The 4th annual Cyber Defence East Africa 2016 conference (CDEA), organised by NRD Companies together with the National Information Technology Authority – Uganda (NITA-U) has just finished in Kampala, Uganda. On 27-29th September 2016 over 70 participants from various Ugandan institutions such as the President’s Office, Ministry of Finance, Uganda Police Force, Uganda Revenue Authority, National Identification and Registrations Authority, Ministry of Internal Affairs, Makerere University and many others, spent three days listening to cyber security policy keynotes and practicing to defend against the most pervasive cyber-attacks.
The conference was opened by Hon. Tumwebaze Frank – the Minister of ICT and National Guidance who encouraged all participants “to conduct risk assessments in their environments and implement controls to limit exposure to threats”. He reiterated that “The ministry is committed to providing the oversight and ensuring that we as a country are more resilient cybersecurity-wise and we continue increasing our uptake of ICT services”.
The Hon. Minister also invited the participants to applaud NRD Companies for selecting Uganda as the 2016 host and being “consistent in delivering cyber security training within East Africa over the last three years and ensuring presence of skills, critical in order to build on our achievements and enhance our successes”.
A Welcome note was given by Mr Arnold R. Mangeni, Director Information Security at NITA-U who explained that there was an evident lack in the area of practical cyber security capacity building, and therefore NITA-U welcomed the initiative to host the CDEA in Uganda.
“We are all aware that successful achievement of our cyber security aspirations is greatly intertwined with the presence of skilled human resource capacity. As such, there is now a growing demand of cybersecurity professionals to ensure that our critical information technology infrastructure is secure and robust, based on a well-managed risk in a manner that is not only repeatable but continuous and consistent. This conference is one of the ways of meeting this demand and growing the culture of cybersecurity in our workforce”, commented Mr Mangeni.
A news report from the conference, including interviews with the Minister and Mr Mangeni, can be found here: http://www.nbs.ug/2016/09/28/ict-minister-warns-of-increasing-cyber-crimes/
A sponsor keynote was given by Mr Sindri Bjarnason, senior software engineer at Synopsys – Gold sponsor of the conference. Mr Bjarnason gave an in-depth presentation of a sustainable CSIRT Development Model, followed by analysis of examples from Island, Estonia and Finland.
On day 1, the participants also had a chance to learn about Critical infrastructure protection from Dr Vilius Benetis, CEO NRD CS as well as IT governance policies, frameworks and standards, such as COBIT 5, presented by Mr Sebastian Marondo, CEO NRD East Africa.
The participants expressed a special interest in an M-signature live demo, presented as “the future of Uganda” by Dr Benetis, standing in for NRD Company ETRONIKA which is specialised in e-banking and m-signature solutions.
A panel session, chaired by Mr Rimantas Zylius, Managing Director of Norway Registers Development AS, concluded the first day of the conference. The panelists – Mr Arnold Mangeni, Mr Paul Serunkuma – Manager Computer Forensics & Incident Management at NITA-U, Mr Vilius Benetis, Mr Sindri Bjarnason and Mr Noah Baalessanvu from Computer Forensics Consults – provided their opinions and insights on the Cyber security situation in East Africa: issues and the way forward.
During the next two days of the conference, participants attended practical trainings on Critical Security Controls and Incident response. Both trainings were delivered by a specialised cybersecurity technology consulting, incident response and applied Research Company NRD CS.
The course evaluation questionnaires revealed that the participants appreciated the practical nature of the trainings, thought that the presentations and discussions were relevant to their organisations and that the knowledge gained will be used in their work. All participants noted they would like to attend again next year, and requested for more regular workshops, and more time to be allocated for such initiatives.
“I plan to start implementing some of the basic critical security controls in my organization. For example taking an inventory of all hardware and software used and make sure proper configuration procedures are in place”, said one of the attendees.
Cyber Defence East Africa (CDEA) serves as a practical knowledge sharing, skills building and networking platform, aimed to address cyber security issues and bring together the Government, the ICT Industry and Academia in efforts to create a better and more secure digital environment for the states, governments, businesses and citizens in East Africa. NRD companies have been organising annual Cyber Defence East Africa conferences for the last four years. The last three conferences took place in Tanzania and were organised together with ISACA Tanzania Chapter in years 2013 and 2014, and in cooperation with Tanzania Communications Regulatory Authority (TCRA) in 2015. www.cybersecurity.ug
Gold sponsor of the conference was Synopsys, Inc. (Nasdaq:SNPS) – the Silicon to SoftwareTM partner for innovative companies developing the electronic products and software applications we rely on every day. As the world’s 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software quality and security solutions. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest quality and security, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.
The conference was also sponsored by FIRST – the global Forum for Incident Response and Security Teams. FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive. FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large. https://www.first.org/