Meeting Agenda
Description: The integration of information and communication technologies (ICT) into almost every sphere of daily economic and social activity has increased the dependencies of individuals, organizations and governments on globally interconnected networks. The rapid growth in the use of ICTs during the last decade along with a rising number of cyber-incidents and fraudulent activities, have led to a shift in the perception of the importance of cybersecurity. This has been further enforced by a growing linkage between cybersecurity and critical information infrastructure protection (CIIP). In order to promote cybersecurity and protect critical networked infrastructures, coordinated national action is required to prevent, respond to and recover from incidents. National frameworks and strategies are needed that allow stakeholders (individuals, organizations and governments) to use all the technical, legal and regulatory tools available to promote a culture of cybersecurity — along with regional and international cooperation.
This workshop aims to bring together government representatives, industry actors, and other stakeholder groups in the West-Africa region to discuss, share information, and collaborate on the elaboration and implementation of national policy, regulatory and enforcement frameworks for cybersecurity and CIIP. It will benefit:
- Information and communication policy makers from ministries and government departments;
- Institutions and departments dealing with cybersecurity policies, legislation and enforcement; and
- Representatives from operators, manufacturers, service providers, industry and consumer associations involved in promoting a culture of cybersecurity.
The workshop will also consider initiatives on the regional and international level to increase cooperation and coordination amongst different stakeholders.
|
TUESDAY 27 NOVEMBER 2007
|
|
08:00−09:00
|
Meeting Registration
|
|
09:00−10:15
|
Meeting Opening and Welcome
|
| |
Welcoming Address: H.E. Manuel Sousa, Minister of Infrastructure, Transport and Sea, Ministério das Infraestruturas e Transportes, Cape Verde
Opening Remarks: Patricia de Mowbray, Representative, Joint United Nations Office, Cape Verde
Opening Remarks: Margarida Evora-Sagna, ITU Area Office of Wes-Africa, Senegal
|
|
10:15−10:30
|
Coffee/Tea Break
|
|
10:30−12:00
|
Session 1: Creating a National Strategy and Framework for Cybersecurity and Critical Information Infrastructure Protection (CIIP)
|
|
|
Session Description: The necessity of building confidence and security in the use of ICTs, promoting cybersecurity and protecting critical infrastructures at national levels is generally acknowledged. As national public and private actors bring their own perspective to the relevant importance of issues, in order to have a consistent approach, some countries have established institutional cybersecurity/CIIP frameworks. This session reviews, from a broad perspective, different approaches to such frameworks and their often similar components in order to provide participants with a broad overview of the issues and challenges involved.
Session Moderator: Robert Shaw, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D)
Speaker: Robert Shaw, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D), “Overview of ITU-D Activities Related to Cybersecurity and Critical Information Infrastructure Protection”
Speaker: Jorge Lopes, Nucleo Operacional da Sociedade de Informacao (NOSI), Cape Verde, “e-Governance and Cybersecurity”
Speaker: James Ennis, Department of State, United States of America, Rapporteur ITU-D Study Group 1 Question 22 ― Securing Information and Communication Networks: Best Practices for Developing a Culture of Cybersecurity, “Best Practices for Organizing National Cybersecurity Efforts”
|
|
12:00−13:30
|
Lunch
|
|
13:30−15:00
|
Session 2: Development of a National Strategy for Cybersecurity and Critical Information Infrastructure Protection (CIIP)
|
|
|
Session Description: Increasingly, electronic networks are being used for criminal purposes, or for objectives that can harm the integrity of critical infrastructure and create barriers for extending the benefits of ICTs. To address these threats and protect infrastructures, each country needs a comprehensive action plan that addresses technical, legal and policy issues, combined with regional and international cooperation. What issues should be considered in a national strategy for cybersecurity and critical information infrastructure protection? Which actors should be involved? Are there examples of frameworks that can be adopted? This session seeks to explore in more detail various approaches, best practices, and identify key building blocks that could assist countries in West-Africa in establishing national strategies for cybersecurity and CIIP.
Session Moderator: Basil Udotai, Directorate for Cybersecurity (DfC), Office of the National Security Adviser, Nigeria
Speaker: Basil Udotai, Directorate for Cybersecurity (DfC), Office of the National Security Adviser, Nigeria
Speaker: Christine Sund, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D), “Promoting a Culture of Cybersecurity”
Speaker: Joseph Richardson, United States of America, “Management Framework for Organizing National Cybersecurity/CIIP Efforts” and “ITU National Cybersecurity/CIIP Assessment Toolkit”
|
|
15:00−15:15
|
Coffee/Tea Break
|
|
15:15−17:00
|
Round Table Information Exchanges on a Framework for Cybersecurity and Critical Information Infrastructure Protection and the Development of a National Strategy
|
|
17:00−17:15
|
Daily Wrap-Up and Announcements
|
|
|
|
|
WEDNESDAY 28 NOVEMBER 2007
|
|
09:00−10:15
|
Session 3: Legal Foundation and Regulatory Development
|
|
|
Session Description: Appropriate legislation, international legal coordination and enforcement are all important elements in preventing, detecting and responding to cybercrime and the misuse of ICTs. This requires updating of criminal law, procedures and policy to address cybersecurity incidents and respond to cybercrime. As a result, many countries have made amendments in their penal codes, or are in the process of adopting amendments, in accordance with international conventions and recommendations. This session reviews some various national legal approaches and potential areas for international legal coordination efforts.
Session Moderator: Matoso Carvalho, Angolan Institute of Communications (INACOM), Angola
Speaker: Marco Gercke, Germany, “The Challenge of Fighting Cybercrime in Developing Countries and the Role of National, Regional, and International Cybercrime Legislation”
Speaker: Gabriela Sarmiento, Consultant, Venezuela, “Les Délits Informatiques, Les Lois que Les Punissent et La Pratique Judiciaire”
|
|
10:15−10:30
|
Coffee/Tea Break
|
|
10:30−12:00
|
Session 4: Legal Foundation and Regulatory Development (continued)
|
|
|
Session Moderator: Marco Gercke, Germany
Speaker: Marco Gercke, Germany
Speaker: Baye Issakha Gueye, Membre du Conseil de Régulation de l’Agence de Régulation des Télécommunications (ART), Senegal, “Fondements Juridiques et Démarche Réglementaire pour la Cybersécurité - Survol des Enjeux et Perspectives au Senegal”
Speaker: Mody Ndiaye, United Nations Office on Drugs and Crime (UNODC), “Law Enforcement Tools to Investigate Cyber-Attacks ― Does West Africa Have a Cybersecurity Strategy/Application de la Loi contre le Cybercrime ― Quelle Stratégie en Afrique de l’Ouest?”
|
|
12:00−13:30
|
Lunch
|
|
13:30−15:00
|
Session 5: Legal Foundation and Regulatory Development (continued)
|
|
|
Session Moderator: David Gomes, Agencia Nacional das Comunicações (ANAC), Cape Verde
Speaker: Joel Schwarz, Computer Crime & Intellectual Property Section (CCIPS), Department of Justice, United States of America, “Legal Foundation and Development: The Risk of Cybercrime and Its Impact on Africa”
Speaker: Alex da Costa, Public Utilities Regulatory Authority (PURA),
The Gambia,
|
|
15:00−15:15
|
Coffee/Tea Break
|
|
15:15−17:00
|
Discussions and Q&A on a Legal Foundation and Regulatory Development for Enhanced Cybersecurity
|
|
17:00−17:15
|
Daily Wrap-Up and Announcements
|
|
|
|
|
THURSDAY 29 NOVEMBER 2007
|
|
09:00−11:00
|
Session 6: Watch, Warning and Incident Response Capabilities
|
|
|
Session Description: A key activity for addressing cybersecurity at the national level requires preparing for, detecting, managing, and responding to cyber incidents through establishment of watch, warning and incident response capabilities. Effective incident management requires consideration of funding, human resources, training, technological capability, government and private sector relationships, and legal requirements. Collaboration at all levels of government and with the private sector, academia, regional and international organizations, is necessary to raise awareness of potential attacks and steps toward remediation. This session discusses best practices and related standards in the technical, managerial and financial aspects of establishing national or regional watch, warning, and incident response capabilities.
Session Moderator: Seymour Goodman, Georgia Institute of Technology, United States of America
Speaker: Seymour Goodman, Georgia Institute of Technology, United States of America, “Watch, Warning, Incident Response
(and Other) Capabilities”
Speaker: Belhassen Zouari, National Agency for Computer Security (ANSI), Cert-Tcc, Tunisia, “Implementing a National Strategy : The Case of the Tunisian CERT”
Speaker: Presentation of the ITU Botnet Mitigation Toolkit
|
|
11:00−11:30
|
Coffee/Tea Break
|
|
11:30−13:30
|
Session 7: Government-Industry Collaboration
|
|
|
Session Description: With privatization, the vast majority of each country’s ICT networks are now owned and operated by the private sector. A key element of a national framework for cybersecurity and CIIP is bringing industry and government together in trusted forums to address common national security challenges. The basis of successful industry-government partnerships is trust which is necessary for establishing, developing and maintaining sharing relationships between the private sector and government. This session discusses industry-government partnerships and includes a discussion of telecoms fraud and collaborative solutions deployed to mitigate them.
Moderator: El Hadji Mansor Sy Tandine, Présidence de la République du Sénegal, Senegal
Speaker: Luis Sousa Cardoso, Service Quality & Network Security, PT Comunicações, Portugal, “Cybercrime and Critical Information Infrastructure Impact”
Speaker: Almiro Rocha, CV Telecom, Cape Verde, “CVTelecom and Security in Information System”
|
|
13:30−15:00
|
Lunch
|
|
15:00−16:00
|
Session 8: Regional and International Cooperation
|
| |
Session Description: Regional and international cooperation is extremely important in fostering a culture of security, along with the role of regional fora to facilitate interactions and exchanges. This session will review some of the ongoing regional and international cooperation initiatives in order to encourage meeting participants to participate in further concrete actions that could be implemented in the West Africa region and internationally.
Session Moderator: Sekou Kromah, Ministry of Posts and Telecommunications, Liberia
Speaker: Alain Aina, Member of ICANN Stability and Security Advisory Committee (SSAC), Togo,
“Cybersécurité en Afrique:
Appel pour une Collaboration Régionale
et Internationale”
Speaker: Joel Schwarz, Computer Crime & Intellectual Property Section (CCIPS), Department of Justice, United States of America, “International Cooperation in Cybercrime Investigations”
|
|
16:00−17:00
|
Session 9: Wrap-Up, Recommendations and the Way Forward
|
|
|
Session Description: The final session of the meeting reports some of the main findings from the even. It will review some of the ongoing regional and international cooperation initiatives in order to encourage meeting participants to participate in further concrete actions that could be implemented in the region and internationally. The recommendations that are elaborated upon in this session aim to set the direction for future activities in order to enhance cybersecurity and increase protection of critical information infrastructures in the region.
Session Moderator: David Gomes, Agencia Nacional das Comunicações (ANAC), Cape Verde
and Robert Shaw, ICT Applications and Cybersecurity Division, ITU Development Sector (ITU-D)
Panelist: Frameworks for Cybersecurity and CIIP
Panelist: Legal Foundation, Regulatory Development and Enforcement
Panelist: Watch, Warning and Incident Response
Panelist: Government-Industry Collaboration
Panelist: Regional and International Cooperation
|
|
17:00−17:15
|
Meeting Closing
|
|
|
Closing Remarks: David Gomes, Agencia Nacional das Comunicações (ANAC),
Cape Verde
Closing Remarks: Jose Manuel Andrade, Minister of Justice, Ministry of Justice,
Cape Verde
Closing Remarks: Margarida Evora-Sagna, ITU Area Office for West-Africa, Senegal
|
|
|
