Achieving reliable availability of a safe, secure, trusted, affordable internet for all is seen as a key enabler of the United Nations Sustainable Development Goals (SDGs) around the globe. People globally are relying more and more on the internet for access to education, healthcare, employment, commerce and information. Plus, the developing Internet of Things (IoT) with its myriad of connected sensors and devices promises to dramatically enhance the varied social and economic benefits of global connectivity—while simultaneously leaving further behind the world’s unconnected populations.
Indeed, it is becoming increasingly clear that achieving any of the SDGs to end poverty, protect the planet and ensure prosperity for all will not be possible without successfully accomplishing universal internet access.
The emphasis is on Reliable, Safe, Secure, Trusted, Affordable internet. While we embrace the open ecosystem of the internet, we must be cautious of the fact that we have not achieved a safe and secure internet, per se, at this point. Opportunities for cybercrime abound and are known to have caused major disruptions and losses for business, organizations, governments and individuals. Activities across Africa illuminate the challenges, opportunities and lessons learned in efforts to combat cybercrime, while internet access across the continent is growing toward internet inclusion for all.
Trends in cyberattacks and cybercrime
The IEEE Internet Initiative, in cooperation with IST-Africa, hosted an IEEE Experts in Technology and Policy (ETAP) Forum on Internet Governance, Cybersecurity, Privacy, and Inclusion in Windhoek, Namibia in May 2017. Sixty-five technology developers, policy makers and other stakeholders from 25 countries took part.
Event participants detailed the significant progress made across sub-Saharan Africa in the last decade in increasing cybersecurity awareness and in putting the necessary legal and implementation frameworks in place to foster a safe, secure, trusted environment as internet inclusion expands across the continent. However, while there has been good progress, it was clearly noted that many African countries have “a ways to go” and that collaboration and partnerships among African countries are an important component to achieving cybersecurity goals.
African countries are estimated to have lost at least $2 billion due to cyberattacks in 2016. Losses to cybercriminals included $171 million in Kenya, $85 million in Tanzania, and $35 million among Ugandan companies. The particular issues either contributing to the rise of or helping tamp cybercrime vary widely across the continent, participants said. There is a sense of urgency around the problem, too, driven by Africa’s smartphone explosion, which is transforming how public services are delivered and business and politics are conducted.
Efforts to improve public awareness and education on Internet safety and cybercrime
Increasing cybersecurity awareness is recognized as a key, cost-effective part of the solution to combatting cybercrime across Africa—as it is, as a matter of fact, everywhere else in the world.
The ability of cybersecurity-awareness programs to measurably reduce risk has been demonstrated, and, so, programs should be distributed broadly to and among users—that is, citizens, non-governmental organizations (NGOs), companies and government departments. Users have to have an opportunity to learn about the risks of using the internet and learn how to protect themselves and how to use the technology safely. South Africa is one of the paradoxical examples of problems and progress with regard to cybercrime. While the country is regarded as both a victim and frequent safe haven of cybercriminals, it also is home to one of Africa’s success stories of cybersecurity awareness: the Centre for Cyber Security (CCS) at the University of Johannesburg (UJ).
“It is the first such dedicated facility for Cyber Security established in Africa,” reads the CCS website, www.cybersecurity.org.za. “The establishment of this Centre at the UJ is a unique opportunity to advance the Cyber Security of all users in South Africa and Africa.
“The main purpose of the Centre is to act as a trusted, independent and objective body which can deliver a wide range of services in the area of Cyber Security and Critical Information Infrastructure Protection (CIIP) to stakeholders in SA, southern Africa and eventually Africa.”
How maximizing Internet inclusion for all impacts cybersecurity
Sustainability is another key consideration. How can we sustain a safe and secure internet as the number of internet users grows? Proposed tactics include training substantially more people to prevent and/or respond to cybercrime and instilling a culture of cybersecurity among young users.
There are needs for shared language on cybersecurity among policymakers and teachers, as well as to personalize cybersecurity education patterned to the devices people are using. For example, one of the ideas discussed at the IEEE event was how, when a computer or mobile device is purchased, the buyer could receive a copy of a cybersecurity clause (with terms and conditions translated into an easily understandable document) and acknowledge that he/she has read it. This would raise cybersecurity awareness and also be an opportunity to teach safe use (practices) of the internet.
What IoT proliferation means for data protection, privacy and resilience
The emergence and increasing use of IoT sensors and devices brings up new challenges in combatting cybercrime.
Companies have started using IoT devices in many African countries, enabling some very specific and inventive applications. For example, the IoT is being used to monitor moisture and machinery in sugarcane farming in Swaziland. Egypt, meanwhile, has made inroads toward implementing smart city concepts, with some deployment of fiber to the home and a plan to deploy 250,000 smart meters supporting electrical power in the country.
Egypt also is an example of where IoT rollout is outpacing and complicating data-protection legislation. Participants commented strongly that the need for harmonized legislation for cross-border issues is growing more clear as internet infrastructure (including IoT infrastructure) deployment and its use and users are rapidly increasing across the continent.
Development of national CIRTs
Vibrant, responsive cyberteams that are trusted, collaborative and reliable also are crucial to the vision of secure cyberspace in Africa. Computer incident response teams (CIRTs) have been established in many African countries (Cameroon, Uganda, Mauritania, Egypt and Mauritius, among them), but progress and effectiveness vary widely across the continent:
- National CIRT establishment in Namibia is underway and is seen as the central driver for badly needed public-awareness efforts
- Kenya has established cybersecurity strategy and a CIRT to mitigate the advance of cybercrime. The country’s widespread use of mobile money introduces particular challenges to be addressed
- South Africa has about four CIRT organizations, but public awareness of their roles and relationship to one another is not strong, according to participants at the IEEE event.
IEEE Internet Initiative working groups of diverse professionals today continue to explore the topics discussed at the IEEE ETAP Forum. With universal, reliable internet access so intimately linked with efforts to end poverty, protect the planet and ensure prosperity globally, it is critical that the world’s technical and policy communities work together to not let cybercrime undercut progress.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming event in Silicon Valley, London and Amsterdam to learn more.