The Next Big Threat — Is Nigeria ready?

If you have been paying attention, then you know cyberattack is definitely one of the biggest threat in the world. Disrupting nuclear programs (Stuxnet), attacking major financial services (Epsilon), allegedly influencing elections (US elections), activism (Anonymous), car hack/hijack (Jeep cars), the list goes on and on.

DDoS attack, disruption, hacking, phishing, cyber this, cyber that; hearing these words have become part of us. We hear them during election, protest, in our offices, pretty much everywhere. You can’t turn on the news without hearing these words. Some of the news are straightforward, some are so convoluted that even professionals find it hard to digest.

Because of how humanity continues to rely on technology, it makes technological safety of paramount importance. Any treat to the technology that revolves around us, becomes a threat to whichever part of us depends on that technology. The media and every major country right now is paranoid when it comes to cybersecurity. Why? — Because, they are paying attention.

With respect to Nigeria, if we are okay today, what happens if the next Boko Haram comes in the form of technology? — Imagine someone hacking into a hospital database, just to alter a patient’s diagnosis, or worse, intentionally prescribe the wrong medication remotely. (Now before you bury me for wishing ill towards our dear nation. Ask yourself, is it possible?). Is Nigeria ready for these kind of threats?

Lets face it, the way Boko Haram were handled at their early stage was terrible. The situation should never have gotten this worse. Within a short period of time Boko Haram proved to be uncontrollable with early attacks in Bauchi. In 2010, I think everyone within Bauchi metropolis heard the sounds of machine guns when Boko Haram went on rampage to free their fellow members from Prison. This happened right in front of Bauchi Emirs Palace, in the month of Ramadan, few days to Eid al-Fitr celebrations. I’ll never forget that day. The following year, Boko Haram attacked the UN headquarters in Abuja. That attack and other major ones immediately brought Boko Haram to global spotlight. After that, Boko Haram went haywire.

One doesn’t need to be a counter-terrorism expert to see the signs, if we were paying attention. The signs were all there. Nigeria was frowned upon and considered a failed state not because we were victims of terrorist attack. No, not all, but because we failed to/couldn’t contain Boko Haram on time. Our sloppiness resulted to Boko Haram growing far beyond control and having dominance of its true victims. It is good that things are getting better, but no doubt, Nigeria has failed the true victims of Boko Haram.

What are we doing to ensure that such scenario never happens again? Nothing, (or at least, not in the public view). We all know that Nigeria is not a proactive nation. We handle issues poorly before and after it happens. If we poorly address current issues, then what plans do we have for what is bound to happen? — If one says cyberattacks doesn’t pose a threat that could result in loss of life, sure I agree to some extend. It doesn’t directly. But it doesn’t mean cyberattacks are not capable of putting a nation in a miserable condition.

Nigeria is the biggest country in Africa by GDP and population. Gradually, we are seeing certain symptoms, which if left unattended might lead us to another disaster. God forbid!

In 2013, it was reported that some foreign LGBT activist(s) hacked the Federal Governments website because Nigeria(ns) decided the oppose LGBT rights. In 2015, INEC’s website was hacked on the day of the presidential elections. NITDA estimated that Nigeria(ns) lost approx $450 million to digital fraud. The following year, it was estimated at $550 million. In the same year, Nigeria saw a thousand fold increase in cybercrime. I am not only talking about the 419 scammers, defrauders, and social engineers. But also real hackers whom hijack infrastructure, hack emails or worse influence Nigeria’s policy and economy.

Internet usage in Nigeria is increasing (which is good), but with that increase comes more threats. Already, a lot of Nigerians (especially in diaspora) are mortified as a result of cyber related issues in Nigeria.

If these signs are not good enough, then Nigeria can learn from what is going on around the world. Especially the 2016 US election, the election campaign was allegedly influenced by cyberattacks. Nigeria is slowly moving towards digital voting. It is only a matter of time before the electronic voting devices becomes the target. (Ignore the fact that Nigeria outsource the electronic voting systems we use — which definitely have a tendency to be altered since we don’t even know the architecture behind the devices).

It is already a common trend in Nigerian elections to have allegations of voting/election hacking. Common trend is multiple registration by voters. How easier would it be to manipulate elections by the time we become dependent on just the electronic voting devices? Do you now agree that cyberattack is capable of altering a nations decision — The signs are all here, we are just not paying attention.

There is no humiliation in being a victim of cyberattack, but there is definitely something wrong in not addressing the problem. These problems won’t go away. On the contrary, they will actually become more severe. It is not that easy, remember the adversary only need to discover one way, which is a way to attack. But the defenders must defend all ways in, limit access, asses damage and in some cases counterattack. Because it is not that easy, that is why developed nations are steady fighting what is happening, ensuring it never happens again and investing for what is going to happen next. Nigeria should learn from that.

Even though we lack transparency in Nigeria with respect to cybersecurity, I believe there are some form of cyber-defense currently in place within the NSA, DIA or NIA. But the truth is, it is not enough for what is about to come. We need more cybersecurity professionals ready to fight the next battle.

According to Serianu (IT company), Nigeria has approx 1500 number of certified cybersecurity professionals. Even though, one does not need a certification to be a good cybersecurity analyst. The number still shows that Nigeria lack cybersecurity professionals. Especially in a country where emphasis is given based on ones credentials not abilities. The number (1500) is not enough to handle a major Nigerian state like Lagos. Let alone Nigeria as a whole.

A lot of IT professionals in Nigeria lack adequate technical training, and the truth is, it is not because they are not talented, but because they lack the necessary tools, environment, support and education. Our curriculum are outdated, our employers don’t provide adequate training/support. Unless one is able to afford (or lucky enough) to study out of the country. One will definitely be technically deprived. This experience is common among Nigerian IT/CS graduates in diaspora. Ask anyone that studied in Nigeria, and later find himself elsewhere to advance his/her study. We have all experienced that. You come out of Nigeria, just to realize you don’t even know 10% of what you were meant to know as an IT/CS graduate.

And if we think it will not catch up with us, then obviously we haven’t learnt anything. Even though advanced global problems tends to get to Africa last. It eventually does. How long until Nigeria steps on someone’s toe? Imagine China, Russia, or even some random activist organization focusing on Nigeria. We can’t defend ourselves, if we can’t defend ourselves today, how ready are we for tomorrow? What happens if some cyberterrorist decide to hijack Nigeria’s infrastructure? What would happen when the next election comes? Do we have enough manpower to ensure Nigeria is safe. The truth is we don’t. And the worst part is we are not preparing for it.

Consider Boko Haram vs. Nigerian Military. One good thing is that we have abundant manpower (Nigerian Army). Problem is, they didn’t have enough resources to fight Boko Haram. Well, in terms of cybersecurity, we actually lack both manpower and resources. Cyberwarfare is the new battlefield. This is the right time to start focusing on cybersecurity in Nigeria. But in order to get ahead of the curve before it gets worst, we need to invest in our cybersecurity sector.

In Nigeria, we have the ngCERT which operates under the Office of the Nigerian Security Advisor (NSA). But Nigeria also need a dedicated Cyber Security Agency or Command with a primary goal of combating cyberthreats. And not just a unit under another agency like NITDA that focus on IT development, NSA, NIA, EFCC or DIA but rather a dedicated IT defense agency, with 24/7/365 CSOCs (Cybersecurity Operations Centers) across the nation dedicated to monitoring, detection, analysis and response. This will not only help with cybersecurity, but it will also help create thousands of jobs across the nation.

Nigeria also needs to support in house IT SMEs by making them defense contractors (not outsourcing everything like we do, which always results in giving too much access to foreign nations). These SMEs can focus on research and analysis of tools and infrastructure Nigeria uses.

Above everything else, Nigeria needs to prep enough professionals. And not just IT/CS students, but lawyers who can handle cybersecurity policies, Law Enforcement Agents that can handle forensics etc. There is no better way to do that than to invest in students, employ professionals, offer cybersecurity scholarships etc. If we don’t tackle these problems soon, we are surely going to cry tomorrow. It takes time to build this, that is why most nations are working towards it. It is only logical we join the trend.

Cyberthreat is like climate change, not the flat earth vs round earth debate that one needs too much fact or proof. It is real. One cannot say he/she needs more evidence. Everything is out there.