Opinion: The Need for a Cybersecurity Agency in Nigeria

This post first appeared as an Op-Ed on Daily Trust Newspaper — published on June 21st, 2017. You can read the paper here

—

The new buzz statement is, “Data is the new oil.” In this digital era, data is what oil was in the 19th century. Everyone is talking about how data is going to be the new resource economies are going to be built upon — whether that is true or not; there is no doubt that data is valuable.

Gathering data to serve human needs has always played a significant role in human existence. From fighting wars (intelligence gathering), Hydrocarbon exploration (using geological and seismic data) to predicting the future (like weather), so we are better prepared for it. The hardest part of data gathering has always been turning data into information that results in intelligence.

However, due to the 21st-century digital revolution, technology has enabled us to make sense of the tiniest data. Technology made it easy to turn data into information. Analyzing data is no longer a craft. Trend analysis using statistical software is as easy as learning how to use the software. Artificial intelligence relies on collecting and analyzing behavioral data. The dependence upon these digital devices and tools to make sense of everything around us, gave rise to a new form of threats — digital threats (Cyberthreats).

Today, most governments and organizations worldwide are struggling to keep their cyberspace free of vulnerabilities and threats. Everyone is struggling to ensure their data and information are secured. Everyone is continually carrying out risk assessment/analysis and defining newer security policies to ensure safer cyberspace. One major challenge in fighting cybercrime is the lack of cooperation between the government and private sectors.

Most people believe that a lack of technical experts is the biggest challenge in cybersecurity. Contrary to popular belief, the lack of policy and standardization is the major challenge in tackling cybercrime. This is why all the advanced nations have dedicated cybersecurity agencies, units, and/or centers. These agencies/centers handle both the technical aspects and also the cybersecurity policies & regulations.

The US has the United States Cyber Command (USCyberCom), The National Cybersecurity Center (NCC), The Department of Defense Cyber Crime Center (DC3), etc. The United Kingdom has The National Cyber Security Centre (NCSC), ENISA, etc. Some international bodies like NATO have the Cooperative Cyber Defense Centre of Excellence (CCD COE).

Nigeria is not immune to global issues. According to Serianu (A Kenyan based IT company). Nigeria lost $500 million to cybercrime in 2016. Yet there is still no agency in Nigeria tasked with the work required to ensure safe cyberspace, protect data and information of Nigerian citizens or responsible for drafting, regulating, and ensuring compliance with cybersecurity policies.

DIA and NSA are doing a tremendous job in protecting our military intelligence and national security. NITDA is doing a fantastic job to ensure its primary goal of Information Technology development. Nigeria’s IT sector has improved since the creation of NITDA. But there is a difference between IT development and Cyber Crime Defense. They require different goals and skill sets.

There is a dire need for a cybersecurity agency in Nigeria. Implementing such an agency will give rise to a cyberthreat-aware nation — a nation where precautions and data safety is practiced nationally, not just within different agencies and ministries. Nigeria is a country with some of the most intelligent people on earth. With clear directives and guidance, learning the technical aspect of cybersecurity will not be hard for Nigerians.

The cybersecurity agency can focus on some of these issues among many:

• Cybersecurity Governance through regulations, policies, and compliance.
• Designing threat models and ensuring they are applied.
• Identifying potential cyber risk and help mitigate those risks.
• Ensuring the Cybercrime Act of 2015 is enforced and possibly help create more acts that meet Nigeria’s cybersecurity needs.
• Providing data protection mechanisms to ensure safer cyberspace.
• Provide cooperation between the public/government and private organizations that built the devices we use.
• Training cybersecurity professionals to ensure we are ready for the new form of warfare, etc.

We are not yet late. But we will be if we fail to act now. Cybersecurity is no longer a problem of the advanced worlds. It is a global issue.