Episode #71
Season 4, Ep.6:
“Cyber-Security
Awareness in Ghana is Below Minimum Threshold” – Cyber-Security & Forensics
Expert
AFRICA IN FOCUS SHOW
ACCRA, Ghana – Cyber-security &
Forensic Scientist Albert Antwi-Boasiako believes cyber security “is a collective
business that runs from individual to government”. In his view, Ghana must
develop a cyber-security culture “that will enable implementation of specific
cyber-security legislation and measures.”
Speaking to E.K.Bensah Jr on the “Africa in
Focus Show”, which commenced a series of discussions on Ghana and Africa’s
response to law enforcement and cyber-security, Antwi-Boasiako, who was
speaking to Bensah from the France/Geneva border, explained that he was in
Geneva to make presentations to UNCTAD during the UNCTAD e-commerce week.
Albert Antwi-Boasiako is the Founder and
Principal Consultant of the Accra-based E-Crime Bureau. He has spent the past
five years dedicating his life to forensic investigation and cyber-crime. In
his view, the cyber-phenomenon is “a new phenomenon”. He believes that, if even
the EU and the West are not fully-prepared to tackle it, how much more a
country like Ghana, where agencies are likely to be handicapped to fight it. It
is a given that, the financial sector will not have the capacity, and that it
would need specialist skills to address and engage specific issues, too.
Definition
of Cyber-Crime
The E-Crime Bureau founder explained that,
cyber-crime is “any criminal activity, which is committed using cyber-space or
an electronic medium.” He maintains in every jurisdiction, it is the Criminal
Code that identifies specific criminal offences. What is cyber-crime in Ghana
may not necessarily constitute a crime elsewhere. In principle, though,
Cyber-crime refers to specific criminal activities, especially offences that
constitute criminality.
That said there are two angles to the
definition: there is a difference between cyber-criminality and
cyber-facilitated crime.
Cyber-criminality usually involves criminal
activity involving IT infrastructure. This includes when someone hacks into a
protected network, such as Denial-Of-Service attack on a computer system.
Conversely, cyber-facilitated crime involves traditional criminal activities –
such as fraud; terrorism; blackmail; threats – that are facilitated through an
electronic medium.
Situational
Analysis of Cyber-security in Ghana
Antwi-Boasiako believes it’s erroneous as
professionals to be asking whether Ghana is serious about Cyber-security;
rather, it is important to examine the situational analysis, with a focus on
the following elements.
First: cyber-security awareness, which
needs to be looked through a certain matrix that includes the national; the
individual; and at the corporate level. At these levels, if one were to look at
the manner in which each handles electronic data, he would say that Ghana is
not ready at all. In his view, Ghana’s “cyber-security awareness is far below
the minimum threshold.”
Secondly, Ghana needs to look at
standardization of ICT products. For example, mobile money sector is on the
increase. We need as a country to be asking whether we have mechanisms to test
the system before it is deployed. In this area, Antwi-Boasiako believes Ghana
would also be marked low, as much more can be done.
Third, there is the issue of
cyber-legislation, or what he calls “Cyber-hygiene”. These are issues he says
are currently being discussed at the UN level. Antwi-Boasiako explains that,
Ghana is one of the few countries with data protection. Ghana has an Electronic
Transactions Act (2008); and Anti-Money Laundering legislation. However, he
adds, these legislations are not themselves cyber-crime legislation. There is a
Computer Misuse Act, but none in Ghana. Nigeria, he continues, has a
Cyber-Security Bill (2015), and Ghana’s Evidence Act was passed in 1960 – long
before personal computers.
For the Forensic Expert, handling
electronic evidence needs an unambiguous law to deal with it. The laws passed
recently have their own challenges. The big issue is that the legislation needs
to be reviewed to be in line with contemporary trends, where e-evidence
“becomes part of criminal proceedings.”
Ghanaians, for example, use smart phones,
which mean evidence is in the electronic domain. Ghana, he avers, needs to
empower law enforcement so that we get to the stage where we can use electronic
evidence “to convict people for murder; narcotics; human trafficking; fraud;
tax evasion; and terrorism.” For Antwi-Boasiako, the cyber-environment has
become the “centre of gravity around current criminalities.”
Still on Ghana, he explains how Ghana is
working on a National Cyber-Security Policy with the Ministry of
Communications. However, it is still in Parliament. It ought to be the
fundamental document that will guide all institutions in the country.
Another positive development for Ghana is
the Computer Emergency Response Team (CERT), which he describes as a
“cyber-NADMO”, or a cyber response to Ghana’s National Disaster Management
Organisation (NADMO). For example, if there is a cyber-attack on Ghana’s
e-sovereignty, CERT would help resolve the problem. Even then, it plays a
preventative role by monitoring Ghana’s cyber-space to ensure such attacks do
not happen in the first place.
State
of Cyber-security at the ECOWAS/AU level
As far as the regional space is concerned,
Mr.Antwi-Boasiako believes there “is no good news on ECOWAS.” The E-Crime
Founder laments how in Geneva he asked a senior ECOWAS representative hoe far
the region had gone on its Cyber-security work. To which the official lamented
how it had stalled because of lack of funding. In 2011, Antwi-Boasiako
maintains, the regional bloc signed up to a Directive against Cyber-Crime. He
equally-laments how, while it is good to fight cyber-crime at the UN level, if
ECOWAS can come together, “it would be useful.” For example, you could have
someone living in Nigeria, and committing cyber-crime in Ghana, but being able
to be tried in Ghana for prosecution if frameworks were implemented.
At the African Union level, the continental
organisation has a Convention on Cyber-Crime. When one is in Europe, avers
Antwi-Boasiako, one hears a lot about the so-called Budapest Convention on
Cyber-Crime. According to him, it was announced the week of the interview that
Senegal would be signing that international treaty, and Ghana is also to sign
soon. Antwi-Boasiako worries that African Member States seem to be more
receptive to the Budapest Convention than their own regional and continental
initiatives, which suggests a lot more needs to be done at these two levels. He
believes that, while it is good to have conventions like these, Africa’s
institutions need to benefit from it.
Other international initiatives on
Cyber-Security include the Council of Europe, which will help build capacity of
selected West African delegates from ECOWAS countries 9-11 May in Senegal. At
the UNCTAD level, the institution is helping ECOWAS member States harmonize
their Cyber-laws, and help them get the countries’ legislation in line. Apart
from initiatives by the UN Office on Drugs and Crime; and the US Justice
Department, INTERPOL itself is also holding expert groupings and training
programmes.
In Antwi-Boasiako’s view, ECOWAS needs to
act with some urgency on building its capacity on Cyber-Security.
Pressed to explain why it has taken so long
to implement strategies at the regional level, Antwi-Boasiako explained how it
was important to put things into perspective: cyber-crime, in his view,
“borders on security and national security.” Consequently, national security
may not necessarily involve sharing intelligence openly with Nigerian
counterparts. There are other dimensions including, the necessity of telcos
coming on board, as well as the rest of the private sector.
He deduced that, ECOWAS may probably not
have promoted private sector in Cyber-security, but without a shadow of a
doubt, we need “more engagement so that you can bring all fragmented working
groups into one pool so that” resources, expertise, and advisory services will
be available. He believes this will facilitate intelligence-sharing as well.
The
Way Forward on Cyber-Security in Ghana
In conclusion, it cannot be over-emphasized
how much of a collective business Cyber-security remains. It is a
multi-stakeholder eco-system that includes telcos; Internet Service Providers
(ISPs); and even developers of systems. According to Antwi-Boasiako, each one
has a responsibility to assume.
To this end, it is important Ghana pays
attention to developing a Cyber-security culture, and equally-appreciates
issues of Cyber-security that will eventually lead to specific actions. Our
e-commerce sector is growing. We need to develop and build capacity to help
detect and track the cashless environment, including anti-money laundering
systems.
Finally, Ghana needs to invest in technology
and policies in Cyber-security as the human factor remains the weakest link in
Cyber-crime cases. By incorporating these recommendations into Ghana’s policy,
we would, Antwi-Boasiako believes, be able to make a serious case in fighting
cyber-crime.
ENDs
------
The “Africa in Focus” Show is hosted by
Emmanuel.K.Bensah Jr from 14h05 to 15h00 every Wednesday on RADIO XYZ93.1FM. Since
May 2014, it has been offering compelling, cutting-edge content that seeks to
demystify, educate, and unpack ECOWAS, AU, & South-South Cooperation around
Africa’s integration. You can download all podcasts from www.africainfocusradioshow.org.
Follow the conversation on twitter on @africainfocus14, using #africainfocus.
Contact Emmanuel on 0233.311.789/0268.687.653
