INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

ICT SUMMIT SERIES NO. 2

Information Security & Public Key Infrastructure (PKI)

NAIROBI, 25-28 November

2013
1

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

The ICT Authority Telposta Towers, 12th Floor, Kenyatta Ave P.O. Box 27150 - 00100 Nairobi, Kenya t: + 254-020-208 9061 e: communications@ict.go.ke www.icta.go.ke

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Information Security & Public Key Infrastructure (PKI)

25 - 28 November 2013 Safari Park Hotel, Nairobi, Kenya

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

CONTENT
ACRONYMS ...........................................................................................................................................................................................................................5 EXECUTIVE SUMMARY ..........................................................................................................................................................................................................6 KEY CONFERENCE OUTCOMES ............................................................................................................................................................................................7 SUMMIT BACKGROUND .......................................................................................................................................................................................................8 SUMMARY OF CONFERENCE PROCEEDINGS ....................................................................................................................................................................10 DAY 1: PRE-CONFERENCE CAPACITY BUILDING WORKSHOPS .......................................................................................................................................11 COMESA WORKING GROUP DELIBERATIONS.....................................................................................................................................................................12 Day 2: Official Opening Session .........................................................................................................................................................................................13 DAY 3: NATIONAL STRATEGIES AND APPROACHES TO INFORMATION SECURITY ...........................................................................................................16 DAY 3: Draft AU Convention on Security in Cyberspace .......................................................................................................................................................19 CLOSING CEREMONY ..........................................................................................................................................................................................................21 ANNEXURES ........................................................................................................................................................................................................................22 APPENDIX 1: Biographies of CONFERENCE SPEAKERS ....................................................................................................................................................23 APPENDIX 2: Summit Program ...........................................................................................................................................................................................41 4

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

ACRONYMS
AISI African Information Society Initiative ARICEA Association of Regulators for Information and Communications in Eastern and Southern Africa ATU Africa Telecommunications Union AUCC Africa Union Convention a Cyber Security AUCC Africa Union Convention on Confidence CCK Communication Commission of Kenya CDPC European Committee on Crime Problems CERT Computer Emergency Response Team CIIP Critical Information Infrastructure Protection CIO Chief Information Officer CIRT Computer Incident Response Team COMESA Common Market for Eastern and Southern Africa CSDP Common Security and Defence Policy CSO Civil Society Organisations DDOS Distributed Denial of Service Attacks DSC Distributed Secure Cloud EAC East Africa Community EACO East African Communications Organisation EAPCCO Eastern Africa Police Chiefs Cooperation Organisation EATPO East African Telecommunication & Postal Organisation EC European Commission ECTEG European Cybercrime Training and Education Group eGA e-Governance Academy FIRST Forum for Incident Response and Security Teams FOI Freedom of Information GCA ITU Global Cyber Security Agenda GDC Government Data Centre 5 ICT Information & Communication Technology ICTA Information Communication Technology Authority IGAD Intergovernmental Authority on Development IP Intellectual Property ISACA Information Systems Audit and Control Association ITU International Telecommunication Union KE-CIRT/CC Kenya Computer Incident Response Team-Coordination Centre KIC Act Kenya Information and Communications Act KICTANet Kenya ICT Action Network KSAT MICT Ministry of Information, Communication and Technology NATO The North Atlantic Treaty Organization NATO CCD COE NATO Cooperative Cyber Defence Centre of Excellence NCSC National Cyber security Steering Committee NCSMP National Cyber Security Strategy Master Plan OIC-CERT Organisation of Islamic Countries-CERT PKI Public Key Infrastructure R&D Research and Development RA Registration Authority RCAs Root Certificate Authority RECs Regional economic communities SADC Southern African Development Community UNCITRAL United Nations Commission on International Trade Law UNECA United Nations Economic Commission for Africa UNICRI United Nations Interregional Crime and Justice Research Institute

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

EXECUTIVE SUMMARY
Nearly 168 million Africans use the internet. Although much of the internet use is for communications, increasingly businesses and governments are using the internet to collect, store and analyze data on citizens. From financial transactions to registrations for service delivery, people in Africa are signing up and using electronic solutions at an increasing pace. The entry of mobile devices and cloud solutions coupled with third party applications and social media has made the challenge of information security both complex and dynamic. Physical boundaries and physical security have been rendered irrelevant by the evolution of technology. Regional trading blocs EAC, COMESA, SADAC and AU are increasingly recognising the need to look at integration across all facets of economic development. Critical trade enablers such as ICT infrastructure, legal and policy frameworks and integrated strategy roadmaps for shared services make for a big agenda in most bilateral and multilateral dialogues today. There is therefore need for common approaches to information security among countries, governments and government agencies, industry and academia. COMESA is leading from the front by being proactive in exploring joint policy and legal frameworks for integrated ICT Infrastructure including Public Key Infrastructure on behalf of its members. The 7th Joint COMESA Meeting of Transport and Communications, Information Technology and Energy was held in Kampala, Uganda in September 2013 devoted time to analyze the security aspect of ICT use and to review the steps the member states have taken to combat the menace. It is also against this background that Kenya, agreed to host a follow up 6 Regional COMESA meeting on Cyber Security in the month of November 2013 in Nairobi, Kenya. The summit brought 300 delegates from 17 countries and was preceded by a series of capacity and awareness events targeting University/Academia fraternity, Media, Financial Services Sector and the Developer Community. These included: 1. Public Lecture - 20th November at the University of Nairobi targeted at the Academia and specifically the student community. More than 150 students and lecturers from different universities attended. 2. Editors Round table - This event was held on 21st November targeting journalists. The objective was to build their capacity for effective reporting on information and cyber security developments, challenges, opportunities and emerging approaches to mitigating them. 3. Cyber crime workshop for financial services sector - The workshop was organised by PwC and officially opened by Joseph Tiampati, the Principle Secretary in Ministry of Information, Communication and technology accompanied by Dr Katherine Getao and Eunice Kariuki from the recently created The ICT Authority. It was facilitated by senior information security and forensic consultants from PwC USA and Kenya and attended by CIOs from nearly all banks and other financial institutions in Kenya. The workshop sought to build their capacity for assessing and preparing appropriate mitigation strategies dealing with fraud emanating from cyber crime effectively. 4. Developers Round Table brought together software application developers with cyber security experts to discuss approaches in secure online transactions. Kenya now offers secure data transactions with the imple-

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

mentation of Public-Key Infrastructure (PKI). PKI is a solution that enables one to create, manage, distribute, use, store, and revoke digital certificates.

1. INCREASE PUBLIC AWARENESS CAMPAIGNS: Theres need to create a public awareness strategy to guide stakeholder mobilisation and public awareness on cybercrime and cyber security. 2. INCREASE PARTNERSHIPS TO LEVERAGE TECHNICAL EXPERTISE: Countries should liaise with education stakeholders to include cyber security in curriculum. Universities should be encouraged to create centres of excellence in conjunction with private sector. Countries should have regular networking opportunities so that they can benchmark rather than working in isolation and duplicating efforts. A model handbook and curriculum should be developed to ensure seamless adoption of best practices. 3. ESTABLISH REGIONAL CYBER SECURITY LEGAL AND REGULATORY FRAMEWORKS: COMESA should lead regional collaboration to address differences in investigations, prosecution and jurisprudence. 4. REVIEW AUCCS CONVENTION AND THE COMESA CYBER SECURITY STRATEGY: Theres need for more public awareness of the key features of the AU Convention on Cyber Security and discuss issues such as burden of vulnerability and guarantees tests; extensive surveilling powers with little oversight; right of privacy; requirement for full disclosure of ID information including PIN; criminalisation of peaceful online expression of permissible views and ideas. 5. INCREASE FUNDING: Governments need to increase funding of infrastructure to detect and deter cyber security as well as supporting policy and legislative initiatives

On the eve of the Conference, the COMESA Cyber Security Working Group held an Agenda review that agreed on:
1. The need to map judicial involvement at the national and regional levels so that theres a harmonized approach in judicial oversight and law enforcement. 2. Countries should mobilise finances for PKI trainings and also establish the criteria for trainee selection. Egypt has placed forward a proposfor hosting the Computer Incident Response Team Training (CIRT) Centre. 3. There should be a regional CERT Centre that will train the initial cadre of national lead persons who can come back to the country and lead in country onsite trainings. It will also be crucial for a partnership with the E-Academy in Estonia to host a study tour which will expose trainees on model CERT facilities, curriculum, lectures and standards. 4. The agreements have to be enforceable at the region with an oversight body that will hold countries accountable just like in Europe, theres the EU Cyber Crime Convention.

KEY CONFERENCE OUTCOMES

At the end of the Conference, delegates proposed the following outcomes: 7

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Way Forward
1. Put in place a regional legal framework to guide law enforcement, investigations and court proceedings. 2. Address differences in investigations, prosecution and jurisprudence and develop a regional legal framework dealing with cybercrime 3. Provide proposals ahead of time for review of the Africa Union Convention Cyber Security (AUCC). 4. Establish partnerships between the relevant government agencies on the one hand, and within the private sector on the other hand. 5. Develop means of sharing intelligence and information swiftly and effectively between security agencies in order to deter threats and attacks. 6. Create a training framework to guide all regional training activities.

3. County governments should put in place measures for digitisation of services. The national government has put April 2014 as the commencement date of online payment for all government services

SUMMIT BACKGROUND
Within the last decade, the development of ICT has had a phenomenal impact in virtually every aspect of the human life. Countries and regional economic blocks have established mechanisms to harness the potential of ICT for their social and economic development. However, the use of ICT, has inherent security threats. Unlike in the physical world, it is very easy and tempting for criminals to use ICT to commit crimes that are difficult to detect.Cybercrimes such as financial fraud or deliberate damage of critical information infrastructures can have a devastating effect. In the recent past, cases of terrorist attacks using cyberspace have become a worrying trend. There is therefore need for common approaches to information security among government agencies, industry and academia. COMESA is exploring joint policy and legal frameworks for integrated ICT Infrastructure including Public Key Infrastructure (PKI) on behalf of member states. The 7th Joint COMESA Meeting of Transport and Communications, Information Technology and Energy held in Kampala, Uganda in September 2013 analysed the security aspect of ICT use and reviewed the steps taken by member states to combat the menace. It is against this background that Kenya agreed to host a follow up Regional Summit on Cyber Security in November 2013. 8

The Kenya delegation used the Pre-event period to host an ICT County Secretaries Working Group Forum that identified the need for:
1. Governors should lead the adoption of ICT in their respective counties and work closely with The ICT Authority in rolling out ICT projects. 2. County governments should work closely with The ICT Authority to put in place the necessary infrastructure to combat cyber crime within the counties.

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Summit Objectives
The COMESA Cyber Security and Public Key Infrastructure meeting in Nairobi offered delegates an expanded platform to review key aspects that were deliberated in the Kampala meeting and propose the way forward on: 1. Harmonisation of National ICT Policies in line with COMESA Model ICT Policy. 2. Cyber Security Policy Guidelines and Model Law and e-transactions in line with COMESA Cyber Security Policy and Guidelines. 3. Harmonisation of PKI initiatives, standardisation of Information Society Measurements in line with Regional Indicators. 4. Implementation of COMESA Postal and Broadcasting Policies. 5. Capacity building and awareness creation on cyber security.

The Conference Organisers

1. The ICT Authority (ICTA). 2. Communications Commission of Kenya (CCK). 3. Common Market for Eastern and Southern Africa (COMESA).

Conference Sponsors
CISCO. Microsoft. PwC. Enterasys. Orange.

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

SUMMARY OF CONFERENCE PROCEEDINGS

10

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

DAY 1: PRE-CONFERENCE CAPACITY BUILDING WORKSHOPS County ICT Secretaries Working Group Deliberations
Panel Discussants:
1. Dr. Katherine Getao Roadmap on county input into the National ICT Masterplan 2. John Sergon - County Connectivity Project, an e-government Initiative by ICTA 3. Zilpher Owiti - Proposed ICT Structures for Counties. With respect to National ICT Masterplan, counties are to prepare a common position for the Task Force to address the major needs of the counties. To develop the common position document, the following will focus the crafting: 1. Ensure it is inspirational: The Masterplan should get everyone moving in the same direction both formally and informally and enhance county ICT participation. It should also be simple. 2. Provide set targets: Give a clear indication of where counties are headed and be effective even for the informal sectors. This provides an informal objective measure of progress and includes targets such as ICT penetration level, number of ICT businesses registered, and number of public services being offered online. 3. Structure and organise: Provide roadmap for counties to have fruitful outcomes. Should include and clarify enablers, develop applications and services for infrastructure, exploit commercial elements of the applica11 tions and services, and exploit ICT to drive the county growth. 4. Incentivise: Plan should have policies to incentivise ICT at the county and country level - for communications companies, education and capacity building incentives, industry and trade incentives, and content development incentives. The proposal for ICT Structures for Counties is to ensure that the county ICT office has the right staff establishment; scheme of service and a standard operations manual. The following should be taken into consideration: Description of roles, duties and responsibilities as well as the reporting lines and the subject matters to report. Result oriented approach - a phased implementation plan for the organisational structure is advisable. Collaboration - factor how the office will work with the public relation, information and communication functions of the county. Needs assesment - each county to take into account their growth potential, capacity, revenue generation ability and the citizens needs. Structure management in geographic zones for ease of work rather than use every village as currently constituted. Harmonisation - avoid the pre-existing government models, which have not worked well because they fail to be strategic in their approach.Set roles rather than substantive positions at the sub-county levels and below.

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Other Recommendations
1. Draft a comprehensive proposal for county connectivity. 2. Draft a Memorandum to enhance coordination between the counties and central government.

an investment indicator. 3. Theres need for a framework on national leadership on Cyber Security agree on weather it will be handled by the Security agencies, the Judiciary, private sector or the national regulatory agencies? The working group suggested the following action steps to address the study findings: There is need to Map judicial involvement at the national and regional levels so that theres a harmonised approach in judicial oversight and law enforcement. Countries should mobilise finances for PKI trainings and also establish the criteria for trainee selection. Egypt has placed forward a proposal for hosting the Computer Incident Response Team Training (CIRT) Centre. There should be a regional CERT Centre that will train the initial cadre of national lead persons who can come back to the country and lead in country onsite trainings. It will also be crucial for a partnership with the E-Academy in Estonia to host a study tour which will expose trainees on model CERT facilities, curriculum, lectures and standards. The agreements have to be enforceable at the region with an oversight body that will hold countries accountable just like in Europe, theres the EU Cyber Crime Convention.

COMESA WORKING GROUP DELIBERATIONS

The working group was established in 2008 during the ITU meeting in Lusaka-Zambia consisting of Egypt, Sudan, Kenya, Uganda, Malawi, Zimbabwe and Mauritius. The working group is the regional think tank on Cyber Security and offers technical as well as financial leadership on the implementation of the COMESA road map on cyber security, capacity building of skills and competencies, infrastructure invest- ment and legislative enhancement.

The meeting shared key findings from the Regional Study on Regulatory Frameworks on Cyber Security. The study established that:
1. Theres lack of awareness of cyber security and apparent discordant between law makers and law enforcers. Theres absence of legal expertise of PKI 2. Most countries are not aware of the opportunity dividend for putting in place cyber security frameworks. It will be critical for many countries to understand the benefits of establishing a business and political case for cyber security and probably look for ways of projecting cyber security as 12

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Day 2: Official Opening Session

Speakers:
1. Victor Kyalo- Chief Executive Officer (Ag) of The ICT Authority. 2. Mr. Francis Wangusi - Director General of the Communications Com mission of Kenya. 3. Dr. Fred Matiangi - Cabinet Secretary, Ministry of ICT (Kenya). 4. Mr. Sindiso Ngwenya - Secretary General-COMESA. 5. Kah-Kin Ho - Head of Business Development- CISCO. Key Infrastructure (PKI), a system for the creation, storage and distribution of digital certificates. Upon its completion, PKI is expected to provide locally available and cheaper digital certificates and signatures to facilitate safer online operations and services that are within our national laws (jurisdiction). The national KE-CIRT/CC has organised a number of capacity building and awareness creation forums,received and responded to various cybercrime incidents. Incidents so far responded to range from website defacement; online abuse, online fraud including theft via mobile money transfer services, online impersonation on email and social media accounts and denial of service attacks.

Mr. Francis Wangusi, the Director General of the Communications Commission of Kenya highlighted the following points:
CCK is leading the National Cyber-Security Steering Committee that comprise various actors in order to improve on the fight against this vice and is collaborating with EAC member states (through the East Africa (EA) level through the national CIRTs and the East African Communications Organisation (EACO); and at the international level through the ITU/ IMPACT. Plans are at advanced stage for KE-CIRT/CC to join the Forum for Incident Response and Security Teams (FIRST), in order to further improve our collaboration with international stakeholders. The national KE-CIRT/CC also carries out research and analysis on computer security and is facilitating the deployment of a National Public 13

Dr. Fred Matiangi- The Cabinet Secretary underscored Kenyas leadership in addressing cyber threats through establishing the following initiatives:
1. The National ICT Sector Policy of 2006 that addresses electronic security as the Kenya Information and Communications Act aims at securing online transactions. 2. The Electronic Certification and Domain Name Administration, intended to reduce on-line crimes such as hacking, identity theft and forgery of sensitive information. 3. The National Cyber-Security Steering Committee (NCSC) whose role is to facilitate coordination and collaboration in the response to cyber security incidents in liaison with sector CIRTs and other local, regional and international cyber security management actors, among other cyber

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

security management activities. 4. A National Cyber Security Strategy Master Plan (NCSMP) was launched, in February 2013 to provide the government with a plan to defend and secure its digital infrastructure, and recommend Cyber security standards for the countrys ICT infrastructure.

The additional cost of securing networks, insurance, and recovery from cyber attacks. Reputational damage to the hacked company. COMESA and Association of Regulators for Information and Communications in Eastern and Southern Africa (ARICEA) and ITU have been conducting a study on Public Key Infrastructure Protection. The aim of the study is to come up with frameworks for cyber-security and critical information infrastructure protection (CIIP); share best practices adopted internationally on similar CIIP efforts, review the role of various actors in promoting a culture of cyber-security and IT security assessment of measures taken in COMESA Member States. Regional bodies i.e. COMESA, EAC and SADC should develop modalities to establish a regional CIRT and Public key Information (PKI) centers for the ex- change of information, experience, evidence, registration, certifications as well as enhance awareness and foster the systems. COMESA and ARICEA will implement a programme on cyber security which will involve the judiciary system as one of the main stakeholders to enforce legislations. COMESA will also mobilise funding to ensure that the judiciary system is on board and well equipped with knowledge and experience to deal with cyber- crime. Strategies concerning implementation of cyber-crime programme will be developed with involvement of the public sectors, private.

Mr. Sindiso Ngweya the Secretary General of COMESA underscored the following points:
The different areas of malicious cyber activity that contribute to the overall costs associated with cyber-crime and cyber espionage include: The loss of intellectual property and business confidential information The loss of sensitive business information, including possible stock market manipulation. Opportunity costs, including service and employment disruptions, and reduced trust for online activities. The additional cost of securing networks, insurance, and recovery from cyber attacks. Reputational damage to the hacked company. Opportunity costs, including service and employment disruptions, and reduced trust for online activities. 14

Kah-Kin Ho of CISCO discussed a strategic view of cybersecurity with empha- sis on National Cyber Power. This is the capacity of a country

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

to deter threats or distract the threats if unable to deter them. Kah-Kin observed that the 21st century unlike the 20th century was characterised by private ownership of critical infrastructure. Security incidents on these infrastructures have a cascading impact private cost (to the corporation) and social cost (to the public). An important element of cyberpower is resilience the ability to absorb and recover from an attack while always striving to recover faster. Moreover, that most countries and institutions are poor in detection. With respect to legal frameworks, Kah-Kin noted the global view of cyber warfare has evolved to equate cyber operations with armed attacks. This change came about after the large-scale cyber attacks in Estonia in 2007 and Georgia in 2008. The result was the development of The Tallinn Manual on the International Law Applicable to Cyber Warfare.

search institutions to increase capacity building and technical expertise on cyber crime detection, legislation and attacks mitigation. A model handbook and curriculum should be developed to ensure seamless adoption of best practices. Countries should liaise with education stakeholders to include cyber security in curriculum. Universities should be encouraged to create centres of excellence in conjunction with private sector. Countries should have regular networking opportunities so that they can benchmark rather than working in isolation and duplicating efforts. iv. Formulation and adoption of regional cyber security legal and regulatory frame- works to combat cyber threats. COMESA should lead regional collaboration with other regional/ global treaties and conventions e. g (Budapest, AUCC, UNCI- TRAL) to address differences in investigations, prosecution and jurisprudence. COMESA should lead the way in hosting more country deliberations on the AU convention. v. Customisation of the Africa Union Convetion on Security in Cyber Space (AUCSC) and the COMESA Cyber Security Strategy. Theres need for more public awareness of the key features of the AU Convention on Cyber Security and discuss issues such as burden of vulnerability and guarantees tests; extensive surveilling powers with little oversight; right of privacy; requirement for full disclosure of ID information including PIN; criminalisation of peaceful online expression of permissible views and ideas. vi. Increased funding by Governments to tackle cyber crime through funding of infrastructure to detect and deter cyber security as well as supporting policy and legislative initiatives. 15

Key Session Outputs

The session highlighted the need for:
i. Enhanced collaboration among member states; multi-stakeholder involvement in the management of cybercrime and cybersecurity. ii. Increased public awareness campaigns on cybercrime and cyber security. Theres need to create a public awareness strategy to guide stakeholder mobilisation and public awareness. iii. Increased partnerships between private sector, academia and re

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

DAY 3: NATIONAL STRATEGIES AND APPROACHES TO INFORMATION SECURITY

1. Michael Katundu - Director of IT-CCK, Session Moderator 2. Guibert Harrison - Organisation and Informatics Professor, Estonia Cyber Security Academy 3. Dr.Isaac Rutenberg - Patent Lawyer and Intellectual Property Specialist, Strathmore University 4. Wim Horseling - Area Sales Diretor, Enterasys 5. Kingwa Kamencu- ICT Expert Mr.Guibert Harrison presentation on Cyber Risk Management highlighted the fact that the greatest risk to any cyber security is the human factor because of social engineering. Social engineering is the act of influencing a person to perform some- thing or act in a certain way. The training for judicial officer and law enforcement agents in the EU is undertaken at the Cybercrime IPA Project. Kingwa Kamencus presentation covered the practical issues of mobile security en- forcement specifically applies to both soft and hard tools. The soft tools included service provider controls (parental, PIN), raising 2. Confidentiality issues: How do you enforce traditional rights of privacy in the context of new technologies such as twitter? 3. Adduceable Testimony: Information gathering and sharing which deviates from common practice for investigation and prosecution. For instance, the issue of experts of facts v. experts of opinion in anti-banking fraud. The actual tabling of that information is by the fraud expert yet the practice is that it is presented the police. This creates another issue of hearsay. Equally, how the information is presented to the court, and by who is contentious. 4. Public policy and information sensitivity: Banks are wary of reporting 1. Jurisdiction: Does a judicial tribunal have the authority to act? What happens when intent is formed in one jurisdiction and the action is completed in another jurisdiction? awareness and the hard tools were the actual laws and courts interpretations, cross border practices, treaties, and administrative actions.

Kingwa identified the following as challenges in the enforcement of mobile security:

16

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

cyber crimes as this might trigger a run of withdrawals. Thus, discretionis given a premium over public right to know. Wim Horseling made a presentation on computer networks and works with private sector, public sector and service providers including NATO. Enterasys has an innovative portfolio- switches, routers, intel security networks, and end to end network connectivity. Dr.Isaac Rutenberg discussed Intellectual Property Rights in Cyberspace. The IP related issues in cyberspace include: privacy rights, copyrights, Digital Rights Management (DRM); use of security devices such as holograms and the ISPs notice to take downs. There are no specific social media laws national or regional in most African countries. Even in the USA, case law in America varies from state to state, and the same applies in Europe, yet, social media is global. Most jurisdictions rely on analogous laws that might be applied including: Constitution (Bill of Rights) Tort law (defamation, privacy, etc.) Contract law (ownership, etc.) Company law (disclosure rules, etc.) Media and Communications laws

Employment law (hiring, firing, discrimination, etc.) Consumer Protection Act

Key Session Outcomes

Delegates highlighted the following Key Capacity building areas:
There is need to increase public awareness of the loss and magnitude that cyber attacks can cause. There is need to increase competency in cyber security through specialised training, forensic labs and centres of excellences. There is need to enhance Research and Development by tapping into universi- ties. There is need to involve private sector and strengthening capacity of local SMEs to withstand cyber attacks.

17

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

FACT BOX 1. Major Cyber attacks

Estonia 2007: The relocation of a Russian sculpture angered the Russia minority in Estonia and the Russian minorities leading to a series of organised cyber attacks. They were able to hijack millions of computers globally and used them to jam Estonia ISPs, government and public institutions systems. The effect was disruption of communication, e-banking and misinformation. The defences applied to counter the attack included traffic filtering and networks capacity rising. This incident demonstrate clearly that a country should not wait for a physical military inversion-a cyber attack could be equally devastating. Stuxnet 2010: operations at an Iranian nuclear power plant were immobilised by a software-stuxnet, targeting Siemens AG controllers at the nuclear plant. The software originating from the USA and Israel stalled

centrifuges and the stopping uranium enrichment. It is not known what action was taken to counter the attack. Considering how typically such a plant is secured and they succeeded, it means there are no defence is impenetrable. Georgia 2012: 390 persons who dealt with sensitive information were the target of a major security planning and network attack. The attackers took out 95% of Georgian computers, stole information, changed the information, turned on the cameras to watch and record; and turned on the mikes to listen in. In effect, the infected computers were under attackers control. The origin of the attack was the Russian security agency and it was found out that the monitoring had ongoing for two years. Georgians reaction was unique- they planted a fake Georgian-American Agreement virus that fed to the Russian System.

18

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

DAY 3: Draft AU Convention on Security in Cyberspace

Speakers:
1. Michael Katundu - Director of IT, CCK. 2. Dr.Isaac Rutenberg - Patent Lawyer and Intellectual Property Specialist, Strathmore University. 3. Rene Raeber - ICT Consultant, Lecturer - Strathmore University. 4. Grace Githaiga - Kenya ICT Action Network.

Key Session Outcomes

The AUCCS Draft falls short in certain areas of law in which basic human rights were in danger of being reversed; also the Convention has the potential to place an undue burden on the private sector which would impact the growth of the industry. There is need for urgent consultations before the Draft is ratified The AUCCS was drafted for African countries and thus it is important to understand the African context with regard to certain principles.

Dr. Rutenberg and Raeber led the discussion on the AU Convention on Security in Cyberspace. The convention sets out to:
Protect institutions against the threats and attacks capable of endangering their survival and efficacy. Protect the rights of persons during data gathering and processing against the threats and attacks capable of compromising such rights. Reduce related institutional intrusions or gaps in the event of disaster. Facilitate the return to normal functioning at reasonable cost and within a rea- sonable timeframe; Establish the legal and institutional mechanisms likely to guarantee normal exercise of human rights in cyber space.

FACT BOX: EMERGING ISSUES ON THE THE AUCCS:

[Articles 228, 236]: Permitting unsolicited access to data without consent leaves it open interpretation that public interests are synonymous with state security. [Article 3]: This provision is too broad and infringes on freedom of the Press. Does it mean that a media cannot report a tribal conflict? [Article 345]: Interception of data: does this provision specify information be intercepted? A Judge can access traffic and content data - for reasons of information that he receives. This provision must specify the information, not leave it broadly. [Articles 40, 48]: Imposes unnecessary legal burden on individuals by total imposition of aggravation on acts online. This provision should be limited to specific criminal acts, not general usage otherwise it will be a legislative overkill. 19

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

[Articles 344]: Creates undue burden on corporationsthis provision fails to distinguish criminal, civil or administrative acts. Most conventions - limit to when the ISP fails to guarantee security; it must define the acts as criminal, administrative or civil. [Articles 355, 353]: Grants a Judge broad powers to curtail civil liberties and discretionary power to disregard procedures (freedom of expression). Dangerous in African context and will be subject for abuse. Again, 60% percent of judges are untrained in ICT or cyber law. Legislation should be an addition to other safeguards in existence - technical, etc. African countries lack technological security adequate enough to prevent and effectively control technological and informational risks. As such African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security. While underscoring the fact that the Convention establishes a framework for cyber security in Africa through organisation of electronic transactions; protection of personal data, promotion of cyber security, e-governance and combating cybercrime the Kenya ICT Action Network (KICTANet) presented that there should be a two pronged approach-specific amendments and a stakeholder engagement.

laws. 3. Each country must specify the nature of the liability. 4. Further limitations should be put to specify when a corporation can be held liable criminally. 5. Seizure of data or data equipment should be done only for specified purposes such as request from a state party, etc. 6. Theres need to enact provision on issues of jurisdiction especially on cross border requests e.g. extradition request, information sharing .

STAKEHOLDER ENGAGEMENT includes:

1. The AU should host various public discussions on multiple platforms around the continent and globe to gather ammendments. 2. Dr. Fred Matiangi, Cabinet Secretary, Ministry of Information, Communication and Technology asked CCK to bring stakeholders together to craft Kenya position on the convention. 3. There should be an inclusive redrafting accommodating a wider stakeholders group will facilitate a richer text. 4. The AUCCS has been discussed for two years but the drafting was done in gov- ernment circles. A broad consortium of excluded stakeholders asked the AU to slow down and stop the adoption of the AUCC. Burundi noted that the AUCCS was negotiated for two years before, but the country was never involved.

SPECIFIC AMENDMENTS includes:

1. The Convention should specify provisions on privacy protection. 2. Interception of data by judges should be specified in the national cyber 20

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

CLOSING CEREMONY
Speakers:
1. Victor Kyalo - CEO (Ag) The ICT Authority. 2. Francis Wangusi - Director General CCK. 3. Joseph Tiampati - Principal Secretary MoICT .

Mr. Tiampati Joseph, The Principal Secretary in the Ministry of ICT was impressed by the degree of attention and interest throughout the Summit.
He restated that cyber threats and cybercrimes have become increasing sophisticated along with the evolution of ICT. Kenya records loss of KES 2billion (ATM scams and defacing of network). The Principal Secretary thanked all the delegates and participants for their contribution and attention. He reminded the plenary that the onus was on all delegates to: Put in place a regional legal framework to guide law enforcement, investigations and court proceedings. Provide proposals ahead of time for AUCC. Develop means of sharing intelligence and information swiftly and effectively between these two spheres in order to deter threats and attacks Challenge COMESA to lead regional collaboration with other regional and global treaties and conventions such as Budapest, AUCC and UNCITRAL so as to address differences in investigations, prosecution and jurisprudence. Put in place a training framework to guide all regional training activities to enable all citizens be aware of all forms of cyber crimes.

Victor Kyalo applauded delegates for the fruitful contributions in the conference.
Francis Wangusi, the Director General of the CCK reviewed the objectives that were outlined at the launch of the conference, and noted they had been realised. There was consensus on: The need to establish a regional enforcement framework. Guide regional training activities. Public awareness strategies. Creation of conducive environment for Cyber Security. For the County ICT secretaries, it was agreed that: CCK to collaborate with counties in building Cyber Security resilient ICT platforms. Capacity awareness in Cyber Security will be enhanced through a seriesn of capacity building workshops, exchange programs and program support. 21

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

ANNEXURES

22

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

ANNEXURES :1 Biographies of Conference Speakers

Dr Fred Okengo Matiangi is the cabinet secretary, ministry of Information, Communications and Technology (ICT) in the government of Kenya. Before his appointment, Dr. Matiangi was the Centre for International Development, Rockefeller College of Public Affairs and Policy, the State University of New York SUNY/CID Liaison in East Africa. He formerly served as Chief of Party for Kenyas Parliamentary Strengthening Program. Dr. Matiangi held research and program implementation positions in various civil society organizations in Kenya and conducted research and training for the Commonwealth Parliamentary Association, the parliaments of Ethiopia, Uganda, and the East African Legislative Assembly. He has also been a columnist for the Daily Nation, Kenyas leading newspaper, and has consulted extensively with USAID, the Canadian Development Agency (CIDA), the World Bank, and Transparency International. He taught at Egerton University and the University of Nairobi.

Dr. Fred Matiangi

Dr. Matiangis education includes a Ph.D. in communication and comparative literature from the University of Nairobi, an M.A. in English from the University of Nairobi, and a B.A. in education from Kenyatta University. He speaks Swahili, English, and has a working knowledge of French.

23

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Mr. Joseph Tiampati ole Musuni is the Principal Secretary, Ministry of Information, Communications and Technology in the Government of Kenya. Before his appointment, Mr. Tiampati worked as General Manager in charge of Social Security with the National Social Security Fund (NSSF). Before this he had served under various capacities with Kenya Commercial Bank (KCB) until 2010 when he left to join NSSF. Prior to leaving KCB he was a Head of Department in Credit and also served briefly as Chairman of the Kenya Bankers Association (KBA) Credit sub-committee as well as member of the KBA/CBK task force which introduced credit information sharing in Kenya.

Mr. Joseph Tiampati ole Musuni.

Mr. Tiampati is an alumnus of Alliance Boys High school. His education includes an executive MBA from ESAMI/ MSM and a Bachelor of Science (Hons) degree in Mathematics from the University of Nairobi.

24

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Mr Sindiso Ndema Ngwenya is the third Secretary-General of the Common Market for Eastern and Southern Africa (COMESA) since it was transformed from the PTA in 1994. He brings with him over 27 years of service in industry, regional and multilateral levels covering the public sector, private sector and quasi-government institutions. Before his appointment, Mr. Ngwenya was the Assistant Secretary General of COMESA in charge of Programmes a position he held for ten years. In this position, he was responsible for overseeing the development and implementation of COMESA programmes. In addition, he oversaw and supervised the operations of COMESA established institutions such as the Leather and Leather Product Institute (LLPI), the Clearing House and the Regional Investment Agency. In industry, Mr Ngwenya was involved in the design and implementation of programmes and projects in the road, airline and railway sectors. At the regional level, he was instrumental in the formulation of the PTA (now COMESA) regional integration programmes culminating in the launch of the COMESA Free Trade Area on 31st October 2000. He also worked on the establishment of COMESA specialised institutions, such as, the Eastern and Southern Africa Trade and Development Bank (PTA Bank), the COMESA Clearing House and the PTA Re-Insurance Company (ZEP-RE). More recently, he played a key role in the design of the COMESA Customs Union and Common Investment Area. He was also part of the team that crafted the COMESA Treaty and oversaw the transformation of the PTA into COMESA in 1994.

Mr Sindiso Ndema Ngwenya

25

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Victor Kyalo is the acting CEO of The ICT Authority. A long term faculty member of the University of Nairobi where he was instrumental in the development of communication network courses as well as in the setting up of communication labs in the faculty, Victor was involved in a number of communication networks including working in the pioneering processes of Internet in Kenya (ARCC & Kenyaweb), has participated in several government of Kenya ICT projects as an ICT infrastructure consultant in telecommunication and education sectors. His current focus is on the deployment of communication technologies and services targeted at providing effective delivery mechanisms and processes in learning and teaching. Apart from systems design and implementation, my key interests are in the selection, measurements, and management of technology solutions, aiming at enabling an enterprise to optimize the return on its investment.

Mr. Victor Kyalo

26

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Mr Francis W. Wangusi the Director-General of the Communications Commissions of Kenya (CCK). He was appointed to the position on 21st August 2012. With over 20 yeras of experience in the ICT sector, Mr Wangusi has previously served in various capacities at CCK. Before his appointment, he served in the same position in an acting capacity for a period of a year. He is the immediate former Director in charge of Broadcasting, and had earlier served as the Director in Charge of Licencing, Compliance and standards (LCS). He joined CCK in the year 2000 at the level of Assistant Director, and rose through the ranks to the current position. Prior to joining CCK, Mr Wangusi worked in various capacities at the defunct Kenya Posts and Telecommunications Cooperation (KP&TC). He has also worked as a Senior Lecturer at the former Kenya College for Communications Technology (KCCT - now Multimedia University College). Mr Wangusi has played a pivotal role in a number of key projects, most notably as the Head of the implementing team for the development of Regulations and related instruments. As the Director in charge of Broadcasting, he coordinated the Digital Secretariat responsible for the implementation of decisions by the National Committee on the from analogue to digital broacasting in Kenya. He is also a member of the Commission charged with the preparation of the Kenya/Italy bilateral agreement on the utilization of the National San Marco Space Centre and operationalization of the National Space Secretariat. Mr Wangusi holds a Master of Space Science (Satellite Communications) from the International Space University, France, and a Bachelor of Technology (Telcoms Engineering) from University of Rome, Italy. He also holds a Chartered Engineering Certificate from the Engineering Council, United Kingdom.

Mr Francis W. Wangusi

27

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Kah-Kin Ho has been with Cisco for more than 17 years and in his current position as the Head of Cyber Security Business Development he has been involved in providing thought leadership, both externally and internally, on how to respond to cyber risk and threat. In addition Kah-Kin has been working in the European Commission NIS (Network Information Security) Platform in helping to identify incentives that could be implemented to help stimulate security investment by EU companies. Kah-Kin also serves in the Advisory Group of EUROPOL European Cyber Crime Center (EC3). Prior to this, he was a Solution Architect in the Global Government Solutions Group responsible for managing US Foreign Military Sales (FMS) to Taiwan, serving as Security Advisor to the Indian Military on their Tactical Communication Systems program, and managing large and strategic programs in South Korea. In addition Kah-Kin had spent 4 years working with Defense System Integrators such as EADS and Thales to jointly develop solutions for the Tactical Battlefield. Kah-Kin has also filed 2 US Patents on IP Networking protocols. Kah-Kin graduated from the State University of New York at Buffalo with Bachelor and Master of Science degrees in Electrical .

Mr. Kah-Kin Ho

Engineering. He also has a Master degree in Security Policy and Crisis Management, a program jointly organized by the Swiss Armed Forces College and Swiss Federal Institute of Technology (ETH). His research area during the course of his study was on Terrorism related issues. He has since been engaged to teach Cyber Security Strategy and Policy to Swiss General Staff Officers in the same program. His favorite pastimes are skiing, swimming, and reading.

28

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Kariuki is the Marketing Director at ICT Authority but also doubles up as a Deputy CEO. She participates in strategy formulation, directs marketing of Kenya as an ICT investment destination and drives promotion of ICT as a tool for improving livelihoods. She has also contributed towards development of the Konza Technology City master plan and supports World Bank funded projects and lead the European Commission, Bill and Melinda Gates foundation and Rockefeller foundation research funded projects for ICT Authority. She holds an MBA in Strategic Management from Maastricht School of Management affiliated to ESAMI, a BSc (Hons) degree in Business Studies from UK, a Higher National Diploma in Business Information Technology (BITech), and Chartered Institute of Marketing (CIM) Diploma.

Eunice Mueni Kariuki

29

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Xavier Villegas is the Chief Business Market Officer, Orange Telkom. He joined the company in 2011 from the Orange Group, where he served as the Director for Orange Corporate Sales in the French West Indies. He has more than 20 years experience in the telecom business market and has also worked for several years in Spain and in the USA as a Solutions Consultant. Xavier holds a Masters degree in Robotics and an Engineering degree from lEcole Nationale Superieure dIngenieurs, Besancon (France)

Mr. Xavier Villegas

30

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Dr. Isaac Rutenberg is a Visiting Professor at the Strathmore Law School. He obtained a JD from Santa Clara University School of Law in May 2011 and is registered to practice law in California, and also before the United States Patent and Trademark Office. Dr. Rutenberg has authored articles for a variety of publications and spoken at numerous conferences in Kenya, primarily focusing on practical aspects of intellectual property (IP). He continuously advocates for Kenyan organizations and individuals to expand their use of worldwide IP systems. In addition to his affiliation with Strathmore Law School, Dr. Rutenberg is currently a practicing patent attorney with Science & Technology Law Group (www.sci-tech.com). His practice includes patent prosecution, due diligence, and preparation of legal opinions (patentability, validity, and freedom to operate) for subject matter that included chemistry, materials science, polymers, pharmaceuticals, biotechnology, drug delivery, medical devices, and electronic devices. His practice includes all aspects of patent prosecution, including US and foreign prosecution.

Dr. Isaac Rutenberg

31

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Mr Kioni is the Security Systems and Tivoli Technical Sales Consultant at IBM East Africa, with over 13 years experience in the Information Technology and Cyber Security industry. Before joining IBM he was a Senior Security Engineer & Consultant at the U.S. House of Representatives in Washington DC. Mr Kioni holds a BSc. in Networks and Communications Management from De Vry University, Dallas Texas, and currently pursuing a dual MSc. in CeberSecurity and M.B.A from University of Maryland University College, Adelphi Maryland. a recognised National Center of Academic Excellence in Information Assurance & Cyber Security Education by the U.S Department of Homeland Security and the U.S. National Security Agency. He also holdsseveral industry designations, including, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Microsoft Certified IT Professional, Enterprise Administration (MCITP: EA), MCSE: Security, and Comp TLA Security.

Mr. Alex kioni

32

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Isiaho is a Manager in Deloittes Enterprise Risk Services practice where he focuses on information risk and assurance solutions. His primary focus includes Controls Assurance, IT and Security Governance Reviews, Information System Audits and Information Security Assessments. He has served clients in Kenya, Uganda, Tanzania, DRC and Mozambique. Isiahos experience spans systems vulnerability scans; gap analysis; system post-implementation reviews, secure coding reviews, vulnerability assessments & attack simulations and system configuration review. As part of his responsibilities, he has served various telecommunication & media, financial, manufacturing, and hospitality industry companies across Africa in reviewing leading application systems and ERPs e.g. Telco billing systems, SAP R/3, Oracle Financials, major core banking applications, among others

Raymond Simbi Isiaho

33

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Lillian Makanga holds an LLB (Hons) degree from the Catholic University of Eastern Africa (CUEA) a post graduate diploma in law from the Kenya School of Law and currently and is an Advocate of the High Court of Kenya. She works at the Centre for Intellectual Property and Information Technology Law(CIPIT) where she is involved in the CIPIT-IP Clinic providing legal advice and cost effective solutions to innovators on all aspects of their Intellectual Property Rights. She also engages with startups on branding strategies. Further, she analyses developments in Kenyan and International IP Case law as well as the implications on the Intellectual Property Landscape. In addition, at @iBiz Africa a Business Incubation Centre in Strathmore University,she is involved in mentoring individuals and start-up organizations on maximizing on their business ideas. Her goal is to foster an innovative culture among individuals and within organizations

Lillian Makanga

34

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Muchemi Wambugu is a Director in the Information Technology Advisory practice of Price waterhouse Coopers Kenya Ltd in Nairobi, Kenya. Muchemi joined the firm in 2011 having worked at Deloitte Consulting Ltd in Kenya, and IBM Global Services in California, USA. Muchemi is a certified Project Management Professional (PMP), member of the Project Management Institute (PMI) and is a Microsoft Certified Technical Trainer. He holds an Honors degree in Commerce, majoring in Management Information Systems from the University of Manitoba, Canada, and a Masters degree in Project Management from the University of California- Berkeley, USA. Muchemi is an ICT Management professional, with more than 16 years of experience in advising organizations both private and public on business- centric ICT solutions. He has extensive experience in global technology implementations, ICT Transformation, Strategy, Operations, governance and Program Management. He has advised government and private organizations on how to unlock business value from investments in ICT.

Muchemi Wambugu

He has proven managerial skills in leading and directing highly successful technology teams in the bio-pharmaceutical, technology, educational, financial industries as well as the Public Sector.

35

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Kebaso George Mokogi He is the chief carrier services officer. Prior to his appointment, Kebaso was Oranges head of public sector. He has seventeen years experience working in the software development and telecommunications fields in Kenya, Uganda and the US. Kebaso holds a masters degree in human resources management from the Dallas Baptist University, Texas, and a bachelors degree in business administration from the University of North Texas.

Kebaso George Mokogi

36

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Tyrus Muya Kamau Is a Information Security professional with over 6 years industry experience in the region with domain expertise in the following areas: Penetration testing & vulnerability assessment Signaling Intelligence & Radio Frequency research Active threat modeling. R&D in cyber warfare ISO 27001 compliance enforcement His work experience spans across different clientel including the Kenyan Government where he was part of the team that developed and delivered the National Cyber Security Master plan, Ministry of Defence (Department of Military Intelligence), various corporations and learning institutions (Strathmore University). Tyrus has partnered with Strathmores iLab to develop a dedicated IT Security Institution which will train and create much needed capacity in the country in the area of Cyber Security. In addition, the partnership is carrying out dedicated Cyber Security R&D in collaboration with various banks, MFIs and regulators. He is a regular speaker at various security conferences in the EA region crusading for active participation from various stakeholders in establishing an IT Risk aware generation of IT professionals. He also lectures Web & Wireless Security units at Strathmore University in the Msc Telecommunications for Innovation and Development. In his spare time Tyrus is an avid reader, gamer, budding photographer and has taste for fine dining.

Tyrus Muya Kamau

37

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Eno-Akpa Rene Nkongho, a winner of the 2012 Central European MA (Public Policy) Fellowship Award, is specialized in International Public Policy. Also, Rene is an MA - International Relations and Diplomatic Studies graduate (2010) of Makerere University and an Upper Second BA -Social Science graduate (2005) of Uganda Martyrs University, Nkozi. Currently, Rene is the 2013 Google Policy Research Fellow hosted at CIPIT, Strathmore University Law School, where he has just concluded a research paper entitled: The Case for an African Solution to Cybercrime: A critical Review of the Draft AU Convention on the Confidence and Security in Cyberspace. Rene is an emerging scholar with a keen interest on how international organisations impact on statebuilding and social, political and economic development in Africa. Building on that interest, he previously served as Co-Lecturer on the Modules: Government and Politics in Africa; and, International Organisation at Cavendish University, Kampala in 2010/2011. He served as Programme Consultant for Governance, Democracy and Human Rights Programme from 2010 to 2012 with Twezimbe Centre, Uganda, a local Catholic NGO. In 2006, Rene served as Research Assistant for Global Network for Good Governance, Limbe, Cameroon.

Eno-Akpa Rene Nkongho

Some of Renes scholarly works include: A Critique of MACKINNON REBECCA, Internet Freedom Starts at Home: The United States needs to practice what it preaches online, Foreign Policy Magazine (2012); The Fragility of the Liberal Peace Export: An Advocacy for the Extension of Formal Education Access in the Liberal Peace Project in South Sudan (2013) ; and, The Impact of Multilateral (Liberal) Trade on Growth and Poverty Reduction in Uganda (Forthcoming in UMU Journal of Development Studies, December 2013).

38

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

APPENDIX 2: Summit Program

39

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Brought to you by Host

Rebulic Of Kenya

Ministry Of Information, Communication and Technology

Conveners

40

INFORMATION SECURITY AND PUBLIC KEY INFRASTRUCTURE (PKI)

Sponsors Platinum

Bronze

41