Bridging Cyber Security Gaps: SMEs Trained in Uganda

By Edrine Wanyama |
Uganda’s Small and Medium Enterprise (SME) sector is credited with contributing 20% to the country’s Gross Domestic Product (GDP) in 2016. While the level of adoption of technology as a key component of operations within the sector remains unclear, its effective utilisation requires entities to also embrace safety and security measures as a priority.
Identifying security controls to defend against cyber threats and data protection thus formed the basis of discussions at a cyber standards training workshop for SMEs in Uganda. Organised by the National Information Technology Authority (NITA-U) in collaboration with the Commonwealth Telecommunications Organization (CTO), the workshop, held in Kampala, Uganda on August 23-24,2017 targeted SME entrepreneurs, banking industry officials as well as ICT sector representatives from non-government organisations and other ICT stakeholders.
The workshop explored the Information Assurance for Small Information Assurance for Small to Medium Enterprises (IASME) which encourages SME’s to comply with international information security management standards
Possible risks include; theft of data for monetary gain or competition by criminals, hacking, physical insecurity to staff and office equipment, malware attacks, insecure configuration, updating software from unreliable sources, access control and spam.
Discussions on information security are abound in Uganda as the Data Protection and Privacy Bill, 2015 makes slow progress in Parliament while laws like the Computer Misuse Act, 2011, The Electronics Signatures Act, 2011 and the Electronic Transactions Act, 2011 do not fully address the issue of data protection and privacy.
According to a 2016 report based on a global survey of cybersecurity managers and practitioners, cyber security and information security is considered a technical issue rather than a business imperative.  The findings of this study echo sentiments held by civil society organisations which face similar digital security threats including increasingly sophisticated threats and rate of incidents according research conducted by the Collaboration for International ICT Policy in East and Southern Africa (CIPESA). It revealed that various CSOs were concerned about, or had been victims of hacking attempts on their email accounts and internal networks, that they had been targeted by phishing emails, and that they feared their activities were being surveilled by authorities
In order to be better positioned to address cyber threats, civil society and SME need to be equipped with skills encompassing both online and offline responses. These include knowhow on policy and compliance, physical environmental protection, risk assessment, access controls, incident management, monitoring, backup, malware identification and technical intrusions.
Through a cyber essentials course and practical exercises, participants at the workshop were equipped with basic skills for enabling non-technical users to establish five information security controls including malware protection, access control, patch management, secure configuration, boundary firewalls and internet gateways.
As a follow-up to the exercise, selected participants will undergo further training for possible contracting as IASME information security assessors for SME’s. CTO’s international events and seminars are conducted in all countries of the Commonwealth, across the continents of Africa, Europe, the Americas, Asia and the Pacific region. Specifically, in Africa, the events have been held in Botswana, Cameroon, Ghana, Kenya, Liberia, Mozambique, Nigeria, Papua New Guinea, South Africa, Swaziland and Uganda.
 

Forum Sparks Debate on Internet Freedom in Africa

By Juliet Nanfuka |
The recently concluded two-day Forum on Internet Freedom in East Africa 2015 sparked debate on the many facets of internet freedom, including access to information, digital safety, media freedom, online violence against women, regulation of the internet, freedom of expression online, and the online economy.
The first day of the Forum coincided with the internationally celebrated Right to Know Day (September 28) and also served as a platform to recognise the tenth anniversary of the Access to Information Act  in the host country, Uganda.
The Forum, organised by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) under the OpenNet Africa initiative, brought together just under 200 participants, a dramatic increment from the 85 who participated at last year’s inaugural Forum. Participants represented a wide spectrum of stakeholders including communications regulators, civil society, intermediaries, private sector, tech enthusiasts, artists, media and ordinary citizens. It was supported by the African Centre for Media Excellence (ACME), Hivos, Ford Foundation, Open Technology Fund, UNESCO and Web We Want.
According to the ITU, there are currently 3.2 billion people using the internet of which, by end 2015, two billion will come from developing countries. There is therefore a need to create awareness and to advocate for internet rights in developing countries that are registering a dramatic uptake of the internet.
The African Declaration on Human Rights has set the foundation upon which human rights standards and principles of openness in internet policy formulation can be developed in Africa. While various policies and laws have been developed in the continent’s 54 countries, many contradict the rights to privacy, access to information, data security, and freedom of expression.
In his opening remarks at the Forum, Jaco du Toit, Communication and Information Adviser at the UNESCO Regional Office for Eastern Africa, pointed to growing concerns over the mechanisms used by governments in the region to monitor citizen’s activities both online and offline. These concerns threaten legitimate online interactions including by the media that  plays  the role of  society’s watchdog, and by critical citizens with large online footprints and human rights organisations that rely on information to encourage civic participation and good governance.
The use of ICT tools by citizens to exercise their right to free expression and as an engine for development is widely recognised especially as the push for open data gains momentum across the African continent. However, recognition of internet rights in the same breath as the rights guaranteed offline by national constitution remains a grey area.
 Internet Freedom in East Africa
The forum served as the launch of the State of Internet Freedom in East Africa 2015 report on access, privacy and security online in Burundi, Kenya, Rwanda, Tanzania, and Uganda. The report is the result of qualitative and quantitative research conducted in the focus countries between May 2014 and August 2015.
The report highlights legal developments related to internet freedom in each of the focus countries such as the May 2015 ruling by the East African Court of Justice (EACJ) against the Burundi Press Law of 2013, on the grounds that some sections went against the principles of press freedom. This marked a victory for the Burundi Journalists Union who had petitioned the court over the repressive law. In Kenya, the Security Laws (Amendment) Act was signed into law despite concerns over its expansion of the surveillance capabilities of the Kenyan intelligence and law enforcement agencies.
In Tanzania, the controversial Cybercrimes Act and the Statistics Act were both passed in 2015 notwithstanding protests due to the restrictions they place on advancing transparency and access to information.
Progressive public access developments are also reported such as the Smart Kigali initiative which provides wireless internet service on select public transport buses. The Ministry of ICT in Rwanda also launched the “Stay Safe Online” campaign aimed at promoting awareness on cyber security.
The report also presents some of the violations of internet freedom that were registered in East Africa over the last year.
Knowledge, Attitudes and Perceptions on Internet Freedom
The report found that understanding of what constitutes internet freedom among the region’s citizens is varied. The majority associated internet freedom with the ability to utilise the internet free of unwarranted state regulations or commercial restrictions.
Online safety practice was low with only 48% of the respondents using digital safety and security tools to safeguard themselves online. A lack of awareness of security risks on digital platforms and shortage of skills to secure communications were among  the reasons for not actively utilising online safety tools.
The report further found widespread perception among East Africans of government surveillance even where there was limited  evidence remain prevalent of actual surveillance. Respondents cited national security, countering terrorism, and combating hate speech as key reasons for government surveillance.
Discussion Echoes Report Findings
Discussions in the 13 sessions at the forum repeatedly pointed out contradictory or non-existent laws to protect users especially in instances where critical content in writing, or creative and performing arts have led to arrests. This in turn has contributed to self-censorship by independent content producers and media.
Further, victims of online violence against women (VAW) do not have any legal structures to ensure their rights are upheld; instead, many are castigated more than the perpetrators of the violence. Limited legal provisions on the vice have thus led to a culture of silence and misinformation which in turn impacts upon reporting of cases to indicate the extent and actual statistics of VAW in African countries.
Discussions at the forum echoed insights gathered in the report, including the friction between control of content which impacts upon freedom of expression and regulation of the internet so as to combat hate speech and terrorism, and to maintain national security and public order.
“Ignorance of the law is not an excuse,” said Irene Kaggwa, Head of Research and Development at the Uganda Communication Commission on the need for responsible use of the internet. Jimmy Haguma, Acting Commissioner with Uganda Police’s Cybercrimes unit, , added that “freedom without control” would contradict certain needs, such as ensuring child online safety and protection from theft and fraud.
The challenges involved with ensuring that the internet is a safe space for genuine interaction were summarised by Facebook’s head of Public Policy for Africa, Ebele Okobi, who noted that “If Facebook were a country, it would be the biggest country in the world.” She added that the global platform faces a challenge of how to apply the laws of every country in which it has users in its policy on online content.
Underpinning all discussions at the forum was the use of social media and the need for users to build their digital security capacities as the online arena increasingly becomes the key avenue for social interaction. However, legislation in many countries has not moved fast enough to ensure the protection of users who fall victim to online abuse and violence.
In his closing remarks, Vincent Bagiire, Chair of the ICT Committee, Parliament of Uganda, emphasised the necessity for further engagement on internet freedom not only by civil society but with a more inclusive multi-stakeholder approach which works towards ensuring a free and open internet. He stated that this responsibility exists first at the national level, “but given the borderless, global nature of the internet”, it is also very much a global issue. “Internet freedom is both a domestic and a foreign policy subject,” he said.
The Forum had representation from 19 countries including Burundi, Cameroon, Democratic Republic of Congo, Ethiopia, Germany, Italy, Kenya, Nigeria, Rwanda, Tanzania, South Africa, South Sudan, Sudan, Somalia, Uganda, United Kingdom, United States of America, Zambia, Zimbabwe
For more details, visit the Forum on Internet Freedom in East Africa 2015 page, See the full programme and the speaker biographies.
 
 

Improving eGovernment Initiatives: A Global Concern

By Lillian Nalwoga
At the end of May, Finland hosted an international conference to discuss ways of improving eGovernment programmes. In particular, the conference attended by Government Chief Information Officers (CIO) and other officials from across the world reviewed the role of leadership in e-government development.
While noting immense advancements in eGovernment, particularly in the European Union (EU), delegates at the ‘Leading the way in eGovernment development’ conference highlighted numerous factors hampering effective implementation of eGovernment strategies both in developed and developing countries.
According to a May 28, 2013 European Commission press release (see: eGovernment improving but citizens ask for more), almost half (46%) of EU citizens go online to look for a job, use the public library, file a tax return, register a birth, apply for a passport or use other eGovernment services. In addition, 80% indicated that using online public services saves them time, while 76% like the flexibility of the services and 62% said they save money when they use e-services.
Despite these positives, European governments still believe that public perception of governments and public institutions is still low and likely to worsen, stated the press release. Factors cited as constraining eGovernment included: inadequate capacity by some CIOs to implement eGovernment strategies, inadequate trust citizens have in some eGovernment systems, ineffective technological systems, inadequate open, transparent and collaborative efforts by governments, and limited availability of cross-border eGovernment services. According to the UN eGovernment survey 2012, for Africa and other developing regions, the above realities, in addition to the lack of e-infrastructure, mean that eGovernment remains at an elementary level.
Paul Timmers, Director of the Sustainable and Secure Society Directorate, DG Connect at the European Commission, noted that these challenges can be solved by governments’ smart use of new Information Communication Technologies (ICTs), adopting new processes and skills sets. In agreement, Ms. Henna Virkkunen, Finland’s Public Administration Minister, noted that ICT is a key element of every government task and new ways of using latest technology like cloud computing must be explored. Nonetheless, she cautioned that ICT should not be an end itself. Governments need to find ways to use inclusive technology in a manner that benefits them and their citizens, as citizens are demanding for better, user friendly and practical e-services.
In addition, governments also need to include third party users in the design, development and delivery of e-government services such as open data. Mr. Timmers remarked that the market value of Open Public Data” in EU countries alone is estimated at 140 billion Euros. According to the Open Government Partnership, the market value of Open data can be realised in three main channels – business innovation (making scientific research works more accessible hence driving innovation capacity in fields such as pharmaceutics and renewables); business creation (creating a new market as business can build new innovative applications and eServices based government data); and business efficiency (business and public bodies contributing to ‘smart’ growth by becoming more efficient in tackling citizens’ and customers’ needs by gaining precise and completer insight into citizens’ and customers’ preferences and needs).
But how do governments build positive perceptions of their citizens toward eGovernment? Ian Goldin, Director of the Oxford Martin School and Professor of Globalisation and Development at Oxford University, stated that in order to achieve this, governments have to build trust in the systems; address user privacy concerns; play a stronger role in regulatory frameworks; involve youth and the elderly in digital government and invest in latest technologies as older ones become difficult to work with.
Besides advancements in eGovernment, conference delegates discussed global related concerns such as openness and freedom on the internet as well as data protection. They called for immediate government attention to protecting citizens’ rights while considering the opportunities and benefits of private sector companies that provide online services in the “networked” era where multi-national players like Google, Facebook, Twitter, Amazon, and Yahoo have their own rules on how to handle customer data.
Further, the conference called for common efforts in capacity building for e-government development; sharing best practices to learn from each other; strengthening ethical behaviour in governments to pave way for a culture of openness and the adoption of political will in practicing openness. Other suggestions included the EU issuing directives to all its member countries to open up public data as well as the UN adopting a global framework on promoting openness.
The conference, which took place on May 28–30, 2013, was organised by the United Nations Department of Economic and Social Affairs (UNDESA) and Finland’s Ministry of Finance in collaboration with the European Commission.
More information about the conference is available here.