International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010

PROTECTION OF CRITICAL PROTECTION OF CRITICAL INFORMATION INFORMATION

INFRASTRUCTUREINFRASTRUCTURE

By

Emmanuel E. Ekuwem,PhD, MIEEE, NPOM

CEO, Teledom GroupImmediate Past National President, Association of Telecom

Companies of Nigeria (ATCON)info@teledominternational.net

Bro a d b a n d IC T In fra stru c ture s

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Where are we coming from and where are we heading to?

How slowly have we been moving; what happened?

President Obasanjo’s “Presidential Committee on 419 on the Internet under Basil Udotai, Esq’s excellent Coordinatorship

Representative of the then relevant Law Enforcement Agencies: Police, EFCC, ICPC, NSA, SSS, etc and the Ministries of S &T, Justice; NCC, NITDA; NIG, ATCON, ALTON, NCS, CPN, etc.

Ministers of S & T and Justice/Attorney General as Co-Chairmen

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Where are coming from and where are heading to?--2

Many very constructive meetings of the committee

Extensive consultations with stakeholders

Report submitted to the President with recommendations containing, among others, the subject of this international conference: CERT Implementation

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Where are we coming from and where are we heading to?--3

Mr. President commended the committee for a “brilliant work”

A draft Executive bill sent to the National Assembly

Commencement of Public Hearings by relevant committees of Senate and House of Representatives

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Needless Controversies on the Draft Bill--1

While the 419 Committee deliberations lasted, the majority always had their way……as it should be in a democracy

Those who did not have their way during those deliberation sessions of the 419 Committee took their fight to the Public Hearings of the National Assembly

High level lobby set in

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Issues that Triggered Controversies-1

No need for an independent Agency or Body of whatever form

Almost every law enforcement agency claimed that it had sufficient provisions within the law setting it up to host the Cyber security outfit

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Issues that Triggered Controversies-2

Should the Cyber security agency or body be:

• A department (Directorate) in NITDA?• A department in EFCC?• A department of the Police?• A department in the office of the NSA?• An autonomous Agency that reports to

the NSA?• etc

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Issues that Triggered Controversies-3

If Cyber security matters can be handled under the ambit of existing laws, did we need a new legislation?

What would constitute Critical Information Infrastructure?

Do we need a law to designate Critical Information Infrastructure and criminalize its attack with stiff penalties

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Chaos of Draft Bills

Every shade of opinion on the scope, form and hosting of the Cyber security outfit had a tendency to want to sponsor a draft bill.

Which shade or version is in the House? Probably the product of compromises for the good of the country

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Critical Information Infrastructure

Major ICT service media for Access (IP and GSM/CDMA cellular), Switching, Transport, Billing, Storage, Processing and Interconnectivity upon which national economic activities and productivity depends; impairment of which impedes, disrupts and eventually sabotages the nation’s economy. This impairment can be considered an ACT of WAR against Nigeria.

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Information Infrastructure for the Critical Sectors

Security Telecommunication Financial Services….banking, insurance,

NSE, NDIC, PENCOM, etc Aviation Petroleum Power Health Water Governments

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Critical Information Infrastructure Protection (CIIP)

Enabling laws to define, designate and criminalize attacks

Physical Virtual

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

CIIP

Redundancies, backups, distributed architecture

CERTsFIRSTs

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

CIIP: CERT to the Rescue

Barring physical attacks, CERT action

Inter-CERT collaborations Some form of CERT coordination

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Seek Yee First Self-Protection

Sector designation of its CIISector CERT establishmentPartnership with the Police and

other relevant law enforcement agencies

Show CERT value in CII by reporting incidents

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

Thank YouThank You