Date of Award

12-2010

Embargo Period

2-11-2011

Degree Name

Doctor of Philosophy (PhD)

Department

Engineering and Public Policy

Advisor(s)

Benoit Morel

Second Advisor

Archie Andrews

Third Advisor

David Farber

Fourth Advisor

Seymour Goodman

Abstract

This thesis examines the guidance that is being given to developing nations that are rapidly deploying information and communication technologies. It studied the African countries of Rwanda and Tunisia to draw lessons of the situation and potential methods of improving the situation. The thesis found that developing nations are often recommended to implement a conglomeration of existing rules and regulations found in other countries especially in European countries and in the United States. Developing countries are also recommended to create national CERTs, organizations of cybersecurity experts to coordinate a nation to respond to cyber incidents. The proposed rules and regulations are largely irrelevant for developing nations and the proposed missions of a CERT do not match the needs of those countries. In promoting better guidance, the thesis identifies and discusses several challenges. It finds policy makers in developing nations are aware of the cyber threat, and that the cyber threat is different and often smaller in less ICT developed nations even if they are using similar equipment and software. To help craft better recommendations, the thesis identifies the benefits of ICT especially in agriculture, education and government. These benefits are analyzed to determine whether they would be protected by current guidance and the analysis determines that protecting ICT use in government should be the priority. In crafting future guidance the challenges are that nations have differences in ICT architecture and ICT use, and developing nations have fewer resources but also they have different resources to use. Another such difference is the common lack of a private cybersecurity sector and different expectations of government. This thesis concludes with discussing unexpected results. The first is Rwandan policy makers desire good enough security and have a higher risk tolerance concerning cyber threats than is found in more developed nations. In addition, open source software can be a potential way to reduce the cost of cyberspace defense and this thesis makes an initial investigation. The lesson of the thesis is that cybersecurity strategy is not a one size fits all and so it must be customized for each country.