Developing countries are fast becoming players in an increasingly interconnected world. Many developing countries are making use of technological solutions to address unique challenges. However, in many cases, this growth is not accompanied with the development of appropriate information infrastructure protection structures. As technological solutions are deployed in developing countries, there will be a large number of new users gaining access to Internet-based systems. In many cases, these new users might lack the skills necessary to identify computer security threats. Inadequate cyber security measures can increase the risk and impact of cyber attacks. The development of internal structures to address Critical Information Infrastructure Protection (CIIP) is dependent on the environment in which it will be deployed. Therefore, traditional CIIP structures might not adequately address the technological challenges found in developing countries. In this chapter, the authors aim to address the development of CIIP structures in developing regions by elaborating on the set of unique challenges that exist. Furthermore, they aim to present a community-oriented structure aimed at providing CIIP, in what they refer to as a “bottom-up” manner. The larger aim of CIIP structures in developing regions is to support the future development and deployment of cyber security mechanisms and to allow developing countries to play a trusted role in global cyber security efforts.
TopIntroduction
The developing world is experiencing unprecedented growth of broadband and communication technologies. The interconnectivity provided by these new technologies allows developing countries to interact on an international level. In many cases, the driving force behind the development of interconnecting technologies is in improved service delivery. The newfound level of interconnection allows many new users to become part of a growing global community.
The development of new interconnecting technologies can have the desired effect of improving the delivery of services, such as Governmental Services or Financial Services. However, it can also dramatically increase the number of global Internet users and Internet-enabled devices. These new users might not have been equipped with the skills to identify and manage many of the cyber threats that are prevalent on the Internet. Furthermore, it could be the case that systems that are connected to the Internet are without adequate cyber protection measures in place; this increases the potential for these systems to become infected with various forms of malware.
The global nature of the Internet compounds the above problem where unprotected systems can be affected by cyber attacks, and this can have global implications. With millions of new users, the potential threat to existing systems increases dramatically. In recent years, the impact of malware on critical system and SCADA devices has taken centre stage, and therefore the potential threat to global critical systems cannot be overlooked.
The impact of cyber attacks on existing systems is well understood, and as such, many countries create internal protection structures to identify and respond to threats and vulnerabilities. The development of Critical Information Infrastructure Protection (CIIP) structures, such as Computer Security Incident Response Teams (CSIRTs) is a well-established platform managing these threats. To combat the potential impact of cyber attacks on critical systems, developing countries should implement equivalent CIIP structures to address their growing cyber security needs.
However, this is easier said than done. In many cases the situation on the ground does not provide for an environment where a traditional CIIP structure could be developed directly. This is due to the development of CIIP structures being highly coupled to the environment where they will be deployed. Alternatively, the development of a traditional CIIP structures is limited by a number of political, legal, or social factors. To address these concerns, in this chapter we aim to discuss the development of community-oriented CIIP structures that are suitable for deployment within developing countries.
In a traditional environment, CIIP is provided in a “top-down” manner, with protection mechanism driven from a national or governmental level. Structures of this form are particularly sensitive to political and legal fluctuations. However, an alternative approach is to provide CIIP in a “bottom-up” manner. This approach relies on the development of community-oriented structures, where CIIP is driven in a less formal manner. Community-oriented structures provide a potential solution to the development of effective CIIP structures within developing countries.
Throughout this chapter we will discuss developing countries in the content of the African Continent. This is done to provide context to the content of this chapter. The status of “developing country” is very difficult to define, and often controversial in nature. For the sake of facilitating the discussion in this chapter we will consider “developing countries” to refer to countries listed as list as have a “developing economy” by the International Monitory Fund (IMF) as of April 2012 (IMF, 2012). In the following section we will outline the objectives of this chapter.