Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
2024: Domino Containers - The Next Step. News from the Domino Container commu...
CTO Cybersecurity Forum 2013 Auguste Yankey
1. Commonwealth Telecommunication Organisation,
Cybersecurity Forum 2013
Yaoundé, Cameroon, 22-26 May 2013
African Union Perspectives on Cybersecurity and
Cybercrime Issues:
The AU Draft Convention on Cybersecurity and related
activities
Auguste YANKEY (Mr.)
AU Commission
Email: yankeyka@africa-union.org
Website: www.AU.int
2. OUTLINE
• Cybersecurity and Cybercrime issues:
Introduction and overview
• Cybersecurity and Cybercrime in the AUC
• AU Perspectives on Cybersecurity and Cybercrime
Issues
2
3. • Almost two thirds of all adult web users globally have fallen victim to some
sort of cybercrime, from spam email scams to having their credit card details
stolen. (the 2011 Norton Cybercrime Report: The Human Impact study)
• The study, of over 7,000 Internet users found that 80% of people believed the
perpetrators would never be brought to justice. Fewer than half ever bother to
report the crime to police.
• Africa: the fastest development of mobile banking and money.
Ex: Kenya with M-Pesa: 70% of adult transfer money each other by mobile
means USD 320 million, almost a quarter of Kenya’s GNP.
• Africa is currently the social network’s fastest growing continent. There are
also local success stories such as South African social network, MXit which
currently has more than two times the number of Facebook users in South
Africa.
FACTS AND FIGURES
3
4. • The growth rate of cyberspace has been enormous, roughly doubling every 100
days.
• Cybercrime in Africa is growing faster than any other continent.
• Out of the top ten countries in the world with a high level of cybercrime
prevalence, Africa is host to four of these countries (Nigeria, Cameroon, Ghana
and South Africa).
• Africa = 2% of world trade but 10% of Cybercrime attacks (ITU)
FACTS AND FIGURES
4
6. The term
“cybercrime” is
usually referred to as
any criminal offense
committed against or
with the use of
a computer or
computer network
A set of activities and
other measures,
technical and non-
technical intended to
protect data,
information and
information systems
from unauthorized
access, use, disclosure,
disruption,
modification and
destruction.
Virtual world of
information
networks. The
global
information
space. The
digital era.
is a term used
to describe the
legal issues
related to use
of ICTs,
particularly
cyberspace
What does Cyber…refer to ?
6
7. “The Information Society Division”
• Core function:
– Enhancing the development of African ICT Networks between and among
regions and at the international level (Pan-African e-Network +VSAT
projects).
– Establish effective institutional linkages and essential mechanisms for
cooperation and coordination in ICT fields.
– Provide AU Member States with the necessary capacity and tools for
harnessing the Information Society for continental integration &
development.
– Promotion, coordination and harmonization of telecommunication, ICT and
Post Policies and Regulation for an inclusive African information society .
Cybersecurity and Cybercrime issues in the AUC
7
8. AU Challenges face to Cyber security/crime
8
Low capacity systems that increases the vulnerability;
Low technical capacity and human capacity building IT skills.
Systems poorly made and poorly managed.
Relay for attacks (bandwidth consumption, server downtime ...)
Proliferation of cyber centres without legal framework
against users' perpetration and the protection of the others
Fear of e-commerce and its impact on the development
lack of protection mechanisms at local and regional level
Unemployment of young graduates
9. AU response to Cybersecurity and Cybercrime
Many regional conferences, forums and workshop ( i.e.
the 1st African regional forum on cybersecurity, Yamoussoukro,
11/2008, 1st African Internet Governance Forum, Cairo, 10/2012)
Drafting of an African Union Convention on the
confidence and security in Cyberspace.
9
10. AU Convention on the Confidence
and security in Cyberspace
Legal framework-1
The Oliver Tambo Declaration (Ext/CITMC/Min/Decl.(I) Johannesburg, South-Africa,
5 Nov. 2009)
Adoption of the resolution
The 14th AU Summit of Head of State and government Declaration
on “Information and Communication Technologies in Africa: Challenges and Prospects for
Development” ([Assembly/AU/11(XIV)], Addis Ababa, Ethiopia, 31 January - 2 February 2010)
Endorsement of this resolution
The Abuja Declaration, CITMC-3 ([AU/CITMC/MIN/Decl.(III)], Abuja (Nigeria), 03-07
August 2010.
Confirmation of this resolution
We, African Ministers in charge of CIT, request the AU Commission to “Jointly finalize with the
United Nations Economic Commission for Africa, within the framework of the African Information
Society Initiative (AISI), the Draft Convention on Cyber Legislation and support its implementation
in Member States by 2012”; 10
11. Legal framework -2
The Khartoum Declaration (AU/CITMC-4/MIN/Decl.(IV)Khartoum, The Sudan,
2-6 September 2012
Endorsement of the AU Final Draft Convention on Cyberlegislation
by the 4th Ministerial Conference of the African Union Ministers in charge
of Communication and Information Technologies (CITMC-4)
AU Convention on the Confidence
and security in Cyberspace
11
12. Objective and goal
Its objective is to harmonize e-legislation related to e-transactions
development, personal data protection, cyber security promotion and fight
against cybercrime. Particularly:
Define key cyber terminologies in legislation
Develop general principles and specific provisions related to cyber legislation
Outline cyber legislative measures required at Member State level
Develop general principles and specific provision on international cooperation
as related to cyber legislation
Its ultimate goal is eminently protective given that it is geared to protecting:
Institutions against the threats and attacks capable of endangering their
survival and efficacy;
The rights of persons during data gathering and processing against the threats
and attacks capable of compromising such rights.
AU Convention on the Confidence
and security in Cyberspace
12
13. Strategic Orientations
The Convention defines a legal mechanism based on the following five strategic
orientations:
1. It spells out the options for an African Union wide cyber security policy;
2. It lays the foundations for an African Union wide cyber ethics and enunciates
fundamental principles in the key areas of cyber security;
3. It organizes electronic commerce, electronic signature and electronic publicity;
4. It organizes the legal and institutional framework for protection of personal data;
5. It lays the foundation for a penal cyber law and a penal procedure for the
treatment of cyber crime.
AU Convention on the Confidence
and security in Cyberspace
13
14. Expected results
Definitions on key cyber terminologies in legislation
Harmonised cyber legislation and provisions for the African Union
AU Convention on the Confidence
and security in Cyberspace
14
15. The Convention main parts
PART I: ORGANIZATION OF ELECTRONIC COMMERCE
PART II: PROTECTION OF PERSONNAL DATA
PART III: COMBATING CYBER CRIME
PART IV: COMMON AND FINAL PROVISIONS
webpage for the Draft Convention:
www.au.int/cyberlegislation
AU Convention on the Confidence
and security in Cyberspace
15
16. PART III: COMBATING CYBER CRIME
Section 1: Terminology
Electronic communication, Computerized data, Racism and xenophobia in information
and telecommunication technologies, Minor, Child pornography, Computer system,
Exceeds authorized access, Damage
Chapter 1: National cyber security framework
• National policy
• National strategy
Chapter 2: Legislative measures
• Legislations against cybercrime
• National Regulatory authorities
• Rights of citizens
• Protection of critical information infrastructure
www.au.int/cyberlegislation
AU Convention on the Confidence
and security in Cyberspace
16
17. PART III: COMBATING CYBER CRIME (Cont’d)
Chapter IV: National cyber security monitoring structures
• Cyber security governance
• Institutional framework
Chapter V: International cooperation
• Harmonization
AU Convention on the Confidence
and security in Cyberspace
17
www.au.int/cyberlegislation
18. PART III: COMBATING CYBER CRIME (Cont’d)
Section II: Material penal law
Chapter I: Offenses specific to ICTs
• Attack on computer systems
• Attack on computerized data
• Content related offenses
• Offenses relating to electronic message security measures
Chapter II: Adapting certain ICTs offenses
• Violation of property
• Criminal liability for corporate persons
Chapter III: Adapting certain sanctions to the ICTs
• Penal sanctions
• Other penal sanctions
• Procedural law
• Offenses specific to Information and Communication Technologies
AU Convention on the Confidence
and security in Cyberspace
18
19. I. Policy, Legal, and Regulatory Enabling Framework.
II. Awareness and Capacity Building.
III. Response and Recovery Mechanisms.
AU Perspectives on Cybersecurity
and Cybercrime Issues.
19
20. I. Policy, Legal, and Regulatory Enabling
Framework
1. Development of National Cyber-Security Legislation;
2. Implementation of AU Cybersecurity Convention
Implementation status
1. A draft Convention on Cyber Security has been developed (2010-11)
2. Regional Workshops have been organized on Cyber Legislation and on the AU Draft
Convention on CyberSecurity:
a. ECCAS: Libreville, Gabon, November 2011
b. ECOWAS: Abidjan, Côte d’Ivoire, February 2012
c. Tripartite [COMESA, SADC, CEAC] + UMA (Northern Africa): Addis-Ababa,
ETHIOPIA, June 2012
3. Final Expert Group meeting to finalize the Draft Convention before the CITMC-4
Addis-Ababa, Ethiopia, August 2012
4. Endorsement by the Conference of African Ministers in Charge of Communication
and Information Technologies (CITMC-4) in Khartoum, the Sudan, September 2012
20
21. VALIDATION
• Validation Workshops (RECs, national
experts, independent resource persons)
TRANSLATION
• Translation into AU 4 languages
VALIDATION
ENDORSEMENT
• By the Telecom/ICT experts meeting and
endorsed by the CITMC
LEGAL
VALIDATION
•By the AU legal experts meeting and endorsed by
the Conference of AU Ministers in charge of Justice
VALIDATIOVALIDATIOVALIDATIONNN
ADOPTION
• Submission to the Executive Council for transmission to the AU
Assembly of Heads of State and Government for adoption.
Adoption process of the Convention by the AU HoSG
I. Policy, Legal, and Regulatory Enabling
Framework
21
23. II. Awareness and Capacity Building
1. Development and distribution of toolkits to
facilitate the ratification of the AU Convention on
Cybersecurity
2. Organize and/or participate in workshops for
capacity building and Heightened awareness and
capacity to facilitate the development of national
cyber security legislation and in each AU MS;
With UNCTAD
With US DoJ, CoE, UNODC
232232223323333222233322223333
24. III. Response and Recovery Mechanisms
• Facilitate the setting up of National CERTs to contribute to
the continental and global cooperation and fight against
cybercrime
1. National CERTs
2. Regional CSIRTs (in collaboration with RECs)
3. Cybersecurity Unit within the AUC
24
25. THANK YOU FOR
YOUR ATTENTION
***
Auguste YANKEY (Mr.)
AU Commission
Email: yankeyka@africa-union.org
Website: www.AU.int/infosoc
25