Cyber Security Practices and Challenges at Selected Critical Infrastructures in Ethiopia: Towards Tailoring Cyber Security Framework
Total Page:16
File Type:pdf, Size:1020Kb
ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCES SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK By TEWODROS GETANEH JUNE, 2018 ADDIS ABABA, ETHIOPIA ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCES SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK A Thesis Submitted to School of Graduate Studies of Addis Ababa University in Partial Fulfillment of the Requirements for the Degree of Master of Science in Information Science By: TEWODROS GETANEH Advisor: Tebebe Beshah (PhD) JUNE, 2018 Addis Ababa, Ethiopia ADDIS ABABA UNIVERSITY COLLEGE OF NATURAL AND COMPUTATIONAL SCIENCE SCHOOL OF INFORMATION SCIENCE CYBER SECURITY PRACTICES AND CHALLENGES AT SELECTED CRITICAL INFRASTRUCTURES IN ETHIOPIA: TOWARDS TAILORING CYBER SECURITY FRAMEWORK By: Tewodros Getaneh Name and signature of Members of the Examining Board Tebebe Beshah (PhD) __________ _________ Advisor Signature Date Lemma Lenssa (PhD) ___________ __________ Examiner Signature Date Dereje Teferi (PhD) __________ _________ Examiner Signature Date Declaration This thesis has not previously been accepted for any degree and is not being concurrently submitted in candidature for any degree in any university. I declare that the thesis is a result of my own investigation, except where otherwise stated. I have undertaken the study independently with the guidance and support of my research advisor. Other sources are acknowledged by citations giving explicit references. A list of references is appended. Signature: ________________________ Tewodros Getaneh This thesis has been submitted for examination with my approval as university advisor. Advisor’s Signature: ________________________ Tebebe Beshah (PhD) i | P a g e Dedication This work is dedicated to my beloved sister Eleni Getaneh. ii | P a g e Acknowledgements I would like to thank my research advisor Dr. Tebebe Beshah for his extrovert guidance and support. He has shown me the right path of research and encouraged me to move forward throughout the study. I would also like to extend my sincere gratitude to Dr. Andualem Admassie , CEO of Ethio Telecom, for his assistance in time of Data collection. I am thankful to Ato Mekonnen Tesfaye, ICT Security Head of Ethiopian Electric Utility for his valuable comments and assistance in time of data collection and review of the tailored framework. Your positive attitude towards the research, heartily assistance and encouragement was my energy to move forward throughout this research. I would like to thank Ato FikreSilase Wosen, an ICT Technician at Ethiopian Electric Utility, for his un - reserved cooperation and assistance throughout this research. My heartfelt thanks goes Ato Yeman Gebre Hiwot of Ethio Telecom and to the whole IT security and Network Security staff at Ethio Telecom. This work was not possible without your support and cooperation. This study would not have been possible without the help of INSA’s Staff for their cooperation and valuable comments. Last but not least I would like to thank my friend Ato Muluken Belete who encourages me to pursue cyber security and for his valuable assistance in evaluating the tailored framework. My heartfelt thanks goes to Mr. Lee Sung Hoon, Director of World Together Ethiopia, for his assistance and positive cooperation. iii | P a g e Table of Contents Declaration ..................................................................................................................................................... i Dedication ..................................................................................................................................................... ii Acknowledgements ...................................................................................................................................... iii List of Tables .............................................................................................................................................. vii List of Graphs ............................................................................................................................................ viii List of Figures .............................................................................................................................................. ix List of Acronyms .......................................................................................................................................... x Abstract ........................................................................................................................................................ xi CHAPTER ONE ........................................................................................................................................... 1 1. Introduction ............................................................................................................................................... 1 1.1 Background ......................................................................................................................................................... 1 1.2 Statement of the Problem .................................................................................................................................... 7 1.3 Research Questions ............................................................................................................................................. 9 1.4 General objective of the Research ..................................................................................................................... 10 1.5 Specific objectives of the Research ................................................................................................................... 10 1.6 Scope and Limitations of the Research ............................................................................................................. 10 1.7 Significance of the Research ............................................................................................................................. 11 1.8 organization of the Thesis ................................................................................................................................. 11 CHAPTER TWO ........................................................................................................................................ 13 2. Literature Review and Related Works .................................................................................................... 13 2.1 Overview ........................................................................................................................................................... 13 2.2 Computer Security, Information Security and Cyber security .......................................................................... 13 2.3 Cyber Security Threat Actors ............................................................................................................................ 15 2.4 Methods of Cyber Attack .................................................................................................................................. 19 2.4.1 Social Engineering ..................................................................................................................... 19 2.4.2 Denial-of-Service /DoS/ ............................................................................................................. 20 2.4.3 Website Defacement .................................................................................................................. 21 iv | P a g e 2.4.4 Malicious Code .......................................................................................................................... 21 2.5 Cyber security in Ethiopia ................................................................................................................................. 22 2.5.1 Critical Mass Cyber Security Requirement Standard /CMCSRS/ Version 1.0 .......................... 24 2.6 Global Cyber Security Initiative ........................................................................................................................ 30 2.6.1 Global Cyber Security Index /GCI/ 2017 ................................................................................... 30 2.7 NIST Framework............................................................................................................................................... 33 2.8 Related Works ................................................................................................................................................... 35 2.9 Chapter Summary .............................................................................................................................................. 41 CHAPTER THREE .................................................................................................................................... 43 Research Methodology ............................................................................................................................... 43 3.1 Overview .................................................................................................................................................... 43 3.2 General Approach .....................................................................................................................................