|dc.description.abstract||Over the last 20 years, it has become routine in the more technologically developed countries to recognise what is considered critical infrastructure – infrastructure that, if damaged or knocked out would have serious implications to the health and safety/security of the population; national economies; and national security. At this level of elaboration, no distinction is made between public and private ownership of such infrastructure – the consequences of successful attack or compromise would be the same regardless. Mitigating measures – policy, legal, regulatory, and organizational – are then developed to ensure that critical infrastructure is identified, vulnerabilities evaluated, and measures taken for prevention, protection, and recovery from damage. In this respect, ICT infrastructure, including specialized applications that are, for example, used to operate utility infrastructure carries the greatest risks because it is subject to remote attacks: the threat of cyber-terrorism, cyber-blackmail at a national level, and cyber-war are now realities.
The current growth of large networks, especially the integrated networks that are being rolled out by the national and regional research and education networks and the improvements in connectivity increase both internal and external exposure to threats. These networks, while affording the continent new research and collaboration opportunities, also create a better delivery mechanism that increases the speed, scale and power of potential threats. A challenge within most of Africa is that there is still very limited policy level awareness or action related to holistic identification and protection of critical infrastructure. There is an acute lack of expertise especially within the area of cyber-security at organizational, national, and regional levels.
In this paper, we examine the vulnerabilities of cyber-infrastructure within the UbuntuNet Alliance region. We then evaluate the current state of play in the development of organisational and technical capabilities to protect critical ICT infrastructure within the region; and we discuss the opportunities this presents to research and education networks in the region to be the vanguard for developing the required organizational and technical capabilities to address cyber-security holistically at both national and regional levels.||en_US