Worried by the absence of a coordinated approach in the fight against cybercrimes, information and communications technology experts hare seeking the revival of National Cybersecurity Policy and Strategy document.
Speaking at Telecom Executives and Regulators Forum, organised by Association of Telecommunications Companies of Nigeria (ATCON), Mohammed Rudman, president, Nigeria Internet Registration Association (NiRA), said the National Cybersecurity Policy and Strategy are supposed to be the highest document for Nigeria when it comes to cybersecurity.” It was supposed to be constantly reviewed so that certain frameworks of cybersecurity will always be added and implemented as security should be constantly reviewed for effectiveness.
“It was implemented in February 2015 during federal executive council meeting when they wanted to change the timing of the election of 2015, at that time President Jonathan approved that document. Since that time, I have not heard anything from the Office of National Security Adviser regarding that document. That document is the most critical document among all the cybersecurity documents coming out from NCC and NITDA; they are supposed to be all coordinated to have a national strategy to know where we are going.
“The Office of National Security Adviser needs to do more because Computer Emergence Response Team (CERT) is actually an output of that regulation. CERT that is supposed to handle and monitor activities of Nigerians, detect and respond to issues of cybersecurity derives its power from that document and nothing is been done much,” he noted.
Engr. Ike Nnamani, president, Demadiur Systems, publishers of Nigeria Cyber Security report, corroborating Rudman said that National Cybersecurity Policy and Strategy is a guideline for different organisations to secure their infrastructure against cyber attacks and how they can collaborate as well as report incidences of cybercrimes.
“As at today, I don’t know anything about this document after it was approved. What has happened with the absence of its implementation is that organisations and institutions’ cybersecurity efforts, as well as policies, are in silos without coordination and collaboration,” he added.
On the sovereignty of data, Rudman said: “we need to be ambitious in terms of localising our data. The target of NITDA to achieve 30 per cent local cloud adoption in five years is small. I have been an advocate of localising data and traffic in Nigeria for the last 12 years.
“I have been pushing that as a country with a huge population we can position Nigeria as a hub for internet content in Africa, right now South Africa, for example, has 70 per cent of their websites registered and hosted in South Africa, while 80 per cent of their internet traffic is localised within South Africa and IP resources they are consuming is 26 per cent.
“IP resources Nigeria is consuming is only 3 per cent while we are number seven in the world in the use of internet and people doing this are aware; the telecoms doing Network Address Translation, using private IP addresses.
“We need to find ways, to be honest to ourselves, find ways within the industry to collaborate while pushing the cloud. If we don’t have a localised cloud services, how can you regulate what you don’t have on the ground?
“The data centres we are using is somewhere in the world which you don’t know where it is, in fact, some of the data centres are hidden, they are in the black market. How do you regulate that?
“We have the infrastructure on the ground with international certified data centres with tier IV, what we need is the determination to ensure compliance with the directive for our data to be hosted in the country.
The biggest government agencies in Nigeria are not hosting their data in the country. You can’t be talking about data sovereignty when almost all your data is outside of the country,” he said.