Information Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The information being defended may be both electronic and physical documents.
Prevention of unauthorized disclosure of information ensures confidentiality, avoiding alteration achieves integrity and protecting against destruction or disruption ensures that the information and associated systems are available whenever required.
Cyber security is information security without borders. Considering that sensitive information in Uganda is now frequently stored on computers that are attached to the Internet, this can be emails, confidential information about individuals, businesses and organizations, extra efforts have to be made to ensure such information is secure from leaking, alteration and destruction.
Role of NITA in Cyber Security
National Information Technology Authority’s role is to regulate information technology and to provide leadership, organisational structures and processes at the national level that safeguard information against accidental or unauthorized modification, destruction, or disclosure.
One of the cardinal roles is to advise Government on cyber security so that preventive mechanisms are put in place to prevent breaches from occurring.
One of the challenges for cybercrimes is that evidence is not available in traditional formats and it takes special training and expertise to build it up.
NITA is currently training different Government agencies running critical IT infrastructure in areas of Incident handling, Computer Forensics & Malware Analysis to ensure the growth of those special skills.
The Government through NITA has developed the National Information Security Framework (NISF) which is expected to be launched in January 2014.
The NISF will help to standardize how Information Technology (IT) specialists manage IT systems in Government and the private sector though the issuance of mandatory requirements, policies, standards and implementation guides.
Director for Information Security at NITA-U, Peter Kahiigi said “We are targeting critical information infrastructure because they control systems which we are dependent on as a country for national security and for economic development.
If, for instance the computerized systems for power generation, transmission and distribution suffer cyber-attacks, we will suffer black outs. If banks and other utility companies are attacked, the citizens of Uganda will suffer,” Kahiigi said.
Entities running critical IT systems will be required to create technical and administrative controls like such as the use or user names and passwords to access systems, perform background checks during the recruitment of staff for critical IT jobs to avoid criminals being recruited in critical areas.
“If we fail to prevent breaches of information security controls then we will detect them through compliance checks,” Kahiigi said.
Cyber- crime is growing in Uganda for many reasons; cyber-crime is cheaper than traditional crime for example it is easier to steal money by taking ATM cards, conniving with someone to create a check leaf than using guns and robbing a bank.
Secondly there is a large pool of youth highly skilled in information technology coupled with the problem of unemployment hence there is a need to create programs that help the youth to channel their creativity into positive activities.
The Police have so far played a positive role in curbing ATM related crimes.
Creating a conducive legal environment
Laws have been put in place to ensure the safety of online transactions and users; such laws include the Computer Misuse Act, Electronic Transactions Act and the Electronic Signatures Act.
The Computer Misuse Act includes a clause which deals with cyber bullying where one party if found guilty of sending another party an abusive or threatening message is liable to face the law.
This law also legislates against the promotion of child pornography electronically.
“We have a gap in getting people to understand the laws; we are working on sensitization so that people know the existence and understand the importance of these laws.
Some institutions are reluctant to report cyber- crimes for fear of damaging their image,” he explained.
A National CERT (Computer Emergency Response Team) is being developed and housed in NITA-U in line with NITA-U’s mandate to promote the development of and regulate sector specific CERTs.
The National CERT will help coordinate response to all computer emergencies so as to have a disciplined approach towards solving common problems that citizens and organizations face while in the cyberspace.
“We have developed an incident response plan that is standardized.
A computer incident is like an accident, if there is an incident we have to go to the site, cordon off the area. We want a systematic way to respond to incidents.” Kahiigi said.
A National Information Security Advisory Group (NISAG) comprising of public and private sector private sector experts in Information Security will soon be appointed by the Minister of ICT to advise the Government on Information risks” he said.
The biggest challenge now is the mind- set that people have while online; people tend to be more careful in their normal lives and throw caution to the wind while transacting online, tending to be more trusting with their information and lives to strangers.
We need all internet users to be more careful, vigilant and responsible and know that not everyone you meet and interact with online is necessarily a friend or a good person with the best intentions.
The ever changing landscape requires us to adjust quickly; there is a knowledge imbalance; some people do not have knowledge of information technology when they should be well equipped.
Mastering this field will require anyone to familiarize themselves to it; the more one practice the better one gets.
Risks to individuals
As an individual, you are responsible for your actions online and ensure passwords and any confidential information that is accessed by you is safeguarded.
Heads of IT in organizations should put in place systems and controls to protect individuals and systems to ensure that they are not vulnerable and easy to manipulate. When IT isn’t working, most businesses cannot make money and similarly the Government is unable to meet her responsibilities to the citizens.
The need for Information Security has become critical today in Uganda and more so in an ever changing and fast paced globalized world where there is a great shift towards online transactions economically and socially.