EDITOR’S QUESTION
EDITOR’S QUESTION
DINESH OP, TECHNICAL
MANAGER FOR AFRICA
AT SIEMON
TEDDY NJOROGE,
COUNTRY MANAGER
ESET EAST AFRICA
Africa at large is experiencing a
tremendous technological boom and
in turn, a growing and ever-evolving
threat to cybersecurity. It is therefore
imperative that as much as possible
is done to mitigate the dangers
posed, which is why the Internet
Infrastructure Security Guidelines
for Africa should be welcomed.
Recommendations by the African
Union Commission in collaboration
with Internet Society suggest critical
actions must be taken by various
stakeholders involved in Internet
governance and development across
the continent.
There can be no understating
the importance of the Internet
in helping to achieve socio-
economic development in Africa
– something that is recognised by
governments, financial institutions
and development partners. As well
as being a key driver for innovation
and social wellbeing, it is a source of
economic growth and organisations
are increasingly reliant upon it for
trade. Yet although Africa has made
significant progress in developing
its online infrastructure in the past
decade, compared to other parts of
the world penetration in Africa is low,
with only 25.1% of Africans having
Internet access, according ITU ICT
Facts and Figures 2016.
As an Indian, I saw how fast the
Internet developed in my homeland
15 years or so ago, and having since
worked the Middle East and, for the
last seven years, in Africa, I know
how quickly its use can spread with
the correct infrastructure in place.
However, despite double-digit growth
in Internet penetration across Africa
76
INTELLIGENTCIO
Unfortunately, Africa suffers from
a serious ‘implementation’ issue:
African policies often over-promise
and under-deliver. This is due to the
lack of implementation mechanisms
present in the latter policies as
well as the political indifference
surrounding these policies. Incumbent
governments have little incentive to
implement regional policies as, other
than for the sake of development and
better governance, there exists little
political pressure to spearhead and
implement the guidelines outlined in
this article.
A prime example of this would be
the ratification and adoption of
the African Union’s Convention on
Cybersecurity and Personal Data
Protection. The latter has been
ratified and adopted by fewer than
fifteen States of the total 54
African nations which comprise
the African Union.
over the past 10 years, progress could be stifled due to a shortage of skilled
human resources, limited financial investment, poor levels of awareness of
cybersecurity issues and a general lack of knowledge about the risks involved
in the use of information and communication technology (ICT).
The 2015 Deloitte Global Threat Index found that out of 127 countries
investigated, Kenya was ranked the 69th most vulnerable, while Symantec
observed 24 million malware incidents targeting Africa in 2016. The Internet
of things (IoT) could also compound the issue, with the number and variety of
connected devices growing exponentially across Africa.
The Internet Infrastructure Security Guidelines for Africa are a proactive step
towards improving cybersecurity and organisations will only benefit from their
introduction. However, their success will also depend on whether they are
adopted across all borders and regions. Technology based solutions for the
prevention and detection of cyberattacks must be accompanied by cross-
border collaboration in order to be effective. Put simply, with the Internet
becoming a critical component of Africa’s growth, cybersecurity is vital and
cannot be ensured without the collaboration all stakeholders. ¡
www.intelligentcio.com
Cybersecurity awareness remains a
major gap in the implementation
of these guidelines; African nations
have not invested enough in the
cybersecurity of their own bodies. A
significant percentage of parastatals
and other governmental bodies
still run on legacy software and
applications. This makes them
especially vulnerable to next-
generational ransomware attacks,
such as Petya and Wannacry.
Due to government’s failure to lead
by example, a significant percentage
of the African digital economy fails
to fully appreciate the advent of
advanced persistent threats in Africa.
This was highlighted by Serianu’s
Tanzanian Cybersecurity Report,
www.intelligentcio.com
which reported an alarming 98%
lack of awareness figure for the
East African Republic of Tanzania,
which lost a huge $85m to cybercrime
in 2016.
Thus, implementation of the
guidelines requires a revision of the
African consciousness regarding the
subject of cybersecurity, through
initiatives spearheaded by the
government with the assistance of
multiple stakeholders as outlined by
the guidelines.
African Nations will eventually
adopt these guidelines due to the
continued growth of the Internet in
the continent. The proliferation of
the Internet and cloud-based services
within Africa has had the effect of
exponentially increasing the number
of Africans online.
In order for the continued use of
the Internet within our continent
to remain sustainable, it is essential
for governments to legislate and
necessitate the adoption of essential
security practices. A prime example
of this would be the adoption of
secure protocols which should be used
in products and services supporting
Internet infrastructure. For instance,
TLS (transport layer security) is a
cryptographic protocol that should be
employed to protect web services. TLS
encrypts data exchanged in an HTTP
transaction and cryptographically
identifies one or more of the parties
engaged in a transaction. Privacy and
identity are fundamental elements
of secure Internet infrastructure.
Governments need to necessitate
this as a minimum standard for the
provision of digital services for their
citizens, to guarantee the safety of
their privacy and consumer rights.
Internet Exchange Points should also
be aptly implemented to facilitate
cross-border Internet connectivity, as
it enhances regional connectivity even
further. Governments should promote
the use of IXPs and increased
cooperation and connectivity between
different African networks. IXPs
limit the scope of cyberattacks and
improve the total Internet security
resilience of these areas. ¡
In order for the
continued use
of the Internet
within our
continent
to remain
sustainable, it
is essential for
governments
to legislate
and
necessitate
the adoption
of essential
security
practices.
INTELLIGENTCIO
77