In conversation Dr Albert Antwi Boasiako, National Cybersecurity Adviser of Ghana
As critical infrastructure becomes increasingly reliant on connectivity and cyber-attacks become regular headline news, it is clear that resilient cyber systems are critical to security in the 21st century. This year alone several nations across the Commonwealth have seen key institutions subject to cyber-attacks. In late August, a cyber-attack shut down the New Zealand Stock Exchange for four days, costing millions in damages. In June, Australian Prime Minister Scott Morrison announced that his country was the victim of several “ongoing and sophisticated” cyber-attacks on national infrastructure. Moreover, a troubling recent report has noted that the United Kingdom and India are the 2nd and 3rd most cyber-attacked countries in the world. In Africa, South Africa, Kenya and Nigeria saw well over a million cyber-attacks between them in 2020.
In light of this growing problem, Dr Albert Antwi Boasiako, National Cyber Security Adviser of Ghana, discusses how emerging cybersecurity threats must be approached in a spirit of collaboration.
The cybersecurity community, and indeed the whole planet stands on the brink of an event as similarly devastating as the COVID-19 pandemic. One day, we will wake up and there will be a computer virus that is shutting down our critical information infrastructure. Not a specific attack on our nuclear infrastructure or something equally dramatic, but rather, an assault on our daily ICT-driven functions. The cyber environment has become a tool of choice for criminal offenders and its implications go beyond just a single jurisdiction. From a Ghanaian or African perspective, such an attack would be catastrophic. As a country, we would be unable to operate without avenues of connectivity, such as online banking. For example, during the lockdown in response to the COVID-19 pandemic, we have been able to access banking services only because of this technology. Countries in Africa are especially vulnerable to such a threat as we are investing so much in digital connectivity in order to ‘catch up’ with other regions. The Ghanaian government’s “Ghana Beyond Aid” Agenda is being driven by digitisation. Yet, the rate at which we have adopted new technologies has accelerated beyond our capacity to make sure that our use of these technologies is secure.
To pre-emptively tackle this threat we need a concerted international response. Through my experiences working in international organisations such as the Commonwealth, as well as my recent appointment by the Ghanaian government as Independent Advisory Committee member of the Global Internet Forum to Counter Terrorism (GIFTC), I have come to appreciate the significance of international partners in addressing cyber-crime, cyber issues, and challenges in the digital ecosystem.
Cyber is a global commodity and international cooperation is needed for information sharing and for benchmarking. Countries with established cybersecurity ecosystems can use their skills and knowledge to help developing countries. But it goes beyond capability building too. In law enforcement, cyber cooperation is critical in accessing information stored on platforms hosted overseas, overwhelmingly in the US. All of this needs to be set against the context of our membership of the Freedom Online Coalition, so whilst we are taking steps to create effective cyber-responses we are doing so whilst also taking into account the human right to privacy.
As critical as it is to enable international governmental cyber cooperation, you also need multi-stakeholder engagement. It is simply not possible to have effective cybersecurity without the involvement of the private sector. You can police your physical space, but the private sector holds systems and data that otherwise would be inaccessible to governments without positive public-private engagement. Especially in our part of the world, the government does not have the research and development capabilities necessary to develop the sorts of systems that are needed to improve cybersecurity.
The entire ecosystem of critical information infrastructure, especially those used by the banks and health facilities, are predominately owned by private sector industries. In a national response to a cyber incident, you must have a way of effectively interacting with private sector players. And as much as a national government might seek the support of the private sector in dealing with a cyber threat, it is also vital that their voices are heard and consulted ahead of new legislation.
An emerging area of essential need for public-private engagement is over the growing concern of disinformation. For many countries the impact of fake news is limited to political subversion – worrying as that is in the developing world it has the ability to undermine the very peace and security we need to develop. To solve this problem we have to engage with the Big Tech firms to appreciate the peculiar dynamics we face. Understanding is key. Without an understanding of how disinformation manifests in the socio-political, economic space of a developing country, the impact cannot be assessed. From there we can establish systems to deal with the problem.
In curbing this problem, of course, we cannot rely on Big Tech alone. I cannot stress enough the importance of education in critical evaluation skills so that people are able to discern false news stories from real information. This sense of individual responsibility permeates across cybersecurity. By creating awareness of cyber risks, we can mitigate those threats. We all have responsibilities, the government is an enabler in terms of policy, strategy regulations and incentives for businesses to implement secure systems, but users also have a responsibility to contribute to a secure cyberspace.
Cybersecurity threats are increasing and the only way to tackle them is through robust public-private cooperation as well as working together with international partners. This is crucial in developing countries, for whom digital technologies are presenting an opportunity to catch up with the rest of the world. In these endeavours the Commonwealth is an important network in a web of international organisations for tackling cyber insecurity, with programmes such as the Commonwealth Cyber Declaration acting as the basis for Ghana’s own national cybersecurity policies. We expect and we hope that other countries are doing the same. We need a Commonwealth Family, because Ghana cannot be adequately cybersecure without working with our partners in the region as we are so interconnected.
Dr Antwi-Boasiako was speaking to CSG’s Editorial Team
.
Comments