The Cyber Security Authority by this ACT is to: regulate cyber security activities in the country; promote the development of cyber security in the country; and provide for related matters.
These other Acts also have various noticeable guidelines for our digital economy dealings. It will be interesting to see how these guidelines are enforced together to work for the betterment of our digital agenda.
Achieving the Objects
- Regulation and enforcement
The body is to regulate both owners of critical information infrastructure and their activities. To quickly get the ball rolling in this regard, the Authority needs to have a stakeholder engagement and establish codes and standards – and then set deadlines by which time compliance should be observed by all players. And to enforce compliance, appropriate sanctions should be outlined and properly communicated.
- Prevent, manage and respond
The big question under this objective is how the Authority will achieve this. Yes, in order to detect and prevent possible attacks we need to have in place a very good monitoring regime. There should be calls for world-standard providers of cybersecurity solutions for the Ghanaian cyber infrastructure. There is a need to establish a toll-free hot-line or short code with a well-established call centre to receive cyber-incidence reports for prompt responses.
To be successful, the authority must establish functional and proactive research teams looking into possible threats and proffering possible solutions at all times. We don’t need to only be reactive in this instance. We need to always remember that cyber space is characterised by rapidly changing innovations.
- Advisory Role
Another important object category in the Act is for the authority to be empowered enough to not only advise government, agencies and other regulators such as the BoG and NCA, but also to push for implementation of guidelines they will suggest – because the foundation of their work is hinged on security, which is always an urgent matter.
The authority will need to collaborate extensively with various stakeholders. Some of these bodies are well established and have handled security issues in ways best known to themselves in past. Now, to collaborate so as to achieve their objective, the Authority will need a lot of negotiations in order to get these bodies to yield to their advice/directives – which obviously will come from well-researched points of view. Otherwise, we stand to see power plays which will not allow the new Authority to function properly.
Cyber space also requires that our national authority collaborates with international bodies such the World Economic Forum, which has a set of internationally accepted standard guidelines. The Authority will also have to consider some work already done by reputable bodies. For example: the UN Regulation on cyber security and cyber security management system; The Geneva Association’s report on Cyber insurance as risk mitigation strategy; and the cyber security, cyber risk and financial sector regulation and supervision guidelines.
- Education & Capacity Building
Cyber security and its related matters sit at the heart of our digital ecosystem. Anyone who understands the various types of cyber-attack knows that users can be a weak link to attacks on a system. Awareness creation and capacity building in the public and private sectors is a priority. The more educated the society is about cybersecurity issues, the better it is able to ensure a robust digital ecosystem.
- Child online protection (COP)
It is now common knowledge that our children are already online. Yes, when online children are said to develop cognitive, communication and collaborative skills. However, the online environment they operate in is not 100% safe. So, the ITU has developed child online protection guidelines for all stakeholders – which the authority can carefully study and see how best to localise for our children’s safety.
My own SMARTKLIQ initiative since 2012 has done great work in selected public and private schools of some Ghanaian communities in this regard. A lot more needs to be done after several engagements with students of various ages. Cyber-bullying is very common, but not enough is currently being done to create awareness and help kids deal with it.