The International Telecommunications Union (ITU) regional Cyber Drill for Africa has kicked off at Kabira Country Club in Kampala with a call on African countries to take cybersecurity more seriously.
The cyber drill is an annual event organised in the different regions of the ITU. This year, Uganda takes up the mantle from Ivory Coast, which hosted it in 2018.
The cyber drill is based on scenarios that focus on risks to the cyber and information technology infrastructure. Through exercises, participants are trained to improve national cybersecurity readiness, protection and incident response capabilities at regional and international level.
In his remarks at the brief opening ceremony on Monday, 18th November 2019, the ITU Technical Officer for Cybersecurity Mr Ben Rached Marwan thanked Uganda Communications Commission (UCC) for accepting to host the cyber drill. He also credited UCC for the good partnership that saw the Commission work with ITU to set up the Computer Emergency Response Team (Ug-CERT) in 2013.
The Ag. Executive Director Mr. Fred Otunnu said UCC takes issues of cybersecurity very seriously, adding that setting up the Ug-CERT was an expression of that commitment.
Mr Otunnu pointed out that while previous warfare was mostly conducted in the jungle with artillery and other weapons of war, modern warfare is cyber in nature, thus making cyber drills as important as military drills.
He, however, decried the fact that in Africa, financial resources dedicated to cybersecurity are still quite limited, something he attributed to the mentality of waiting to see something happen rather than acting to prevent it.
Yet, Mr Otunnu observed, African institutions are particularly prone to cyber-attacks, quoting the leader of IBM’s elite security unit Mr Michel Bobillier, who told the cyber drill meeting in Abidjan in 2018 that “cyber threats have no borders as data pirates are ready to attack anything that moves.”
Nevertheless, he said UCC doesn’t take chances on cybersecurity, which he said is among the Commission’s top three priority areas in terms of resource allocation.
“Whether it is a simple email scam, data theft or fake news, cyber-attacks can have significant repercussions for the victim in terms of financial loss, damage to corporate image or disruption of institutional or governmental operations,” Mr Otunnu said.
The ITU cyber drill exercises are structured around various scenarios involving the most common types of cyberattacks while the sharing sessions provide a platform for co-operation and discussions on cybersecurity.
To date, twenty-four cyber drill exercises have been conducted around the world, in more than 100 countries. In the Africa region, the exercise has been conducted in Ivory Coast (2018), Tanzania (2017), Mauritius (2016), Rwanda (2015) and Zambia (2014).
The four-day programme is designed to be an interactive platform for co-operation, information sharing, discussion on current cybersecurity issues and a hands-on exercise for CERTs (Computer Emergency Response Teams).
Usually, organizations follow a defensive approach to security, revolving around the deployment of protection security controls with a varying degree of monitoring capabilities. This cyber drill, however, covers how organizations can use Cyber Threat Intelligence to proactively identify threats and actionable information in order to better prepare against future attacks while at the same time minimizing the impact of ongoing ones.
The cyber drill will address a wide range of CTI standards, technologies and services and how they can be chosen and used effectively, based on the organizational context, maturity and specific needs of an organization.
Fifty-two (52) participants are attending the event, including Computer Emergency Response Teams (CERTs), government agencies, regulators, telecommunications operators, equipment manufacturers, software developers and other stakeholders.
The participating teams are from Uganda, Botswana, Burundi, Cameroon, DRC, Egypt, Gambia, Kenya, Lesotho, Malawi, Somalia, Tanzania and Zimbabwe.