Uganda’s National IT Authority congratulates UCC upon launch of CERT

NITA-U's Executive Director, James Saaka

Uganda’s communications regulator, UCC last week inaugurated the Computer Emergency Response Team (CERT), an initiative intended to “analyse risks and security threats that may be present in cyberspace and communicates this information to users of Internet services and technical information outlets”.

But the launch lead to intense debate among industry watchers and on leading forums in the country, with observers showing concern that Uganda Communications Commission (UCC) may have interfered with the mandate of NITA-U.

“I am equally perplexed as to how and why the CERT portfolio has been assumed by UCC a regulator! The last time I had a chat with someone in NITA, I was told that they (NITA) were working on formalizing the CERT,” read one of the comments posted on popular forum, I-Network.

Partly, the confusion was caused by the information on UCC’s UG CERT website that referred to it as the “National CERT”.

“UG CERT is the National CERT of Uganda, and the constituency consists of the Ugandan society, including but not limited to, Governmental authorities, Regional authorities, Law enforcement, ISPs, ICT vendors, and Enterprises and Companies,” the website still reads.

But the National Information Technology Authority (NITA-U) has clarified that what was launched last week is the Communications CERT, and revealed that it is in the process of setting up the National CERT.

“Indeed NITA-U is working on creating the National CERT which will be the anchor for the entire sector CERTs,” NITA-U’s Executive Director James Saaka told PC Tech Magazine in an interview. “We have been working with UCC towards developing the communications CERT.”

“As the body responsible for nationwide planning, development, coordination, management, continuous monitoring and assurance of National Information Security, we are happy that UCC has realized the need to organise the communications sector, which they regulate, to be able to respond to cyber-attacks,” he explained.

When asked about the content on the UG CERT website, Mr. Saaka said, “that will have to be edited.”

NITA-U’s Role

The National CERT is being developed and housed in NITA-U in line with NITA-U’s mandate with the directive for Institutions and Sectors to develop their respective CERTs under the guidance of the National CERT to address issues that are specific to these Institutions and Sectors.

UCC was tasked to develop the CERT that pertains to the communications subsector which is the Computer Emergency Response Team for Communications Subsector.

“As the host of the National CERT, NITA-U wishes to congratulate UCC on setting up the communications CERT which is the first constituent of the National CERT. We will continue working with other industry players to develop sector specific CERTs for example Banking, Military, Critical Infrastructure Providers, and Academia among others,” NITA-U said in a statement.

The establishment of the National CERT will help to ensure the protection of the nation’s Critical Information Infrastructures, assist in drafting the overall plan on the country’s approach to cyber security related issues, and thus can serve as a focal point for further building and implementing the National Culture of cyber security.

UCC was tasked to develop the CERT that pertains to the communications subsector which is the Computer Emergency Response Team for Communications Subsector.

The establishment of the National CERT will help to ensure the protection of the nation’s Critical Information Infrastructures, assist in drafting the overall plan on the country’s approach to cyber security related issues, and thus can serve as a focal point for further building and implementing the National Culture of cyber security.

See also:

[related-posts]

The National CERT will also better equip and organize Uganda to respond to cyber threats and pay particular attention to improving cyber security to ensure better protection of Uganda’s ICT infrastructure and the availability of dependent services provided to government agencies, citizens and businesses.  Many of these services are part of daily life and have a direct impact on a country’s economic well-being and progress.

A national CERT is a key component of a national approach to cyber security and is a solid building block onto which other cyber security related activities could be linked.

The establishment of a national CERT, and development of related processes on the national level, can also serve as a foundation for the development of the following activities;

  • Building a knowledgebase that supports the country’s development and implementation of a national cyber security strategy as well as a national approach for the protection of critical information infrastructures.
  • Supporting the building of a national culture of cyber security, and related awareness raising initiatives;
  • Supporting the development of related national cyber security platforms, for example: the national PKI, e-Government framework and approach, national identity and access management framework, combating SPAM, botnets, etc.;
  • Supporting the building of a national culture of cyber security, and related awareness raising initiatives;
  • Assisting in planning and development of a national strategy on child online protection;
  • Further enabling the country to develop and enhance its national incident response and management capabilities.

NITA-U is working with the Commonwealth Cybercrime Initiative (CCI) for fighting cybercrime; this will entail training of law enforcement, security, critical information infrastructure holders and investigative arms of government.

NITA-U is also developing Public Key Infrastructure (PKI) to support electronic transactions in partnership with Korean Government  and is also working with Egyptian Government CERT (EG-CERT) on sharing information on cyber attacks, computer forensics and malware analysis.

Through the directorate of Information Security, the National Information Security Framework is being developed; it will contain the National Information Security Policy, Standards, Guidelines and Procedures to help public and private sector agencies to secure their information systems.