Presentation on theme: "Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference."— Presentation transcript:
1 Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference Serena Hotel, Dar es Salaam 26th June Connie Francis
2 Tanzania Communication Regulation Authority 1. LegislationTanzania Communication Regulation Authority (TCRA) an independent Authority for the Postal, Broadcasting and Electronic communications industries in the United Republic of Tanzania was established by the TCRA Act no. 12 of 2003It merged the former Tanzania Communications Commission and the Tanzania Broadcasting Commission.The Electronic and Postal Communications Act – EPOCA of 2010 came into act after repeal of Tanzania Communications Act No.18/1993 and Tanzania Broadcasting Services Act No.6/1993
3 TCRA…(2)2. TCRA’s RoleIncludes licensing and regulating the Postal services, Broadcasting services and Electronic Communications sectors in the United Republic of Tanzania.Specifically the Authority is responsible for enhancing the welfare of Tanzanians through:Promotion of effective competition and economic efficiency;Protecting the interests of consumers;Promoting the availability of regulated services;Monitoring the performance of the regulated sectors.Monitoring the implementation of ICT applications…
4 TCRA…(3) 3. Licencing Framework Converged Licensing Framework (CLF) The CLF was introduced in 2005, consisting of four licenses:Network Facility License (NFL)Network Services License (NSL)Application Services License (ASL)Content Services License (CSL)The Converged licensing framework is Technology Neutral and Service Neutral.
5 2. Computer Emergency Response Team 1. Current SituationTanzania like many if not all other countries in the world are prone to be affected by the development and sometimes misuse of the information communications facilities.Issues of cyber security and the like are of global nature and therefore require more collective attention of the world community than ever before.TCRA has been exploring for a long term solution since 2008 as a result, cyber security measures were incorporated into the legislation the Electronic and Postal Communications Act (EPOCA) number 3 of 2010.
6 CERT…(2)2. RegulationIn the EPOCA, Section 124 calls for establishment of the National Computer Emergency Response Team (CERT), the name given to expert groups that handle computer security incidents.New Regulations were published in December 2012, by the Hon. Minister for Communication, Science and Technology.The electronic and postal communications (computerEmergency response team) regulations, 2011
7 CERT…(3)Most groups append the abbreviation CERT, CIRT or CSIRT to their designation where the latter stands for Computer Security Incident Response Team.For some teams the abbreviation CERT refers to Computer Emergency Readiness Team while handling the same tasks.Pursuant to Section 4(1) of the Electronic and Postal Communications (Computer Emergency Response Team) Regulations 2011, the Tanzania Communications Regulatory Authority (TCRA) is mandated to appoint members from stakeholders to form a Steering Committee for the establishment of a National CERT in Tanzania.
8 CERTis a service organization that is responsible for receiving, reviewing, and responding to computer security incident reports and activity.Their services are usually performed for a defined constituency that could be a parent entity such as a corporation, governmental, or educational organization; a region or country; a research network; or a paid client.
9 CERT…(4)3. Where are we?1. The Steering Committee for establishment of National CERT with diverse composed is in place.Representatives are from different sectors including:MinistriesGovernment AgenciesAcademicBankService ProviderPolicyMilitaryMedia
10 CERT…(5)2. Joint initiative within East Africa under the umbrella of East Africa Communications Organizations (EACO)3. Administrative agreement with International Telecommunication Union and International Multilateral Partnership Against Cyber Threats (ITU/IMPACT) for Technical Assistance4. Collaborate with AfNOG (African Network Operators' Group)/AfriNIC(African Network Information Centre) initiative - AfriCERT5. Procurement of equipment for National CERT operations6. Training workshop for the Steering Committee
11 CERT…(6) 4. Responsibilities of Steering Committee Develop comprehensive set of rules and guidelines for effective operations of the National CERTIdentify and propose CERT Stakeholders and Constituencies and Technical Advisory Committee which will include members from the public and private sector
12 CERT…(7) 5. CERT responsible to: National Coordinate response to Cyber Security incidents at National LevelCooperate with Regional and International entities involved with management of Cyber Security incidents
13 CERT…(8) 6. Complimenting initiatives - EPOCA Numbers and addresses DatabaseRegistration of SIM cardCooperate with Regional and International entities involved with management of Cyber Security incidentsUsers and licensees obligations
14 CERT…(9) 5. Where to? Cyber Peace/ Build confidence in Cyber Space National CERTSector CERTsEnforcement of the regulationsCapacity building/ Knowledge transferAwareness programs