Leveraging multi-stakeholder benefits process to cybersecurity policy in Nigeria
Cybersecurity is a critical subject globally, in Nigeria, the issue became important as Nigeria grappled with the scourge of cybercriminals popularly known as Yahoo Yahoo at the turn of the Millennium. While the innovations that birthed the likes of Facebook, Google, Apple, Huawei and other forms of innovative technology were being celebrated all over the world, Nigeria was grappling with managing its image. It appears many young people in Nigeria have sadly embraced the negative side of technology and are becoming renowned worldwide as cybercriminals.
The damage done is yet to be fully salvaged. According to a 2018 Nigeria Cybersecurity Outlook released by Deloitte, “Social engineering attacks conducted via emails, SMS and calls still the number one threat being faced in Nigeria as at today. Also, it is not enough to just know more about trends or attacks; it is about putting the right measures in place so as to be better prepared to defend against them”
Nigeria has since taken many steps to address the scourge by aligning with other efforts globally such as establishing the Computer Emergency Response Teams known as NG Certs. In February 2015, the Government adopted the National Cybersecurity Policy and Strategy prepared by the Inter-Ministerial Committee coordinated by the Office of the National Security Adviser. A few months later, Nigeria passed the Cybercrimes (Prohibition, Prevention, Etc) Act, 2015 which entered into force on 15th May 2015. The purpose of the Act is also to promote cybersecurity and cybercrime prevention, and it provides for obligations to the private sector.
Many stakeholders especially from civil society have criticized this law and are seeking judicial intervention to dislodge some parts of the law which are deemed non-right respecting. Also, there is an ongoing process to repeal and re-enact this law by the Legislative Arm of the Nigerian Government. The ongoing process is also being criticized as non-transparent because many stakeholders feel left out. The need for effective cross-stakeholder collaboration is widely recognized, as required in cybersecurity policy formulation process, with numerous international instruments reinforcing the message.
What’s clear about Nigeria’s approach is that it has been largely driven by concerns around security issues as well as implications for National security and business. Meanwhile, cybersecurity has relevance to individual users as much as it does for nations and businesses. This is why greater stakeholder involvement in cybersecurity policy development process is important. Civil society concerns have usually been around how human rights concerns are often jettisoned or deemed inconsequential in cybersecurity policy development. Internet security threats are complex, and they affect multiple stakeholders, therefore, they require coordinated efforts to be adequately addressed. Constitutionally guaranteed rights must be respected in the cyberspace i.e. the rights that apply offline must also apply online.
From an individual perspective, cybersecurity isn’t limited to freedom from cyberattacks but includes the right to privacy, right to freedom expression and protection of personal data; communication etc. this hardly makes it into the country’s cybersecurity agenda. This disregard for human rights may not be unconnected with the gaps that exist in the composition or the stakeholder mapping that currently exists.
The important role that all stakeholders have to play in ensuring that the governance of cyberspace remains open, inclusive, and sufficiently flexible to adapt itself to changing risks and challenges must be emphasized. Users are increasingly distrustful of the internet, and that poses a challenge to its future. “Users” trust is at the core Internet-driven business landscape, immediate steps to enhance users trust must be taken. Governments must ensure that users trust is not broken online by ensuring there’s a transparent and multi-stakeholder approach to the development of cybersecurity policies and strategies.
A truly multi-stakeholder approach to National Cybersecurity Strategy Development is poised to address this gap drawing on real-life examples of good practices in other climes. Governments, including military and intelligence sectors, could benefit from increasing their awareness of the multi-stakeholder nature of the internet and the vital importance of cooperation with other stakeholders to address security threats.
In conclusion, we must move away from paying lip-service to the idea of a multi-stakeholder approach to cybersecurity policy development process. There must be a genuine effort to make the process inclusive to capture different stakeholder group who are affected and can bring invaluable insight to the process. The more robust the inputs and the process is, the better the outputs. It must be noted however that the multi-Stakeholder approach is not a kill switch that addresses all the problems in a swipe.
It is, however, a fundamental approach that is able to give all stakeholders a sense of belonging and gives an opportunity to capture nuances, local context into the process. The approach is widely accepted as the optimal way to make policy decisions for a globally distributed network. The United Nations Internet Governance Forum embraces multi-stakeholder approach model and the model has also been adopted by a growing number of international organizations. The model will help to create a veritable platform for a multi-stakeholder conversation, knowledge sharing and learning in Nigeria around cybersecurity policy development and implementation.