News item | 31-05-2017
Cyber threats are evolving and increasing at a fast pace. African countries need to urgently scale up their efforts to effectively secure the internet and ICT infrastructures in order to enable their citizens to take advantage of the various new services offered by the internet. To this end, the African Union Commission in collaboration with Internet Society developed recently guidelines on internet infrastructure security for Africa. These guidelines recommend critical actions to be taken by various stakeholders involved in internet governance and development within the continent.
Written by: Dr. Dawit Bekele, Director of the African Regional Bureau of the Internet Society; and Ms. Souhila Amazouz, Senior Policy Officer, African Union Commission
The African Union Convention on Cyber Security and Personal Data Protection
To address the challenges posed by criminal activities committed over ICT networks in a manner that is relevant to regional and continental specificities and in response to the need for harmonized legislation in the field of cyber security and personal data protection across the African nations, the 23rd Assembly of Heads of State and Government adopted in June 2014 the ‘African Union Convention on Cyber Security and Personal Data Protection’, also known as the ‘Malabo Convention’.
The Malabo Convention seeks the establishment of a comprehensive continental legal framework that sets broad guidelines for electronic transactions, personal data protection as well as cybersecurity and cybercrime in the African cyber ecosystem. It embodies the existing commitments of African Union (AU) Member States at sub-regional, regional and international levels to build an information society that respects cultural values and beliefs of the African Nations, and guarantees a high level of legal and technological security to ensure respect of privacy and freedoms online while enhancing the promotion and development of Information and Communication Technologies (ICT) in the AU Member States. The Convention sets out the essential security principles for establishing a credible digital environment with a view to reduce the risks of cybercrime and abuse of personal data.
To facilitate its implementation by African countries, the African Union Commission in collaboration with Internet Society developed guidelines on internet infrastructure security for Africa. The Guidelines emphasize the importance of the multi-stakeholder model and the need for collaborative security in protecting internet infrastructure with particular focus on essential principles of internet infrastructure security in Africa. These include, most notably, raising awareness at different levels, responsibility, cooperation, and adherence of all the concerned actors to fundamental rights and internet properties.
Is Internet Infrastructure security a critical issue in Africa?
The past ten years have seen tremendous growth in the development of ICT infrastructure and internet access in Africa. From less than 5% in 2007, internet penetration reached 28% in 2015, bridging Africa’s gap to the rest of the world. Since becoming available, the internet has changed the lives of many African citizens who started relying on the internet to perform daily activities such as socializing, communicating or even making money transfers through mobile phones.The example of M-PESA in Kenya is striking as the transfer of money has allowed poor people gain access to the banking system and has also largely contributed to financial inclusion. However, the increased importance of the internet has also presented the African community with new challenges: as African citizens become connected to the rest of the world and dependent on the use of the internet and ICT, they become vulnerable and exposed to the misuse of these technologies and there is a need to ensure that the security of ICT and of the internet infrastructure is continually improved to maintain its integrity as well as internet users’ trust in its reliability.
Many African countries are facing several internet-related challenges in relation to security provisions to prevent and control technological and informational risks. The major security threats affecting African organizations and individuals are either generated from inside Africa or from outside the continent as part of global, sophisticated attacks. This results in users being prevented from accessing the internet and the creation of major obstacles to the use and development of the internet in the region. In particular, cyberattacks on internet infrastructure can and have cut off a whole population from access to the internet and may result in serious damage to the economy as well as threats to the security of African nations. Therefore, protecting internet infrastructures is critical in today’s Africa as it is experience the information age revolution.
Internet Infrastructure Security Guidelines for Africa
With internet becoming a critical component for Africa’s growth, its security is vital and cannot be ensured without the collaboration of various stakeholders. In this regard, in conjunction with the Africa Internet Summit (AIS) held in Gaborone, Botswana in June 2016, the Internet Society introduced a panel discussion on internet infrastructure security in Africa. The panel allowed open discussions and came up with preliminary input from the African technical community on the scope and directions to adopt towards developing a blueprint for African countries in their efforts to protect internet infrastructure from present and future threats.
On the basis of these exchanges, the Internet Society drafted a guidelines document on internet infrastructure security for Africa which was brought forward for further discussion in November 2016 at an expert validation workshop in Nairobi, Kenya, co-organized by the Internet Society and the African Union Commission. Selected experts from within and outside the continent came together to reflect over and finalize these Guidelines. Their main objective is to identify the major threats faced by internet networks in African countries and recommend the most crucial actions at organizational, national and regional levels by the various stakeholders that can support the resilience of infrastructure against cyberattacks.
This consultative process has led to the finalization of the Internet Infrastructure Security Guidelines for Africa which shall be publically distributed at the African Internet Summit in June 2017. Given the broad nature of internet infrastructure security, it would be opportune to complement this effort by further developing specific recommendations addressing all specific issues related to internet security, tailored to the African context.
This article first appeared in the third issue of the Glabal Cyber Expertise Magazine – May 2017.