Cybersecurity service providers, professionals to be licenced

Cybersecurity service providers
  • as gov’t heightens efforts to protect critical information structures

As part of efforts to enhance Ghana’s cyber resilience amid the increasing rate of cybercrimes worldwide, government through the Cyber Security Authority (CSA) has commenced the process of licencing cybersecurity service providers, cybersecurity establishments and the accreditation of cybersecurity professionals.

Speaking at a public consultation on the licencing and accreditation framework, the acting Director General-CSA, Dr. Albert Antwi-Boasiako, explained that the move is necessary to ensure cybersecurity service providers offer their services in accordance with approved standards and procedures in line with industry best practices.

Dr. Antwi-Boasiako further stated the licencing and accreditation framework is also aimed at raising the quality of cybersecurity service providers and improving and maintaining standards that offer baseline protection to the systems within Ghana’s digital ecosystem while complying with requirements of the law.

He said the engagement is meant to solicit inputs from industry players before the framework is submitted to the o CSA board for approval, which is expected to happen before end of the year for full implementation in January 2023.

By so doing, Dr. Antwi-Boasiako added, confidence will be built in this emerging profession and create more opportunities for skills acquisition, training and development in this critical sector “for our use and to meet the critical skills-shortage in this sector globally”.

Presenting the draft framework during the public engagement that saw about 100 cybersecurity professionals in attendance, Functional Lead-Legal and Compliance at the CSA, Madam Jennifer Mensah, said despite digital transformation generating a lot of prosperity and wealth for the world economy, cybercrime has increased at a greater rate.

“The work of cybersecurity establishments, cybersecurity service providers and cybersecurity professionals has been very, very important in securing our digital critical infrastructure and digital services. However, there are some concerns that there may be certain cybersecurity service providers, cybersecurity establishments and professionals who may be less credible and less competent, adopting substandard processes in rendering services to the detriment of Ghana’s digital economy. Hence the need for licencing and accreditation to regulate the industry’s intrusive nature,” she stated.

“National security considerations are driving regulations in the sector, demanding that all these stakeholders are in good standing. Therefore, there is a need for government to regulate the sector through the Cyber Security Authority to ensure compliance,” she added

Meanwhile, a directive for the Protection of Critical Information Infrastructures (CIIs) was launched by the Authority on October 1, 2021 to assist CII owners in registering with the Authority and guide them to protect their critical systems.

And, according to Deputy Communications and Digitalisation Minister Ama Pomaa Boateng during her address at the National Cyber Security Awareness Month launched earlier this week, from January 2023 all Critical Information Infrastructure Owners, whether in the private sector or public institutions, will be required to undergo mandatory compliance checks and audits to ensure the protection of Ghana’s critical systems.

“This audit and compliance action will be in line with regulations aimed at reinforcing the resilience and response capacities of these institutions against cyber-threats and incidents, as well as to ensuring a resilient, secure economy. This will help protect our critical systems from rising malicious cyber activities in the global landscape. They are also important to assess the adequacy and effectiveness of controls/measures put in place to meet requirements of the law,” she said.

Designated CII owners who fail to comply with the regulatory measures to protect the country‘s critical databases and systems will be sanctioned in accordance with the Cybersecurity Act, she added.

Leave a Reply