LinkedIn Summary: Every year, Nigeria has been improving its cybersecurity laws and regulations. From NITDA to CBN, NSA to you name them, the laws keep evolving. In this piece, I argue, as I did when I spoke to the Senate last year that Nigeria does not have a cybersecurity law problem.
The thesis of my point is that cyber-criminals are lawless and no matter all the efforts to improve the laws, if you do not develop technical capabilities to stop them, nothing will change. Sure, you need good laws in the books to prosecute them, if you are lucky to lay hands on them. But the present laws are fair enough.
Nigeria needs to focus on deepening our technical cybersecurity resilience and capabilities instead of spending all the efforts on writing regulations.
Since 2010, Nigeria has created all kinds of cybersecurity regulations as the nation continues to find ways to curtail cyber-related attacks. President Jonathan government formulated some under the former National Security Adviser (Col. Sambo Dasuki, rtd) (download it here). The Buhari Administration has also created its own versions. From NITDA (National Information Technology & Development Agency) to Central Bank of Nigeria (CBN), all the way to the National Assembly, cybersecurity regulations have become amorphous ordinances in Nigeria. Last year, the Senate invited me to one of the sessions where I made a presentation.
The President of the Nigerian Senate, Senator Bukola Saraki, presented a paper during the National Conference on ICT and Cybersecurity which was held early this week in Abuja. He spoke eloquently on the challenges of cybersecurity in our nation, and the need for government to engineer effective policies to curtail their impacts.
In my presentation, I did explain that Nigeria does not have a severe problem of law. Rather, the challenge is technical resilience. Cybersecurity is a trade perpetuated by lawless people. That means, formulating laws will not fix the problem if you do not develop resilience and capabilities to prevent them from happening. The actors know their works are illegal.
Yes, most Nigerian laws are already decent enough to deal with them, if you can be lucky to lay hands on them. So, the focus should be developing homegrown capabilities over importing one-size-fits-all foreign equipment which adds no value. Recall, few years ago, the $10 million equipment installed in one room to secure Nigerian cyberspace!
In my talk, I made some proposals including harnessing talents across the nation to build organic pipelines of cyber-geeks with capabilities to secure Nigeria’s cyberspace. Ambiguously, Nigeria needs capabilities as we are losing huge money to cyber-criminals.
According to the 2017 Nigeria Cyber Security Report, the country was losing about N127 billion yearly due to cybercrimes.
Sure, our nation must continue to update our legal systems and frameworks. CBN has just noted that it would update its cybersecurity frameworks for the banking sector. That is important because we need a secure financial system.
The Central Bank of Nigeria said it was developing a Risk Based Cyber Security Framework for banks and payment service providers to combat internet fraud in the country. The Central Bank Governor, Mr Godwin Emefiele, said this on Thursday in Abuja at the 2018 Nigeria-JP Morgan Chase Cyber Security Conference.
Yes, despite all these frameworks and regulations, Nigeria needs to invest in technical capabilities on cybersecurity.