Nigeria's ability to combat cyberthreats under investigation
A report in the Premium Times has cast doubt on the ability of the National Security Adviser, Babagana Monguno and his Cybercrime Advisory Council to deal with the rising threat from cyber attacks both in Africa and Globally.
While Nigeria is yet to face a significant cyber attack, experts say the country does not need to wait until that happens before it takes action. Nigeria lost about N250 billion in 2017 and N288 billion in 2018 to cybercrime, a Proshare report said.
Aligning with global trends, Nigeria enacted the Cybercrimes Act in May 2015, its first law to deal with cybercrimes.
The law gave strength to a 2011 ECOWAS protocol on fighting cybercrime, and to the National Cyber Security Policy and Strategy adopted on February 5 of the same year.
The legislation empowered the National Security Adviser (NSA) and the Attorney General of the Federation to enforce its provisions and mandated the establishment of a fund for its operations.
With that decision, Nigeria became the fifth African country and the first in West Africa to enact the cybercrime law and set in motion strategies for its implementation.
However, while the legislation mandates the council to meet four times a year, Premium Times learnt that the council has only met six times since they were constituted in 2016.
The last time the council met was on July 20, 2020. By the provisions of the law, the council should have met about 20 times at the time. There are also questions surrounding the lack of transparency in the management of the funds.
A member of the council, who asked not to be named due to the sensitivity of the issue, said the council has not been serving the purpose for which it had been set up. The source said since the council has only been able to meet about six times since it was set up in 2016, its efficiency has been called to question “and members are not happy’’
The source also said there needs to be more openness in the management of the funds and its disbursement should be “for only projects approved by the council’’ and not ‘unilaterally’ approved by the NSA.
The mechanism through which the fund is to be disbursed is not clearly defined in the law and this has made its management at the discretion of the NSA, sources within the council argued.
One source said members were stunned recently when, after months of inactivity amid the COVID crisis, the NSA launched a National Cyber-security Policy and Strategy document “which had minimal input from the council members’’.
The source said the NSA also early this year, perhaps in reaction to the unease among members of the council over his handling of its activities, replaced some members.
The source, who was particularly concerned about the lack of transparency in the management of the fund, said “there is no accountability as per the resources that should have been utilised to meet specific timelines and projects specified in the National Cyber Security Policy and Strategy adopted in 2015’’. The source made it clear that the NSA is running a "one-man show."
Efforts to get a reaction from the NSA on the report were not successful as his known phone line was switched off despite several attempts to connect.
Two officials in the Office of the NSA initially agreed to speak on the matter on the condition of anonymity, but later failed to send a response days after an email was sent to them as requested.
A subsequent reminder sent to one of the officers asked to give an official response was not responded to.