By Usman Zakari
The changing wind of global socio-economic atmosphere has brought with it the inevitability of transfer of most of human activities unto virtual networks – the Internet and its technological accompaniments. These changes affect not only the everyday communication between persons or organisations, they transcend into inter and intra-governmental activities, business transactions and even modern warfare. Our lives have changed forever with the cashless banking, for example, but while such transactions simplified life and dragged down the probability of one losing cash to robbers, we have been left to contend with online marauders who keep following trails of our electronic footprints to defraud not only individuals but also institutions and governments.
Security, from personal to collective, has also come under increasing emerging threats. Stand-alone and organized criminals have perpetrated crimes of monumental proportion by compromising personal and national cyber spaces. This month, the outing of the spy software, Pegarsus, which is used by organizations and nation-states to trail persons of interest, has opened more eyes to the realities of digital insecurity.
Taken together, the vulnerabilities we are all open to as we go about our normal life on the server space call for as much attention as our physical security, or even more. Digital vulnerabilities are even more serious than vulnerabilities from physical threats because while you can see physical attacks coming and thus able to take a decision on what to do; to either escape or take position to engage the attacker, in cyber-attacks one usually get to know after the fact.
Criminal gangs, especially insurgents, have also made the Internet a recruitment ground using the freedom offered by the many online platforms to wage a war of minds and win converts to their fold. This was amply demonstrated by the operations of the Islamic State in Iraq and Syria (ISIS), for example, and even our home-grown Boko Haram. For these reasons, therefore, there is increased attention and consciousness around cybersecurity, along with corresponding expenditure on necessary architectures needed to safeguard individuals, businesses and states. In this race for regulation of the cyber space, Nigeria is unusually up and doing, at least going by the elaborate National Cybersecurity Policy and Strategy formulated earlier this year by the Office of the National Security Adviser. “The opportunities offered by the cyberspace revolution”, the NSA, Major-Gen Babagana Monguno (rtd) wrote in his preface to the document, “also create a platform for the enhancement and effective synchronisation of the efforts of our intelligence, security and defence community towards addressing the myriads of security challenges confronting the country.”
This policy document is yet again a demonstration of the leadership that ONSA ought to give in steering Nigeria’s security and intelligence services to respond to present and projected threats. In his foreword, President Muhammadu Buhari captures, quite succinctly, the present security challenges and the place of cybersecurity in the current national security equation.
Somewhere in his three-page foreword, the president paints the two sides of the coin regarding the cyber space and the vision of his administration on what to do about it, which informed the formulation of the National Cybersecurity Policy and Strategy. He wrote: “An integral part of our approach to confronting these issues has been to hinge on the opportunities offered by the current technological and digital revolution. This approach stems from the recognition that our country is blessed with a large, young and entrepreneurial population, which offers us the unique opportunity to fully exploit the benefits of Information and Communications Technology (ICT) and the current digital environment. Our course of action is also premised on our understanding that the digital environment is central and indispensable to our national and economic security.” Understanding a problem, the saying goes, is half way into solution. The policy document demonstrates the knowledge of current realities and what the issues are globally and for Nigeria, specifically. In specific terms, the policy identifies seven major cyber threats for Nigeria, namely: online child abuse, cybercrime, election interference, cyber terrorism, online gender exploitation, pandemic-induced cyber threats, and other cyber threats. Cybercrimes, perhaps the most prominent and oldest form of those cyber threats, as we know, revolves around activities of scams who use phishing and Business Email Compromise (BEC), ransomware, and similar other means to defraud unsuspecting members of the public.
There are also the increasingly worrisome trends of child molestation through the use of the Internet and exploitation of gender, especially for young adults, giving rise to crimes such as black-mail, online-induced rape, cyberbullying, among others. But the policy also made a more startling revelation on the activities of terrorists and their targeting of the cyberspace. According to the document, “There is now an increasing likelihood for cyber terrorists to use cyberspace to inflict violence through the targeting of critical assets including, financial systems, military networks, transportation infrastructure, telecommunications systems and government services, amongst others. Terrorists and other organised illicit groups have also mastered the use of cyberspace to enhance their operations or cause apprehension through spreading of fake news and hate speech.”
However, true to its title, the document did not only diagonised the problems, it offers strategies to proactively respond to the threats. For me, this is where the document’s most important merit lies. Aside succinct proposals on how to respond to each of the threats identified and what stakeholders–local and international–to involve, the document has a well-laid out eight pillars for Nigeria’s coordinated cybersecurity response. As an icing on the cake, the new policy also gave a government’s backing for a National Cybersecurity Coordination Centre (NCCC) domiciled in the office of the NSA.
Beautifully, the policy document is formulated not with the mind of a winner-takes-all mentality, typical of Nigerian public service. Rather, it takes into cognizance the key roles bound to be played by a number of government’s agencies and bodies, and incorporated roles for not only the government but also the citizens, businesses and international partners. The aim, evidently, is to attain “a safe and secure digital community that provides opportunities for its citizenry and promotes peaceful and proactive engagements in cyberspace for enhanced national prosperity”, in line with the vision of the policy document.