3.

Cyber Security

Objective CS-01: Develop cyber security awareness

CS Project 1: Establishment of National Cyber Security Research Centre (NSRC) Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages: Ownership Implementation Agencies Ministry of ICT, RDB, Minadef, RNP RDB

Project Details

Purpose: Increase the level of cyber security awareness in the populace

Description: In order to respond to and minimize cyber security threats and vulnerabilities, the government together with relevant academia and industries need to set up a NSRC with the aim of researching current cyber threats and developing high performance network security system technology.

Activities: a) b) c) d) e) Conduct research to identify emerging threats and/or vulnerabilities Develop innovative (home-grown) solutions to existing and emerging cyber threats Organize, and participate in, conferences on (Information) Security Provide expert advice (policy and technical) to Government and Industry on cyber security issues Test and identify vulnerabilities in currently deployed systems (hardware and software/ critical infrastructure), and recommend solutions f) Test cyber security tools, and provide expert advice to Government and Industry on appropriate security tools for ensuring and assuring cyber security g) Test new systems (hardware and applications) before they are integrated into the Government's cyberinfrastructure, to identify vulnerabilities, and recommend their suitability for integration

Outcome:

1. Home grown solutions (tools and designs) addressing cyber security threats 2. Awareness of current and emerging cyber security threats 3. A well informed Government and Industry on Cyber security issues 4. Awareness of existing vulnerabilities in deployed systems 5. Awareness and usage of the most appropriate tools for ensuring and assuring the security of cyber infrastructure

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

CS Project 2: Cyber Security Awareness Campaign and Training Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages: Ownership Implementation Agencies Ministry of ICT, RDB, MINEDUC RDB

Project Details

Purpose: Elaborate a Cyber security awareness campaign

Description: Besides being extremely useful, connectivity might be harmful for unprotected networks. Hence the paramount need for increasing awareness in the populace. This project will address this need by putting in place adequate awareness campaign material to facilitate mass communication and thus create a safe cyber space.

Activities: a) b) c) d) Develop and distribute sensitization materials Sensitize all public and private organizations to establish an internal security policies and regulations Develop policies to enforce the above Encourage institutions to regularly attend cyber security trainings

Outcome: 1. 2. 3. Increase level of Cyber security awareness Adoption of cyber security policies and regulations by local organizations Increased number of cyber security training

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

Objective CS-02: Build Cyber-security capabilities

CS Project 3: Cyber Security Capacity building Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages: Ownership Implementation Agencies Minadef, RDB RDB

Project Details

Purpose: Increase capabilities of local cyber security expert

Description: Based on the limited amount of local cyber security experts as well as the need to upgrade the existing skills set, this project shall contribute toward increasing the number of trained cyber security people as well as popularize cyber security skills.

Activities: a) b) c) Add cyber security curriculum in computer classes at primary and secondary level Incorporate cyber security courses in tertiary, technical and professional ICT education Enforce hire of one certified cyber security engineer at least in all critical ICT led companies

Outcome:

4. 5. 6.

Cyber security concepts are taught at all level of education ICT engineer given the opportunity to easily upgrade the cyber security skills during their career Sensitive institutions are better prepared to manage cyber security related matters

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

Objective CS-03: Protect Rwandas infrastructure and systems from cyber attacks

CS Project 4: Establishment of Public Key Infrastructure (PKI) Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages: Ownership Implementation Agencies RDB RDB

Project Details

Purpose: Establishment of public key infrastructure

Description: As the Government of Rwanda is putting more and more resources online there is a need to build trust among users. A Public Key Infrastructure (PKI) system that validates users digital identity over a public or private network should be set up.

Activities: a) Manage Certificates keys b) Issues Certificates

Outcome: 1. 2. 3. 4. Use of trusted digital certificates Confidentiality, Integrity and Availability of system and application guaranteed Reduction of using external digital certificates People privacy guaranteed

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

CS Project 5: Logical and Physical Protection of critical Information Infrastructure Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages: Ownership Implementation Agencies RDB, National Security Services? RURA RDB, RURA

Project Details Purpose: Protection of critical ICT infrastructure Description: The Government of Rwanda is implementing network communication infrastructure facilities across the country such as the National Backbone (NBB), Kigali Metropolitan Network (KMN), Wireless Broad Band (WiBro), National Data Center (NDC), Karisimbi Project, Energy Infrastructure, Banking and Finance systems, etc. This infrastructure needs to be highly protected from cyber attacks.

Activities: a) Develop and Enforce Network communication security policy b) Develop and implement Network Security solutions (Firewalls, Intrusion Prevention Systems (IPS), and Intrusion Detection Systems (IDS)) c) Implement Access Control Systems

Outcome: Mitigation of cyber security threats

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

CS Project 6: Security Operation Centre (SOC) Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages:

Ownership Implementation Agencies

NSS, Minadef, National Policy NSS, Minadef, RDB

Project Details

Purpose: Establish a security operation centre

Description: Strengthening the trust framework, including information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs.

Activities: a) Detect, prevent and report cyber security threats b) Analysis of internet traffic flow c) Centralize the management of Security Devices (Firewalls, IPSs and IDS)

Outcome: 1. Real time cyber space monitoring 2. First cyber security incident response 3. Security management facilities

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

CS Project 7: Computer Emergency Response Team or Computer Security Incident Response Team (Rw-CERT/CSIRT) Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages:

Ownership Implementation Agencies

NSS, ? RDB, NSS

Project Details

Purpose: Establish a Computer Security Incident Response Team (Rw-CERT/CSIRT)

Description: As other developing countries, Rwanda is connected to the global economy through the use of ICT. There are increasing cyber threats to linking up with the global cyberspace. As Rwanda is putting more and more resources online, there is no doubt that Rwanda will also face cyber threats to its critical ICT infrastructure. Activities: a) b) c) d) e) f) Gathering domestic and international security information in real time Rwanda Cyber space monitoring Research on hacking, virus and countermeasures Swift response in case of an emergency Computer security incident handling Cooperation and Coordination between other CERTs

Outcome: 1. Dedicated team for providing computer security support and respond to cyber threats 2. CERT will provide center for internet security experts

Budgetary Estimates: Category C (between US$500,000 and US$800,000)

Objective CS-04: Foster national and international cyber security cooperation to handle cyber crimes and threats

CS Project 8: Cooperation and Coordination of Cyber security efforts Linkage with NICI II Prerequisites and linkages Prerequisites: Linkages:

Ownership Implementation Agencies

RDB RDB

Project Details

Purpose: Put in place a mechanism of cyber security cooperation

Description: To secure the cyberspace, regional and international collaboration is neccessary given the trend of global interconnection of ICTs. As an active member of EAC and ITU, the country should urgently promote extensive collaboration with other countries to achieve its cyber security objectives. Rwandas interventions to address cybercrime should focus on the development of partnerships between business, government and civil society. Unless these spheres of society work together, Rwandas effort to achieve its cyber security policy objectives will be compromised.

Activities: a) b) c) d) Creating institutional (public, private and civil society) collaboration Establishment of structures for information collecting and sharing. Establishment of National Cyber Security Advisory Board (NCAB) Promote and Encourage active participation in all relevant international cyber security bodies, panels, taskforces and multi-national agencies (ITU, EAC cyber security taskforce).

Outcome: 1. 2. A coordinated approach in dealing with cyber security issues. Institutional and international collaboration

Budgetary Estimates: Category C (between US$500,000 and US$800,000)