Few years ago when the Office of National Security Adviser (ONSA) embarked on its endeavor to invest on cybersecurity solutions with capabilities to support government ministries, departments, and agencies (MDAs) alongside private companies, many Nigerians were concerned. Many noted that it was a very big mistake for the ONSA to think that companies would send their confidential data to a quasi “spy agency”. Interestingly, it has turned out that MDAs do not even want to support the ONSA solutions. You can download the National Cybersecurity Policy & Strategy here [those are the final versions excluding the signature of the NSA; they had sent me some copies then].
Office of National Security Adviser (ONSA) has expressed concerns over lack of interest by government agencies and private organizations to use its robust cyber security infrastructure for monitoring and securing their digital networks against cyber-attacks, Nigeria CommunicationsWeek has learnt.
Bala Fakandu, deputy director, Office of National Security Adviser (ONSA), said that there are huge gaps between government agencies and private organizations capacity to handle cyber-attack, noting that ONSA has overwhelming information generated through its deployed infrastructure to monitor cyber- attacks in the country which are not being use by the people.
“We have found out that Agencies are scared of using our robust cyber security infrastructure to protect and monitor cyber-attacks because, they feel that we are going to use the opportunity to spy on them,” he said
When they were crafting this, many people received the drafts, and sent comments to the government. It was also during the same period that they embarked on acquiring one-solution-fits-all cybersecurity technology which caused problems then. The Nigerian government had “awarded” about $40 million but the Israeli supplier in a press release “erroneously” celebrated it won $10 million deal in Nigeria [they later deleted the press release]. The contracts continued with the government focusing on tools and solutions over human capabilities.
Many experts had explained that it was an extremely poor strategy for government to invest on security at the level they had conceived the project. Typically, governments invest on peripheral defense – that means securing the cyberspace of Nigeria over securing intra-data used by companies and individuals. It makes sense to secure nodes and gateways that connect Nigeria to the external world – only government has the capabilities to do that. But it would be sheer stupidity to expect a bank to join on the illusion that government can secure its customers. Even other government agencies would not necessarily commit because digital data is really the business. If the government has access to it, you cannot predict how far it could use it!
Unless government is spying, legally or otherwise, it typically does not look at customer data. But to offer some of the solutions ONSA has, the likelihood of access to data is there. So, as the Director noted, the observation should not come as a surprise: no one will give its digital door key to government to secure its business.
Simply, the Director said it all – “We have found out that Agencies are scared of using our robust cyber security infrastructure to protect and monitor cyber-attacks because, they feel that we are going to use the opportunity to spy on them”.
Lesson on Market Study:
This is what happens when you do not do market study. Had they done one, they would have noticed that no company would hire government to secure its data. They did not, and went ahead and invested huge money. As I note in this piece, governments are better on peripheral security, not helping firms on securing their customer data.