Cybersecurity and the Fight against Cybercrimes in West Africa: current status, challenges and the future

News item | 07-12-2016

The growth in the use and development of information and communications technologies (ICTs) go hand in hand with the rise of cyber related crimes and activities in West Africa.  This makes for interesting times in the region, as measures need to be put in place to ensure that ICT growth is not stifled [and] cybercrimes are curbed. A number of cyber related Supplementary Acts to support the secure use of ICT services have been adopted within the Economic Community of West African States (ECOWAS) and are currently under implementation by Member States. In addition, the ECOWAS, in collaboration with various partners, is working to ensure the secure use of ICT services among its Member States.

Written by: Ms Folake Olagunju Oyelola, Program Officer – ICT, Internet & Cybersecurity Policy, Telecommunications Directorate of the ECOWAS Commission.

The Economic Community of West African States (ECOWAS) is a regional organisation of 15 Member States with a mandate to promote economic integration in all fields of activity of its constituent countries. Information and communications technologies (ICTs) play a key role in this context, given the fact that the ICT service sector is an important component of all ECOWAS Member States’ economies. The ubiquitous nature of the use of ICTs provides West Africa, a region of over 300 million people and counting, with unprecedented opportunities to accelerate social and economic development. Nevertheless, the misuse of ICTs and their vulnerabilities create cybersecurity and cybercrime issues.

Current Status and Challenges

The myth that only the Global North deals with cybersecurity and cybercrime issues can be dispelled, as today West Africa is more interconnected than ever before and the reliance of ECOWAS countries on the internet is on the increase, with an equal rise in the region’s vulnerability to cyber threats. For instance, the Minister of Communications for the Government of Nigeria announced a yearly loss of around 127 billion naira, due to cybercrime activities.

The region can be deemed an environment conducive to cybercrime activities for a number of reasons, such as:

1. Inadequate implementation of adopted legal and regulatory frameworks at the national level;
2. Sophistication of cyber-attacks and Governments’ limited capacity to deal with the complexity of cybercrime issues;
3. Limited technical and legal human capacity/expertise; and
4. Lack of awareness campaigns to sensitise stakeholders on cybersecurity and cyber laws.

With this in mind and in order to protect the citizens and businesses of West Africa, two supplementary acts on Electronic Transactions and Personal Data Protection were adopted in 2010, as well as a Directive on the Fight against Cybercrime within ECOWAS in 2011.

• The Supplementary Act on electronic transactions recognises the existence of such transactions in the ECOWAS space and defines the rules to regulate these activities, notably the obligations and responsibilities of actors, as well as measures to secure electronic transactions;
• The Supplementary Act on personal data protection aims to fill the legal gap relating to personal data protection within the Community. It is also aimed at establishing in each ECOWAS Member State, a mechanism to protect privacy through personal data collection, processing, transmission, storage and use; and
• The Directive on fighting cybercrime is aimed at bridging the legal gap related to cybercrime repression through the adoption of new offences specific to ICT. It also aims at adapting traditional offences related to ICT offences, sanctions and the punishment regime in force in Member States, to the new technological environment.

These community acts are being implemented by Member States in varying stages. The challenges faced by Member States include:

1. Lack of critical mass of expertise (Police, IT, Judiciary)
2. Only a few Member States have set up a Computer Emergency Response Teams (CERT)
3. Inadequate cooperation between Member States and the global community on cybercrime (investigation, electronic evidence etc.)

Moving forward

The borderless nature of cybercrime remains particularly challenging for ECOWAS countries. To achieve cybersecurity within the region, ECOWAS Commission developed a cybersecurity agenda in 2015 – “Enhancing Cybersecurity in ECOWAS region” to support Member States in strengthening their cybersecurity capabilities, to respond better to cyber threats and to ensure enhanced protection of their national infrastructure, thereby making the Internet safer and protect Internet users.

To move forward, the region also requires a combination of legal instruments, targeted awareness and sensitisation campaigns, as well as more capacity building workshops that cut across Member States’ Governments, highlighting the impact cybercrimes can have on countries’ socio-economic development. Various capacity building exercises have been conducted with a number of partners both on technical and legal issues, namely Global Forum on Cyber Expertise (GFCE), Council of Europe (CoE), Cybersecurity Alliance for Mutual Progress (CAMP), United Nations Conference on Trade and Development (UNCTAD) and the United States Government. Nonetheless, more capacity building initiatives are needed to develop technical and human expertise in the region.

As the threat of cybercrime remains omnipresent, Member States need to understand that a collective approach and responsibility is required to minimise the impact cybercrimes have on the region. To this end, ECOWAS has established various ongoing partnerships with GFCE, CoE, CAMP, ITU, among others, to encourage more public-private strategies to promote cybersecurity, as well as to enhance regional cooperation. Cybersecurity is a shared responsibility, and only by sharing information and best practices with different partners will the West African region be able to move forward in the fight against cybercrime.  

This article first appeared in the second issuse of the Global Cyber Expertise Magazine – November 2016.