to international cooperation)?

◦ What other laws associated with cyber security have been addressed (privacy, data protection, commercial law, etc)?

National Strategy for Cyber security◦ Which of 17 potential national objectives for cyber security

are included in a national strategy or being done outside such a strategy?

Elements of Survey

26 valid responses from 12 countries◦ 35 % government employees◦ 50 % private sector◦ 11 % academia◦ 4 % civil society

Results Survey Participants

22 % report their country has a CERT with national responsibility (N-CERT)

30 % report their country is addressing 16 or more of the 23 cyber incident management functions.

61 % report their country is addressing 6 or fewer of the 23 functions.

ResultsIncident Management

For each of the 6 cyber crime functions ◦ 45 % of respondents reported no action.◦ 5% of respondents reported completed action.

For other legal infrastructures associated with cyber security◦ 50 % reported no action on any of the other legal

infrastructures

ResultsLegal Infrastructure

35 % have a national strategy◦ Addressing on average 62% of the 17 objectives.

65 % have no national strategy◦ Yet they are addressing 13 % of the 17 objectives

ResultsNational Strategy

Efforts are underway in most countries of Africa to address cyber security providing a base upon which to build.◦ Including across a range of N-CERT functions

An N-CERT is correlated with activity across the full range of incident management functions.

The development of a national cyber security strategy is correlated with a comprehensive response to cyber security.

SurveyConclusions