National Cyber Security Strategy
The project for the development of the National Cybersecurity Strategy for Uganda was officially launched by Hon. John Nasasira at this year’s Commonwealth Cyber Security Forum. This annual forum was held at BT’s headquarters in London (22 – 24 April 2015) with the theme as ‘Securing the cyberspace for social and economic development.’
The growth of the Internet has transformed our lives and created new opportunities through Internet based services. The increasing use of the internet, however, has come along with increasing risks of cyber-attacks and other IT security threats that are created through the openness and interconnectivity within the cyberspace.
In March 2011, Uganda developed the National Information Security Strategy to streamline the implementation of Information Security at national level.
This strategy is now being implemented and serves as the main guide for development of policies, laws, and frameworks within the ICT sector to secure critical national infrastructure and information resources.
In addition, this strategy has fostered the development of a roadmap to match the short-term and long-term goals with specific milestones and activities to help meet information assurance for Uganda.
Consequently, as part of the implementation of the National Information Security Strategy, the following key achievements have been realized:
- A Directorate of Information Security under the National Information Technology Authority – Uganda (NITA-U) was created to spearhead information security governance, risk remediation, planning and response, as well as promoting and monitoring the development of Information Security in the country;
- Development of the National Information Security Framework which is a transformation programme at national and organizational levels that ultimately helps secure information and information systems on which we depend as a Country for socio-economic development and national security;
- Establishment of the National Computer Emergency Response Team (CERT). The National CERT currently provides only incident response capabilities. More functions or services will be provided as the National CERT matures and further improves. In addition, two sectors specific CERTs have been established and many more CERTs will be established in the medium term.
- The sector is in the process of establishing the National Information Security Advisory Group, tasked with providing advisory services to the Government of Uganda on Information Security as well as ensuring that issues of cyber security are addressed appropriately. Members to this group were nominated by key stakeholders from both the private and public sectors including operators of critical national information infrastructure.
- NITA-U is working hard to promote secure e-commerce and e-government services and safeguarding privacy rights of individuals through good information security governance.
- Uganda has established laws to deal with cybercrime. These laws address Computer Misuse, Electronic Transactions, Electronic Signatures and Data protection and Privacy, amongst others.
With the ever-changing threat landscape, efforts and strategies to combat threats need to be revised and updated to stand the test of time. Our National Information Security Strategy needs to be continuously revised and upgraded.
In this regard, the Commonwealth Telecommunications Organization and the Government of the United Kingdom will provide financial support to further develop the National Cyber-security Strategy. This support is envisaged to help the Country in the following ways amongst others:
- Enable Uganda to achieve its economic and social goals through a secure online environment;
- Enable the country to evolve her means of protecting information and information processing infrastructure against today’s threats;
- Enable Uganda to define and work towards achieving her Cyber security vision and key objectives; and
- Define an approach through which Uganda’s knowledge, skills and capacity can be grown to improve our cybersecurity capabilities.