There has been considerable progress and achievements made in the implementation of the cybersecurity roadmap in Nigeria, since the inauguration of the Cybercrimes Advisory Council:
The Office of the National Security Adviser was reacting to a media report, in which experts and some council members had expressed displeasure over the operations of the council and the nation’s seeming ill preparedness to tackle cyber threats.
In the report, cybersecurity experts raised concerns over Nigeria’s ability to respond to possible cyberthreats, questioning the efficiency of the country’s lead advisory team and the management of its dedicated fund.
The Cybercrime Advisory Council, led by Mr Monguno, was set up in 2016 and was tasked with checking rising cybercrimes and formulating the modalities for implementing the Cybercrime (Prohibition Prevention) Act 2015.
While Nigeria is yet to face a significant cyber attack, experts said the country does not need to wait until that happens before it takes action.
They argued that with growing incidents of cybercrimes globally, structures put in place to address such threats need to be functional and funds judiciously used.
Nigeria lost about N250 billion in 2017 and N288 billion in 2018 to cybercrime, a Proshare report said.
“The ONSA has coordinating responsibility, various MDAs as well as private organisations have huge responsibilities in the implementation of Nigeria’s cybersecurity roadmap as highlighted in the NCPS 2021,” the aide said in the press release.
The NSA’s full response is reproduced below:
RESPONSE BY THE ONSA ON ITS COORDINATION RESPONSIBILITIES ON CYBERSECURITY IN NIGERIA
- The progress and achievements made so far since the council was inaugurated especially the recently published national cybersecurity policy\strategy document.
There has been considerable progress and achievements made in the implementation of the cybersecurity roadmap in Nigeria, since the inauguration of the Cybersecurity Advisory Council:
a. The cybercrimes incidences especially ‘Yahoo Yahoo’ (advanced fee fraud) have drastically reduced as a result of collaboration amongst various MDAs and the international community.
b. The resilience of banking platforms and cyber incidents readiness for the banking sector is part of the Federal Government’s efforts on cybersecurity and cybercrimes.
c. The Federal Government ensured the implementation of the Commonwealth Cyber Declaration signed in April 2018 by the Nigerian Government. This effort has enhanced cooperation between Nigeria, UK Government and the other Member States. This has also developed the confidence of investors, considering our current efforts in developing a cybersecurity ecosystem.
d. The national cybersecurity capacity review was completed by the Federal Government in 2018. The objective was to understand the cybersecurity maturity of Nigeria, identify gaps and facilitate planning as well as coordination.
e. The Federal Government has completed the identification, evaluation and classification of Critical National Information Infrastructure (CNII), awaiting presidential assent for designation and gazette. However, there are current efforts to facilitate the development of protection plans and guidelines for CNII.
f. Capacity building for law enforcement agencies in cybercrime investigation was conducted in 2018, 2019 and is still an ongoing process, in consonance with the Cybercrimes Act 2015. This has facilitated some arrests and prosecutions of cybercriminals with the most impact from EFCC and DSS.
g. The Review of the NCPS 2014 and development of NCPS 2021.
h. Nigeria played an active role and participated in the Open-ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security, which commenced in 2019.
The task of the Working Group was completed in February 2021 and the Report of the OEWG has been submitted accordingly. Implementation of the report and other similar efforts in the UN would ensure safe use of the internet for prosperity and against criminality.
OTHER PROPOSED ACTIVITIES IN 2021 AND ANTICIPATED IMPACT
i. There is an ongoing effort by the Federal Government to develop a framework for the establishment of the National Cybersecurity Coordination Centre (NCCC). The establishment of NCCC would ensure that the coordination of cybersecurity is seamless, with effective monitoring of the impact to achieve the objectives of the national cybersecurity roadmap for Nigeria.
j. The Federal Government has commenced the planning and preparation for sector-based sensitisation on the implementation of the NCPS 2021, which will be held between September to November 2021.
This has become necessary because MDAs and private sector organisations have responsibilities in the NCPS 2021 as outlined in the implementation action plan. These workshops will create that awareness for them to understand their responsibilities within the strategy, to facilitate its implementation.
k. Planning and preparations for the risk assessment of the 13 CNII sectors to facilitate the development of a protection plan for the CNII is currently ongoing.
l. Preparations for the development of an information-sharing platform as specified in the NCPS 2021.
m. There are ongoing efforts by the Federal Government to develop a 5G risk management framework before the final deployment of 5G technology in Nigeria.
As a follow up to the OEWG, the UNGA has approved the establishment of an Open-ended working group on the security of and in the use of information and communications technologies 2021–2025.
The Committee’s inaugural meeting was in June 2021 and main sessions are due to start in December. The Federal Government is galvanizing efforts of various stakeholders to ensure Nigeria plays an active role in the committee. It is likely the Committee work would facilitate the development of a convention on security on the use of ICT.
- Gains made by the fund and how it is being used\programmes targeted or being targeted.
a. The commercial banks have commenced remittance of the fund but there are still issues of current under-remittance from the banking sector. This is currently been resolved.
b. There are challenges with remittance from other businesses as specified in the Cybercrimes Act 2015. However, the Federal Government is working on modalities to develop regulations and guidelines to facilitate the full implementation as well as enforce compliance.
Cyber fund will be used for all cybersecurity activities including CNII protection, implementation of the action plan of the NCPS 2021, capacity building of security/law enforcement agencies, development of the CERT ecosystem, cybersecurity awareness, capacity building for both public and private sector, research and development, fund the activities of NCCC as well as facilitation of international cooperation.
- Reports that the advisory council has not been meeting regularly as stipulated by the cyber act.
The General Elections, the COVID 19 pandemic of 2020 and the review of the NCPS in 2020 distorted the regular sittings of the Advisory Council. But things will normalize with the current stability of the COVID 19 pandemic in line with the provisions of the Cybercrimes Act.
- Is Nigeria prepared in light of current global cyber threats?
Yes. This is achievable with the full implementation of the new NCPS 2021 by all stakeholders in synergy with both the public and private sectors in Nigeria as well as cooperation with the international community.
Please note that while ONSA has coordinating responsibility, various MDAs, as well as private organizations, have huge responsibilities in the implementation of Nigeria’s cybersecurity roadmap as highlighted in the NCPS 2021.
