On July 23, 2018, African Union member countries organised a workshop in Addis Ababa, Ethiopia, on Cyber-Strategy, Cyber-Legislation and Setting up CERTs. It aimed at providing African experts with the appropriate cybersecurity knowledge to prepare and adopt National Cybersecurity Strategies and Cyber legislations.
Like elsewhere around the world, African countries are making all efforts to improve and find new ways to enhance cyber security. The efforts involve engaging policymakers, legislators and technical experts involved in cyber security policy and strategies as well as international specialised organisation.
But the prime purpose of the workshop in Ethiopia was to sensitise AU member countries on the opportunities and threats of the new digital world and highlight their impact on national security, economy and social wellbeing of the citizens. In addition, its goal was to equip the participants with appropriate knowledge to acquire a deeper understanding of the most important areas and foundations of cyber law, governance, technical and financial resources as well as the operational details of the essential blocs of a national strategy on cyber security.
As technology advances rapidly, so are the threats, taking advantage of loopholes and vulnerabilities therein. And these cyber-threats are committed in a sophisticated and organised style. The biggest driver that has completely changed the security landscape has been ubiquitous Internet access. Findings show that, in 2000, about seven per cent of the global population had access to the Internet. We now stand at just under four billion, which is roughly 50 per cent of the world population. Though this evolution offers opportunities for innovation, diversification, agility, and cost optimization, it also carries with it an increased exposure to a new and jeopardizing risk: cyberattacks.
The principal commitment today is to re-think priorities, principles, and approaches needed to develop an effective strategy on cyber security, management of cyber risks, identification of challenges of adopting cyber laws and adapting the exiting legal and institutional frameworks to the reality of the digital environment within African countries as well as strengthening the technical capabilities to adequately monitor and defend national networks against the emerging cyber incidents.
One participant rightly noted that "from the AUC’s perspective, a resilient and safe cyberspace depends on the successful implementation and execution of a holistic cybersecurity strategy, including the development of a vibrant ecosystem with strong legislative frameworks and technical know-how that gives an oversight over securing networks and protecting critical infrastructure”.
These developments and revelations underscore the expanding importance of cyberspace and cyber-security in Africa countries.
Tougher cyber-security actions are urgently needed, as the internet usage doesn’t only benefit those with ideal interests but also benefits those with ill-intent to cheat and harm the internet users. Terrorism, covert sabotage, espionage, phishing and many others cyber-threats are making digital life incredibly unease.
Like previous advances in communication technologies, states were harnessing the Internet for security needs as opposed to treating cyberspace as a unique domain. Due to these cyber-related challenges, it has become incredibly difficult to apply international law.
Thus, Africa must increasingly engage in numerous regional and international Cyber policy discussions and cyber capacity initiatives across the continent. We’re now living in the world of substantial interconnection and many countries around the world have recognized that cyber-security is a national security issue. So, Africa must increase efforts on capacity building and awareness-raising in collaboration with other regional agencies. Cyber threats are prevalent to all countries and no single is immune to it. Of course, collaboration of AU member states should be considered as a golden rule, hence enhancing regional and international cooperation to fight malicious activities in cyberspace.
Like I once noted in this column, for Africa to live up this commitment, AU member states must be willing and ready to sign and ratify the African Union Convention on Cyber Security and Personal Data Protection to begin with. Unfortunately, this Convention is yet to secure the minimum number to enter into force. Having said that, the Convention is a significant development in a continent often viewed as a safe haven for cyber criminals. But the Convention remains redundant if the lukewarm support remains.
The Convention, more importantly, addresses three main areas that are often seen as either not regulated or substantially dealt with by the governments in the region, namely electronic transactions, personal data protection, cyber security and cybercrime. Additionally, the Convention has also been welcomed that it highlights the importance of adhering to national legislations and international human rights law, with a particular emphasis on the African Charter on Human and Peoples’ Rights.
While there’re such ambitious initiatives and strategies to bolster cybersecurity, most of the African countries are reluctant to ratify the Convention. Article 24 of the Convention states that each State Party should develop a national cyber security policy, and Article 25 states that State Party must create legislation on cybercrime, to set responsibilities of national institutions, and to ensure the protection of critical information infrastructure. Together with other similar provisions, the treaty also outlines many safeguards for citizens with regard to processing personal data. Any undertaking to cybersecurity do nicely if it is working in legal and policy frameworks.
The writer is a law expert.
The views expressed in this article are of the author.