Opinion: The Need for a Cybersecurity Agency in Nigeria

This post first appeared as an Op-Ed on Daily Trust Newspaper — published on June 21st, 2017. You can read the it here

The new buzz statement is Data is the new oil.” In this digital era, data is what oil is in the 19th century. Everyone is talking about how Data is going to be new the resource economies are going to be build upon.” Whether that is true or not, there is no doubt, that data is valuable. Gathering data to serve human needs has always played a significant role in human existence. From fighting wars (intelligence gathering), Hydrocarbon exploration (using geological and seismic data), to predicting the future (like weather) so we are better prepared for it. The hardest part of data gathering has always been turning data into information that results into intelligence. Hence, one reason why securing data was not as important as securing information.

However, due to the 21st century digital revolution, technology has enabled us make sense of the tiniest data. Technology made it easy to turn data into information. Analyzing data is no longer a craft. Trend analysis using statistical softwares are as easy as learning how to use the software. Artificial intelligence is solely based on collecting and analyzing behavioral data. The dependence upon these digital devices and tools to make sense of everything around us, gave rise to a new form of threats. Digital threats (Cyberthreats).

Today, most government and organizations across the globe are struggling to keep their cyberspace free of vulnerabilities and threats. Everyone is struggling to ensure their data and information are secured. Everyone is continually carrying out risk assessment/analysis and also defining newer security policies to ensure a safer cyberspace. One major challenge in fighting cybercrime is the lack of cooperation between the government and private sectors.

Most people believe that lack of technical experts is the biggest challenge in cybersecurity. Contrary to popular belief, the lack of policy and standardization is the major challenge in tackling cybercrime. This is why all the advanced nations have dedicated cybersecurity agencies/centers. These agencies/centers handle both the technical aspects and also the cybersecurity policies & regulations. The US has the United States Cyber Command (USCyberCom), The National Cybersecurity Center (NCC), The Department of Defense Cyber Crime Center (DC3) etc. The United Kingdom has The National Cyber Security Centre (NCSC), ENISA etc. Some International bodies like the NATO have Cooperative Cyber Defense Centre of Excellence (CCD COE).

Nigeria is not immune to global issues. According to Serianu (A Kenyan based IT company). Nigeria lost $500 million to cybercrime in 2016. Yet there is still no agency in Nigeria tasked with the work required to ensure a safe cyberspace, protect data and information of Nigerian citizens or responsible for drafting, regulating and ensuring compliance with cybersecurity policies.

DIA, and NSA are doing a tremendous job in protecting our military intelligence and national security. NITDA is doing an amazing job to ensure its primary goal of Information Technology development, no doubt Nigeria’s IT sector has improved since the creation of NITDA. But there is a difference between IT development and Cyber Crime Defense. They require different goals and skill sets.

There is a dire need for a cybersecurity agency in Nigeria. Implementing such an agency will give rise to a cyberthreat-aware nation. A nation where precautions and data safety is practiced nationally, not just within different agencies and ministries. Nigeria is a country with some of the most intelligent people on earth. With clear directives and guidance, learning the technical aspect of cybersecurity will not be hard for Nigerians.

The cybersecurity agency can focus on some of these issues among many:

  • Cybersecurity Governance through regulations, policies and compliance.
  • Designing threat models and ensuring they are applied.
  • Identifying potential risk, and help mitigate those risk.
  • Ensuring everything outlined in the Cybercrime Act of 2015 is being complied with, and possibly help create more acts that meets Nigeria’s cybersecurity needs.
  • Providing data protection mechanisms to ensure a safer cyberspace.
  • Provide cooperation between the public/government and private organizations that built the devices we use.
  • Training cybersecurity professional to ensure we are ready for the new form of warfare. etc.

We are not yet late. But we will be if we fail to act now. Cybersecurity is no longer a problem of the advanced worlds. It is a global issue.