- “ ….Every action counts, whether it is the individual who adopts good cyber hygiene, or a company that makes the effort to better secure their assets and data in cyberspace” …. S. Iswaran (Singaporean Minister-in-charge of Cyber security and Minister for Communications and Information)
The Cyber Security Authority has recently called on all businesses of any size to invest in some baseline cybersecurity measures. Fundamentally, there is a need to create awareness among the general public about their need to take online protection seriously.
Day in day out, many are falling for basic exploitative approaches such as social engineering. Especially during these early days of a new year and when people are looking new opportunities, many are falling for online employment and travel-abroad scams.
The Cyber Security Act 2020 mandates the Cyber Security Authority to regulate cybersecurity activities in the country; promote the development of cybersecurity in the country; and to provide for related matters.
These other Acts also have various noticeable guidelines for our digital economy dealings. It will be interesting to see how these guidelines are enforced, together, to work for the betterment of our digital agenda.
Achieving the Objects
It is important to remind ourselves of the Act’s essence as we await the master-plan from the CSA.
- Regulation and enforcement
The body is to regulate owners of critical information infrastructure and their activities. To quickly set the ball rolling in this regard, the Authority needs to have a stakeholder engagement and establish codes and standards and then set deadlines; by which time compliance should be adhered to by all players. And to enforce compliance, appropriate sanctions should be outlined and properly communicated.
- Prevent, manage and respond
The big question under this objective is, how will the Authority achieve this? Yes, in order to detect and prevent possible attacks, we need to have in place a very good monitoring regime. There should be calls for world standard providers of cybersecurity solutions for the Ghanaian cyber infrastructure. There is a need to establish a toll-free hotline or short-code with a well-established call-centre to receive cyber incidence reports for prompt response
To be successful, the Authority must establish a functional and proactive research team that looks into possible threats and proffers possible solutions at all times. We don’t need to be only reactive in this instance. We need to always remember that cyberspace is characterised by rapidly changing innovations.
- Advisory Role
Another important object category in the Act is for the Authority to be empowered enough to not only advise government, agencies and other regulators – such as the BoG and NCA, but also to push for the implementation of guidelines it will suggest, because the foundation of its work is hinged on security – which is always an urgent matter.
The authority is going to need extensive collaboration with various stakeholders. Some of these bodies are well-established and have handled security issues in ways best known to themselves in the past. Now, to collaborate so as to achieve its objectives, the Authority will need a lot of negotiations in order to convince these bodies to yield to its advice – which obviously will come from well-researched points of view. Otherwise, we stand to see power-plays which will not allow the new Authority to function properly.
Cyberspace also requires that our national Authority collaborates with international bodies such the World Economic Forum, which has a set of internationally-accepted standard guidelines. The Authority will also have to consider some work already done by reputable bodies. For example: the UN Regulation on cyber security and cyber security management system; The Geneva Association’s report on Cyber insurance as risk mitigation strategy; and the cyber security, cyber risk and financial sector regulation and supervision guidelines.
- Education & Capacity Building
Cybersecurity and its related matters sit at the heart of our digital ecosystem. Anyone who understands the various types of cyberattack knows that users can be a weak link to an attack in a system. Awareness creation and capacity building in the public and private sectors is a priority. The more educated the society is about cybersecurity issues, the better it is able to ensure a robust digital ecosystem.
- Child online protection (COP)
It is now common knowledge that our children are already online. Yes, when online children are said to develop cognitive, communication and collaborative skills. However, the online environment they operate in is not 100% safe. So, ITU has developed child online protection guidelines for all stakeholders – which the Authority can carefully study and see how best to localise them for our children’s safety.
My own SMARTKLIQ/DIGILIFE initiative since 2012 has done some great work in selected public and private schools of some Ghanaian communities in this regard. A lot more needs to be done after several engagements with students of various ages. Cyber-bullying is very common, but not enough is currently being done to create awareness and help kids deal with it.