Nigeria launches its national cyber-security policy as African cyber-threats mount – how it will turn policy into practical action
5 March 2021
At the end of February the Nigerian Government launched its National Cyber-Security Policy and Strategy, a weighty document that tackles an increasingly pressing issue. Russell Southwood spoke this week to Abdul-Hakeem Ajijola, the Chair of the Committee that oversaw the production of the report.
An excellent article by Nathaniel Allen, Africa Centre for Strategic Studies at the beginning of this year sets out some excellent African examples of cyber-threats (see link at bottom of this article):
- In June 2020, the Ethiopian Information Network Security Agency (INSA) thwarted a cyberattack from an Egypt-based actor known as the Cyber_Horus Group. According to INSA, the purpose of the attack was to create significant “economic, psychological, and political pressure on Ethiopia” over the filling of the Nile River’s Grand Ethiopian Renaissance Dam (GERD)…Though Ethiopian authorities claimed to have averted a broader attack, the Cyber_Horus Group did manage to hack into a dozen or so government webpages, posting messages threatening war if Ethiopia began filling the dam.
- The rapid diffusion of cyber capabilities and surveillance technology gives a wide range of actors operating in or targeting Africa the ability to conduct cyber espionage. For example, Pegasus malware, among the most sophisticated pieces of espionage software ever invented, was recently discovered to have infected systems in 11 African countries. The attackers were likely engaged in both espionage and domestic surveillance and appear to have come both from within and outside of Africa, with some targeting multiple countries.
- The espionage threat to the AU from China is so far reaching, in part, because of China’s role in providing the AU with ICT infrastructure. The Chinese built the African Union’s headquarters, which enabled it to build backdoors into AU servers and plant listening devices. China may have similar capabilities elsewhere in Africa, where it has built up to 80 percent of all existing telecommunications networks and set up government networks in over 20 countries.
- The National Security Agency of Nigeria and the municipal government of Johannesburg have each been victims of attacks that shut down services or leaked sensitive information.
According to Allen, only 15 African countries have completed national cyber-security strategies, which lay out strategic objectives and assign government-wide responsibilities for cyber threat monitoring and response. Eighteen have established the equivalent of national computer incident response teams (CIRTs), or multi-stakeholder groups of cybersecurity professionals who help countries respond to and recover from major security incidents. Only six African countries have ratified the Budapest Convention on Cyber Crime and eight the African Union Malabo Convention on Cybersecurity and Personal Data, two important treaties that help African nations share threat information, set uniform standards, and benefit from technical assistance and cooperation from the international community.
Nigeria had its first ratified Cyber-Security Policy in 2015 and the current one is an updating and development of this original strategy. Ajijola told me:”We called it a review.” And as he pointed out to me many of the threats are as much analogue as digital. The Committee responsible for the review was multi-stakeholder with members from civil society, academia and the private sector, as well as Ministries and Government agencies.
“In terms of the institutional architecture, different organizations have different responsibilities but we all have a collective responsibility. Everybody has a stake from the street vendor with a new phone to the Presidency.” There will be a Nigerian Cyber Security Co-ordination Centre and he asks me to highlight the word co-ordination:”We want to reduce the silos.”
“There’s already a national CERT team within the Office of the National Security Advisor and this will be a departmental unit of the Centre. It’s not an agency but a Centre. The Administration doesn’t have the appetite for a new agency but we thought let’s get something moving (with a Centre). We’re looking forward to a Centre that has a much more public-facing capacity, a reach-out function.”
The Centre will encourage different sectors of the economy to work on their own policies and structures:”For example, the Central Bank will do its own banking and finance operation and all regulators will be encouraged to do this: for example, sectors like civil aviation, telecoms and so on.”
The strategy has a focus on two key things:”Firstly, how do we foster cyber-security solutions as a sub-sector. We had virtual meetings with global and indigenous players. Secondly, let’s not make it a problem and a cost-centre, let’s make it a societal profit centre. The African cyber-security market is estimated to be worth around US$1 billion and will rise to US$4-5 billion. What jobs and taxes can you create from this opportunity?”
In strategic terms, the Policy has eight pillars plus one:
- Strengthening Governance and Co-ordination
- Strengthening legal and regulatory frameworks
- Assurance: Monitoring and evaluation
- Fostering protection of critical national information infrastructure
- Enhancing Cyber Defence Capability
- Enhancing international co-operation (recognizing the need for a cadre of cyber-diplomats)
- Improving cyber-security incident management
- Promoting a thriving digital economy
The plus one is how it might support anti-corruption activities:”We key into some of the themes of Government: how it can be used to try and moderate corruption and support anti-corruption activities?”
This week has also seen the launch of the Africa Online Safety Fund. The exponential increase in internet, smartphone and mobile network usage has created extraordinary new opportunities for socio-economic development on the African continent. However, this rapid growth rate has simultaneously created a range of safety concerns, including:
- Identify theft
- Bullying and harassment
- Sex trafficking
- Hate crimes
- Terrorist recruitment and promotion
- Mis or disinformation
- Financial scams
To address these issues, Impact Amplifier has created the Africa Online Safety Fund, with financial support from Google.org, and domain expertise from the Institute for Strategic Dialogue to finance innovative existing and new solutions to these challenges.
After a continent wide search, Impact Amplifier will be awarding grants from $10,000 - $100,000 to 26 organisations, from nine African countries. Click here to read more about the awardees and the online safety issues they will be addressing.
Worth following up:
Africa Centre for Strategic Studies
Africa’s Evolving Cyber Threats
Download a copy of the policy:
MTN Rwanda has launched a new music streaming service, MusicTime, that charges by the minute. The pay-as-you-go music streaming service allows customers to access both local and international music content at zero data cost. MTN customers can download the music app and can buy 120 minutes for around $0.20 or 300 minutes for $0.45. In both cases, the minutes are only valid for a week. The registration process requires customers to input their mobile number, the One Time Password (OTP) and a username to complete registration. The service is exclusive to MTN customers. MusicTime is new to Rwanda but not to the African market. MTN first launched MusicTime in South Africa in 2019 then shortly after acquired Simfy. (Source: Nexttv News)
Telecom Egypt, one of the largest subsea cable operators in the region, announces its plans to launch Hybrid African Ring Path (HARP) by 2023, a new subsea system that will outline the African continent, forming the shape of a harp. (Source: Tech News Africa)
The Botswana Research and Education Network (BotsREN) has become a registered member Research and Education Network (NREN) of UbuntuNet Alliance for Research and Education Networking.
UbuntuNet Alliance is an Association of NRENs of Eastern and Southern Africa, connecting them to each other and the general Internet through the UbuntuNet Network. (Source: Press release)
Mobile operator Expresso Telecom in Senegal, a subsidiary of Sudanese Sudatel, has finally obtained the confirmation of the telecom regulator to launch 4G, after several months of negotiations. The arrangement was signed last February 26, 2021, when a delegation of the Sudanese telecom group arrived in Senegal. Led by Magdi Taha the CEO of Sudatel, the delegation was offered an audience by President Macky Sall himself. The telecom regulator said, “Thanks to a balanced electronic communications sector, the launch of 4G by Expresso Senegal is a great leap in the promotion of digital technology as a growth driver.” Expresso Telecom received the 4G license a few days after the telecom regulator provided a formal notice to the company, accusing it of insufficient investment in its network.
ImaliPay, an African-based fintech start-up is making waves by reshaping the future of work in the gig economy. The Australian venture capital firm TEN13 reputed for investing in top-tier start-ups has invested an undisclosed amount of pre-seed funding in ImaliPay. ImaliPay joins TEN13's growing fintech portfolio; the likes of Chipper Cash and Bookipi. Other investors included in the raise are; Finca Ventures, Optimiser Foundation, Mercycorps Ventures, Changecom, and super angels from Norway, Nigeria, UK, and Kenya. The primary aim of the investment is to expand and accelerate its growth and footprint in Kenya, Nigeria, and South Africa to be the one-stop-shop for gig workers' financial needs. (Source: Press release)
Vodacom DRC and Mondia have announce the rollout of the Mum & Baby maternal health service across the DRC. Mum & Baby is a free-of-charge mobile health intervention service that provides Vodacom DRC subscribers with maternal, neonatal and child health information designed to encourage good health practices amongst pregnant women, mothers, partners and caregivers. Mondia creates Mum & Baby's tailored content in the local language, and includes expert articles, videos and information-sharing SMS messages.
The Central Bank of Somalia (CBS) has announced it has awarded the country’s first mobile money licence to Hormuud Telecom (HorTel). The licensing and regulation of mobile money service providers has been a key priority area for the CBS, as it seeks to ensure financial inclusion, consumer protection and financial stability.