When African Union (AU) heads of state meet for their summit in January they are expected to vote on a draft cybersecurity convention aiming to protect their nations from cyberattacks on institutions and protect people from cybercrimes.
The Draft Convention on the Confidence and Security in Cyberspace due to be discussed at the summit in Ethiopia next month (24-31 January) would set a common cybersecurity framework for the continent.
The US National Security Agency (NSA) scandal and the revelations about Internet-based international spying have fostered a sense of urgency to improve cybersecurity in Africa, says Robert Njathika, a researcher at Strathmore Law School’s Centre for Intellectual Property and Information Technology Law in Kenya.
Yet other urgent political issues keep postponing the approval of a clear strategy, he says. Even if the convention, which has been in procedure since 2009, is approved at the summit, a lack of cybersecurity experts across the continent would delay its implementation.
“People across Africa are talking a lot about the NSA scandal and Edward Snowden. Policymakers now seem more motivated to push legislation for better online protection,” Njathika tells SciDev.Net.
But Njathika is concerned that the vote could be postponed again because, though cybersecurity is high on the political agenda, the AU is preoccupied with ensuring that Kenyan president Uhuru Kenyatta does not attend his trial at The Hague to face charges of crimes against humanity.
He is also concerned that insufficient consultation with defence ministries while drafting the convention could lead to further difficulties in implementation.
The draft convention includes sections on electronic commerce, personal data protection, cybercrime – with a special focus on racism, xenophobia and child pornography – and national cybersecurity.
Tim Akano, CEO of New Horizon Nigeria, an IT training company, tells SciDev.Net that the convention “is a good step in the right direction, but for progress to be made, the African leaders would need reasonable kilograms of political will and understanding of the issues involved in cybersecurity”.
He says that the national cybersecurity strategy in Nigeria is “in its infancy” though some “baby steps” are being taken, citing a recent move to enact Nigeria’s cybersecurity law.
“The leaders seem not to appreciate the fact that there has been a paradigm shift in national security in the new world of globalisation. Our leaders need a reorientation, not tomorrow but today,” Akano says.
Egypt could provide experts
The AU draft convention also encourages member states to promote cybersecurity education for IT professionals and to add offences for hacking computer systems to their criminal codes.
Akano says Africa has IT professionals but lacks well-trained cybersecurity experts. For example, levels of understanding and education in cybersecurity issues among Nigerian law-enforcement agents are not up to the standard of a country of 180 million people, he says.
“Cyberspace has become the centre of gravity as far as national security is concerned. A country without cyber warriors, without a national cybersecurity centre, is like a nation in the 1940s in Europe without national soldiers. The funding has not been felt. There are cyber professionals but they are not groomed, motivated and mobilised in a way that will make them become national assets,” he explains.
Njathika says that Egypt, the leader in cyber security in the region, could help other African countries to train the experts in cybersecurity. Egypt has years of experience teaching cybersecurity experts from other African countries and is “very open” to continuing, he says.
“Kenya has very good IT professionals, but most of them would need a three-year training in cybersecurity to become very good in this field,” he explains.