UN wants Nigeria, others to deepen Internet safety
• Only 19 African countries are signatories to multilateral cybersecurity agreements
The United Nations (UN), arm in charge of global telecommunications, the International Telecommunications Union (ITU) has called on governments in Nigeria and other parts of Africa to deepen Internet safety.
The UN observed that as the world continues to recover from the disruptions of the COVID-19 pandemic, coping mechanisms such as increased use of virtual workspaces; online marketplaces and e-governance have become the norm. It said while this presents opportunities to revamp economies and streamline public service delivery, it may also heighten exposure to cybercrime.
The body noted that in Africa, many countries have seen a rise in reports of digital threats and malicious cyber activities. The results include sabotaged public infrastructure, losses from digital fraud and illicit financial flows, and national security breaches involving espionage and intelligence theft by militant groups.
The UN said addressing these vulnerabilities requires a greater commitment to cybersecurity. According to it, this requires enforceable policy safeguards, risk prevention and management approaches, along with technologies and infrastructure that can protect each country’s cyber environment, as well as individual and corporate end-user assets.
However, the latest Global Cybersecurity Index (GCI), released this June by the International Telecommunication Union (ITU), suggests Africa’s levels of commitment to cybersecurity – as well as capacity for response to threats – remain low compared to other continents.
The GCI report examines the cybersecurity landscape in 194 countries by the end of 2020 and assesses their commitment to improving cybersecurity based on five pillars: legal, technical, organisational, capacity development, and cooperation.
From the legal perspective, ITU said out of 54 African countries assessed, 29 had passed legislation to promote cybersecurity. Four others are currently at the stage of drafting policies or seeking legislative approval. It disclosed that Africa comes second to Europe in terms of the prevalence of legislation. Of all the pillars assessed, this was the measure where the region recorded its best performance. Still, it said these legal frameworks lack adequate depth and breadth as only 17 African nations have adopted specific legislation to tackle online harassment.
On technical readiness, ITU, which explained that this measures the mechanisms and structures put in place at the national level to deal with cyber risks and incidents, and particularly the existence of a reliable Computer Incident and Emergency Response Team (CIRT or CERT). Out of 131 CIRTs identified across the globe, only 19 are in Africa, with an additional two in the pipeline. Interestingly, six of the 19 emerged between 2018 and 2020, reflecting a notable rise in a short period. Africa has only nine sector-specific CIRTs, set to respond to particular risks. This indicates a lack of maturity in the region’s cybersecurity measures.
In terms of organisation, the telecommunications body examined whether coordination mechanisms are sustainable, if the roles and functions of implementing agencies are clearly defined, and possible actions to protect critical infrastructure. Based on this, ITU informed that only 10 African countries possess a national cybersecurity strategy that fully addresses measures related to critical infrastructure.
Capacity-wise, ITU said all but six countries in Africa lack capacity-development incentives for cybersecurity, which aimed to bridge the digital divide, build institutional knowledge, or address policy awareness limitations and skills shortages for cyber protection.
In the areas of cooperation, ITU observed that given that cyberthreats are borderless, countries need to embrace collaborative efforts on cybersecurity. As the GCI report reveals, just 19 African countries are signatories to multilateral cybersecurity agreements, in contrast to 41 European countries. Only 10 African countries have entered into bilateral cybersecurity agreements.
According to it, among the factors creating a conducive environment for cybercrime in Africa are limited public awareness and knowledge regarding the potential risks when using cyberspace, underdevelopment of digital infrastructure, limitations in institutional capacity to coordinate and implement available cybersecurity laws, and an absence of extensive cybersecurity policies.
ITU observed that a few countries stand out as regional cybersecurity leaders. For example, Mauritius and Tanzania are top performers in the region in terms of GCI Indicators for 2020, with scores of 96.89 and 90.58 out of 100, respectively. Areas of strength for these sample countries include consistent investment in information technology infrastructure and skills, CERTs that also inform citizens on digital rights, and cross-border collaboration on cybersecurity initiatives. It urged other African countries to learn from this.
Get the latest news delivered straight to your inbox every day of the week. Stay informed with the Guardian’s leading coverage of Nigerian and world news, business, technology and sports.