Cybersecurity For Africa: As Internet Penetration Grows, AU Seeks To Corral Online Crime

ADDIS ABABA, Ethiopia -- The African Union is gearing up to discuss a brand new security initiative for the continent, one that has the potential to improve safety for hundreds of millions. But this decision has nothing to do with the violence and turmoil currently upending countries like South Sudan, the Central African Republic or the Democratic Republic of the Congo -- instead, its focus is on Internet crime.

This is an issue that barely registers for most on the continent, where only about 16 percent of people – and just 6.7 percent of households – have Internet access, according to data from the International Telecommunication Union, or ITU. A 2013 report from the organization ranked countries around the world in Internet accessibility and affordability, and all 22 of the worst-ranking countries were African. For a continent plagued by food insecurity, conflict and poverty, telecommunications issues are often a low priority – which could be why the latest draft of the “African Union Convention on the Confidence and Security in Cyberspace” has been in the works for four years.

The new regulatory framework is scheduled for a vote at the next AU summit here in Ethiopia's capital city of Addis Ababa in late January. Its supporters argue that cybercrime is a growing scourge across the continent, due in part to rising Internet usage, a lack of regulation and limited opportunities to make money, which spurs some to turn to criminal activities – like advance-fee scams and phishing schemes – in order to get ahead. “Cyberspace has become the center of gravity as far as national security is concerned,” Tim Akano, CEO of the IT company New Horizon Nigeria, told SciDev.Net. “A country without cyber warriors, without a national cybersecurity center, is like a nation in the 1940s in Europe without national soldiers. The funding has not been felt.”

The continent's largest economy, South Africa, has already seen 70 percent of its Internet users affected by cybercrime, according to a report this year from Symantec (NASDAQ:SYMC). The second-largest economy, Nigeria, is infamous for its so-called 411 scams wherein criminals pose as wealthy account-holders who need help transferring funds. Internet usage may be low overall, but setting up a framework early could be a smart move considering Africa's youth bulge, especially since this year's ITU report found that young people on the continent are about 2.3 times as likely to use the Internet as the overall population, a ratio higher in Africa than in any other region on earth.

The new framework aims to “protect institutions against the threats and attacks capable of endangering their survival and efficacy [and protect] the rights of persons during data gathering and processing against the threats and attacks capable of compromising such rights.” That involves laying out some key principles for the continent to use in pursuing cybersecurity, setting up an institutional framework for regulating electronic transactions, encouraging IT education to put more of a focus on cybersecurity, and laying a foundation for penal practices.

But not everyone is thrilled about the draft. Corporations have reason to worry; the regulation would impose restrictions on their ability to advertise, sell goods without stating a clear price upfront, or pursue direct marketing. Private individuals might also object to some articles allowing the processing of personal data by the state for security purposes, or even the “compilation of personal data directly or indirectly portraying racial, ethnic or regional origin, parentage affiliation, political, philosophical or religious persuasions or labor union membership of persons, or data relating to health or sex life.”

Then there are procedural difficulties. Despite the rise of IT professionals across the continent, experts say the number of people well-versed in cybersecurity remains low. Furthermore, an AU framework will mean nothing without the political will in individual countries to hold users and companies responsible for upholding its mandates.

But assuming other big issues don't push cybersecurity off the agenda at this January's AU summit, Africa could be on its way to setting up a historic new framework for its burgeoning IT industry. For some, it couldn't come soon enough. “The leaders seem not to appreciate the fact that there has been a paradigm shift in national security in the new world of globalization,” Akano told SciDev.Net. “Our leaders need a reorientation, not tomorrow but today.”