Cy­ber se­cu­rity: More op­por­tu­ni­ties than threats

Chronicle (Zimbabwe) - - Business - Robert Ndlovu

WE live in very in­ter­est­ing times where and when threats to per­sonal, so­cial, na­tional, civil rights and many more are be­ing af­fected by the ex­po­nen­tial up­surge of ICT tech­nolo­gies. Last week I at­tended a Cy­ber Law sem­i­nar or­gan­ised by the Law De­vel­op­ment Com­mis­sion. All the three pro­posed bills were dis­cussed and con­tri­bu­tions, amend­ments and sug­ges­tions con­sti­tuted the theme of the two-day sem­i­nar held at a lo­cal ho­tel.

I be­lieve in con­vert­ing threats into op­por­tu­ni­ties and half op­por­tu­ni­ties into fully blown ones. You will note that I de­lib­er­ately try to fo­cus more on tech­ni­cal is­sues and leave qual­i­fied lawyers, politi­cians, ac­tivists to fo­cus in their ar­eas with ref­er­ence to the cy­ber laws. The drafts bills in dis­cus­sion were: the Com­puter Crime and Cy­ber­crime Bill, Data Pro­tec­tion Bill and the Elec­tronic Trans­ac­tions and Elec­tronic Com­merce Bill. We dis­cussed op­por­tu­ni­ties that arise as a spin off from th­ese draft bills which one day will be­come laws.

I have al­ways known the type and na­ture of chal­lenges that we were go­ing to face some five years ago as more and more peo­ple have ac­cess to the in­for­ma­tion high­way. The in­creased dig­i­tal in­clu­sion is re­lated to the in­creased mo­bile pen­e­tra­tion, cheaper smart phones, in­creased data speeds and the av­er­age age group of mo­bile and com­puter users.

The ex­po­nen­tial in­crease in the us­age of ICT tech­nolo­gies has NOT been par­al­leled by any mean­ing­ful man­power skills de­vel­op­ment. This is where the prob­lem is. As long as Zim­babwe does not ap­pre­ci­ate and in­vest heav­ily in re­search and de­vel­op­ment in ICT, we will al­ways play the catch up game. A good ex­am­ple is the mo­bile net­work sec­tor which has been reap­ing very hand­some voice rev­enues but over night en­tered What­sApp and the GSM voice rev­enues are head­ing south­wards. My point is that Zim­babwe has no ad­e­quate tech­ni­cal ca­pac­ity to deal with the threats and op­por­tu­ni­ties that are as­so­ci­ated with this.

Look­ing at the Com­puter and Cy­ber Crime Bill alone I was left won­der­ing how this will be af­fected given that no mean­ing­ful ef­fort has been made to train law en­force­ment, tech­ni­cians, lec­tur­ers in cy­ber se­cu­rity, foren­sics and the like. No of­fence here — most of our po­lice of­fi­cers are com­puter il­lit­er­ate. How do we ex­pect them to in­ves­ti­gate a com­puter re­lated crime when the clos­est they have brushed shoul­ders with tech­nol­ogy is What­sApp and Face­book. I am aware that four years ago authorities at ZRP wanted to come up with a cy­ber se­cu­rity cen­tre mod­elled around the Zam­bian (ZICT) model sup­ported by ITU. This did not take off. Sud­denly we are run­ning around like chick­ens with­out heads to build a na­tional cy­ber se­cu­rity cen­tre over night, which they say will be un­der the State Se­cu­rity Min­istry. I have is­sues with that. For starters who will man the cen­tre since Zim­babwe has NO cer­ti­fied Mo­bile Foren­sics An­a­lyst? Zim­babwe has few qual­i­fied and cer­ti­fied cy­ber or dig­i­tal in­ves­ti­ga­tors.

No train­ing is needed at all to seize a cell phone or com­puter sus­pected to be con­tain­ing in­for­ma­tion, which might help solve a crim­i­nal case. We need an ICT ap­proach not a state se­cu­rity ap­proach. State se­cu­rity, de­fence and in­tel­li­gence can al­ways form their own unit to deal with mat­ters of na­tional se­cu­rity and leave civic so­ci­ety is­sues with po­lice. This is in­ter­na­tional stan­dard prac­tice. Be­sides are th­ese fel­lows aware that stuff is now stored in the cloud? How do you seize data lo­cated at a server in Ice­land?

Dig­i­tal ev­i­dence — the prob­lem is the ad­mis­si­bil­ity of dig­i­tal ev­i­dence in court. Dig­i­tal ev­i­dence can eas­ily be ma­nip­u­lated. For ex­am­ple I can send you a text mes­sage from your ex to your wife and say bad stuff. Also we can make phone calls ap­pear to be com­ing from Sin­ga­pore to your Zim­bab­wean num­ber and thereby mis­rep­re­sent facts. My point is that be­fore peo­ple start hal­lu­ci­nat­ing about laws we must pre­pare the re­sources and skills to deal with ICT tech­nolo­gies, which bring forth op­por­tu­ni­ties.

Af­ter an of­fi­cer seizes an iPhone, which is im­pli­cated in a crime scene, the bur­den of proof lies with prose­cu­tion to prove to the court that the pic­tures, mes­sages, call logs and even videos were not tem­pered with. The in­ves­ti­ga­tion process must have a clear chain of cus­tody of the de­vice. This calls for spe­cial tools that can an­a­lyse and re­cover deleted data from the de­vices. Avail­abil­ity of deleted files can af­fect the out­come of a crim­i­nal case. Op­por­tu­ni­ties in­clude the train­ing of law en­force­ment in cy­ber and com­puter tools to curb iden­tity theft, fraud, ha­rass­ment, hu­man traf­fick­ing amongst oth­ers. Our univer­si­ties must move with the times and start in­clud­ing hands on cour­ses in their teach­ing. Zim­babwe can ex­port th­ese skills be­yond its bor­ders un­less you are still trapped in the men­tal­ity that only to­bacco is a ma­jor forex earner. Is­sues to deal with cy­ber and com­puter se­cu­rity must re­main un­der the Min­istry of ICT, Postal and Courier Ser­vices un­der the di­rec­tion of Po­traz. The lat­ter or­gan­i­sa­tion has been in­volved in tele­coms for decades. State se­cu­rity, de­fence and other in­ter­ested stake­hold­ers can NOT lead this one. They must be rep­re­sented in this planned Cy­ber Se­cu­rity Cen­tre but can­not lead it as they have no tech­ni­cal ca­pac­ity to do as like spe­cial­ists in their own ar­eas. Zim­babwe needs to equip its own peo­ple with high end tech­ni­cal skills. This idea of ten­der­ing out tech­ni­cal jobs to for­eign com­pa­nies is caused by lack of tech­ni­cal skills and of course cor­rup­tion. ICT se­cu­rity in­dus­try pays well — very well. From se­cur­ing net­works, pro­tect­ing cy­ber space, track­ing fraud­sters and also pro­tect­ing civil lib­er­ties. No one has a right to snoop into my com­puter just to see what I am typ­ing. So an op­por­tu­nity ex­ists in data pro­tec­tion and en­cryp­tion to pro­tect in­di­vid­u­als, cor­po­ra­tions from in­dus­trial es­pi­onage and or­gan­i­sa­tions alike.

It must be noted that the term cy­ber ter­ror­ism has been wrongly used in Zim­babwe be­cause of lack of knowl­edge. This is one con­se­quence of not in­vest­ing in skills and man­power de­vel­op­ment. This re­sults in se­nior Gov­ern­ment of­fi­cials mak­ing em­bar­rass­ing state­ments.

I know I have to men­tion this one — so­cial me­dia. To those who use it for what­ever pur­pose the bot­tom line is that you must be able to say what you have posted on twit­ter in per­son and pub­lic. Post­ing stuff to ex­press your opin­ion about any is­sue is NOT a crime. It be­comes crim­i­nal if you use that medium to ig­nite vi­o­lence and an­ar­chy. What I have writ­ten here I can re­peat in a pub or shop­ping mall. Free­dom of speech comes with re­spon­si­bil­i­ties. Three months ago we started a dig­i­tal hub in Bu­l­awayo to try and bring like minded peo­ple (youth) to­gether to cre­ate op­por­tu­ni­ties for them­selves and stop be­ing cry ba­bies. I am pleased to an­nounce that our mem­ber­ship now stands at around 50 and be­cause of the op­por­tu­ni­ties around us soon we will be launch­ing a Cy­ber Se­cu­rity Train­ing Cen­tre and Lab­o­ra­tory.

Did you know that one of the rea­sons why Google can­not co-host their servers in some African coun­tries is that “we” do not have ad­e­quate data se­cu­rity im­ple­men­ta­tions nec­es­sary for pri­vacy? Have you ever won­dered why most top gov­ern­ment or cor­po­rate of­fi­cials use Gmail or Ya­hoo as their email ser­vice of choice? — (077) 600 2605; ndlovu @ ymail.com

Newspapers in English

Newspapers from Zimbabwe

© PressReader. All rights reserved.