Framework for Cybersecurity in Nigeria

Similar documents
CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014

ITU Model Cybercrime Law: Project Overview

MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

National Communications Authority

Promoting Global Cybersecurity


Garry Mukelabai Communications Authority Zambia

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

Comprehensive Study on Cybercrime

Developing a Legal Foundation and Establishing Effective Enforcement: Case Study Kenya

LEGAL SOLUTION CYBERCRIME LEGAL SOLUTION LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL

Legal, Ethical, and Professional Issues in Information Security

UNODC tackling cybercrime in support of a safe and secure AP-IS

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

The cost of cybercrime the benefits of cooperation

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

EXPERT GROUP MEETING ON CYBERCRIME

LEGAL FRAMEWORK FOR THE ENFORCEMENT OF CYBER LAW AND CYBER ETHICS IN NIGERIA

Cyber Security Development. Ghana in Perspective

The commission communication "towards a general policy on the fight against cyber crime"

Cybercrime and e-evidence: challenges and solutions.

ITU/HIPPSA Technical Assistance on Cybercrime Law for the Republic of Rwanda, Kigali 11 th -12 th July 2013

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Draft Resolution for Committee Consideration and Recommendation

G8 Lyon-Roma Group High Tech Crime Subgroup

CYBER CRIME A COMPARATIVE LAW ANALYSIS SANDRA MARIANA MAAT. submitted in part fulfilment of the requirements for the degree of MAGISTER LEGUM.

BRIEFING COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES. Geneva 18 April David Satola

Consumer Rights in the Digital Age

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

Guiding principles on the Global Alliance against child sexual abuse online

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

China and International Governance of Cybercrime

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

International Cooperation in Cybercrime Investigations

Project III Public/private cooperation

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

RESOLUTION 130 (Rev. Antalya, 2006)

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Child Online Protection in Child Pornography Namibia

10007/16 MP/mj 1 DG D 2B

RESOLUTION 130 (REV. BUSAN, 2014)

PROJECT RESULTS Summary

A Criminal Intrudes into a Bank in Geneva Korean agents. Canadian agents make the arrest. Argentinian investigators. discover. attack came from Seoul

15412/16 RR/dk 1 DGD 1C

Sector(s) Public administration- Information and communications (50%), General public administration sector (50%)

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

ENISA s Position on the NIS Directive

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

OAS Cybersecurity Capacity Building Efforts

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Caribbean Cyber Security: Not Only Government s Responsibility

2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

ENISA Cooperation in the EU / NIS Directive

Package of initiatives on Cybersecurity

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

European Union Agency for Network and Information Security

Joint ICTP-IAEA School of Nuclear Energy Management November 2012

Cybersecurity and Vulnerability Assessment

E-Signature Law of Iraq no. ( 78) of 2012

UNODC. International Cooperation and Assistance in Cybercrime Matters

Donor Countries Security. Date

10025/16 MP/mj 1 DG D 2B

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

ECOWAS Cyber security Agenda

Presented by: Njei Check Head, Audit Security Division, ANTIC

Global cybersecurity and international standards

CYBERSECURITY LEGISLATION IT OUT!

Motorola Mobility Binding Corporate Rules (BCRs)

13967/16 MK/mj 1 DG D 2B

Itu regional workshop

Scope of the Member State mechanism

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

Developments in the field of information and

Inter-American Port Security Cooperation Plan

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

RESOLUTION 45 (Rev. Hyderabad, 2010)

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

2. Taking into account the developments in the next five years, which are the actions to be launched at the EU level?

KENYA YOUR RELIABLE PARTNER AT THE ITU. Candidate for the ITU Council in Region D

Statement of Chief Richard Beary President of the International Association of Chiefs of Police

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

RESOLUTION 67 (Rev. Buenos Aires, 2017)

Virtual Currencies and The Commonwealth. 1 June 2016

GLOBAL CYBERSECURITY INDEX 2016

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

Transcription:

Framework for Cybersecurity in Nigeria Basil Udotai, Esq., Director & Head, Directorate for Cybersecurity (DfC), Office of the National Security Adviser, Nigeria Praiamar Hotel, Praia, Cape Verde Nov 27-29, 2007

Moderator Speaker Dual Role 2

What are the issues? Increasing Reliance on ICT personal, business and Government; Gaps in Law Enforcement, Intelligence and National Security; Incentive for Public Sector Reform lacking; Private Sector Growth creates a hands off attitude Incentive not to lobby for reform; Business Model favors and supports current attitude; Regulator confused about proper role network growth; penetration; no content regulation; FDI protection, etc Lack of CREATIVE Involvement on the part of the International Community ITU proving to be a worthy exception WBG needs to catch up 3

Creative Int l Involvement? What would constitute creative international involvement in cybersecurity? When World Bank and other Development Partner Organizations begin to condition International Development Assistance and associated aids on the existence of a certain level of national framework on cybersecurity; Is there a precedent for this? 4

Of course, Corruption What is good for corruption is good for cybersecurity! 5

Typical Measures Policy: What do we need to promote; prohibit; prohibit and protect Law: cybercrime as strategy for cybersecurity; substantive and procedural law; criminalization of all undesirable activities occurring in the online environment and creating legal procedures for investigation, prosecution and conviction; Institutional Capacity Building: facilities and human capacity building all geared at ensuring that law enforcement and related mandates authorized by statute in the offline environment are migrated to the online environment as well; Public Private Partnership: most critical networks are now privately owned and managed around the world, fast becoming the case in Nigeria, ICT equipment manufacturers and solutions providers are all private; thus, the need to build consensus, agree on standards, rules and best practices for cybersecurity; Public Enlightenment: nature and impact of issues concerned; International Law Enforcement Cooperation: necessitated by the global domain of the network environment and the ability for criminal actions to occur anywhere and affect interests in other parts without limitation 6

What we have done Awareness started with the Press and covered all crucial areas Legal Reforms; we have proposed relevant laws, especially the Draft Bill on Computer Security and Critical Information Infrastructure; Institutional Capacity Building; designed models for establishing relevant Units at Agencies (Cybercrime Units, law enforcement; and Computer Crime Prosecution Units, at the Office of the AGF, which can become a model for states; Digital Evidence Management System and Judicial Reform Project, focusing on new Court Rules and Training of officials for Electronic Evidence Handling Public Private collaboration; Govt-Industry Forum on Lawful Interception, proposed to be continuous under a permanent framework to be known as Nigerian Information Security Alliance (NISA); National CERT; starting with Sector-based CERTs in the financial sector to be followed by the Telecoms sector and so on; International Law Enforcement Cooperation now member of the G8 24/7 Network, represented by EFCC, established broad based law enforcement relationship with many international law enforcement agencies, including the USA, UK, South Africa, etc. 7

Framework for Cybersecurity - Background The Tragedy of the Diplomat assassination in the Chez Republic; Presidential Committee on Illegal Online Activities Established in April 2004, following recommendations by the Presidential Committee on illegal online activities, Chaired by the National Security Adviser; It is an Inter-Agency body made up of all critical law enforcement, security, intelligence and ICT Agencies of government, plus major private organizations in the ICT sector; ToR include awareness and enlightenment programs targeting both public and private sector; building institutional consensus amongst existing Agencies, providing technical assistance to the National Assembly on Cybercrime and the Draft Bill; laying the groundwork for the computer crime enforcement and prosecution by relevant agencies; developing technical guidelines for industry on cybersecurity; and commencing relations with international law enforcement organizations CCIPS (USA), NHTCC (UK), NPA (SA), for global law enforcement cooperation 8

Framework for Cybersecurity Background 2 NCWG Structure and Management Economic and Financial Crimes Commission (EFCC), Nigeria Police Force (NPF); the National Security Adviser (NSA), the Nigerian Communications Commission (NCC); Department of State Services (DSS); National Intelligence Agency (NIA); Nigeria Computer Society (NCS); Nigeria Internet Group (NIG); Internet Services Providers Association of Nigeria (ISPAN); National Information Technology Development Agency (NITDA), and Individual citizen representing public interest. 2 Chairmen - HMST and HAGF 1 Coordinator General Council and Legal Adviser of NITDA 9

Framework for Cybersecurity Status NCWG was given 2 years within which to complete its mandate; Tenure expired December 2006; Directorate for Cybersecurity (DfC), was created as a permanent autonomous body within the Office of the National Security Adviser (ONSA) to takeover all assets and liabilities of the NCWG, including all uncompleted projects; Its main mandate is to develop and implement a National Cybersecurity Policy for Nigeria 10

DfC Summary of Mandate Implementing the National Cybersecurity Initiative (NCI); Drafting and/or proposing all relevant laws required to be enacted by the National Assembly for the security of computer systems and networks in Nigeria pursuant to our national strategies on cybersecurity; Establishing a National Computer Emergency Readiness and Response Mechanism with Early Warning System (EWS) and Alerts for all cyber related emergencies in the country; Establishing a National Computer Forensics Laboratory and coordinating the training and utilization of the facility by all law enforcement, security and intelligence agencies; Creating requisite technical capacity across law enforcement, security and intelligence agencies on cybercrime and cybersecurity; 11

DfC Summary of Mandate.2 Developing effective framework and interfaces for inter-agency collaboration on cybercrime and cybersecurity; Establishing appropriate platforms for public private partnership (PPP) on cybersecurity; Coordinating Nigeria s involvement in international cybersecurity cooperations to ensure the integration of our country into the global frameworks on cybersecurity; Executing such other functions and responsibilities as it shall consider necessary for the general purpose of promoting cybersecurity in Nigeria and fostering a framework for critical information infrastructure protection in the country. 12

Keep in Mind A good national measure should target: 1. Policy; 2. Law; 3. Capacity Building; 4. Public Enlightenment; 5. Public Private Partnership and Industry Alliance; 6. International Cooperation 13

Law Draft Bill entitled Computer Security and Critical Information Infrastructure Bill Pending before the National Assembly; Key mandate of the NCWG; Under direct supervision of the Attorney General of the Federation (AGF); Drafting Team comprising Legal, Technical and Policy experts; Process: A. Draft B. Review C. Revise D. Approve (AGF, President, FEC) E. Dispatch (executive bill); F. Public Hearing, Final Revision, Enactment 14

Law.2 What the Draft Legislation is proposing: A. Substantive Provisions; B. Procedural Provisions; C. Enforcement Responsibility all existing law enforcement agencies on the basis of statutory authority; D. Prosecutorial Authority; E. International Law Enforcement Cooperation 15

Law.3 Goal of the proposed legal framework: To secure computer systems and networks in Nigeria and protect critical information infrastructure in the country; In summary, Legislation seeks to criminalize 3 kinds of conducts: Conducts against ICT systems; Conducts utilizing ICT systems to carry out unlawful activities or commit crimes; and Unlawful conducts committed against critical information infrastructures (CIIP) deliberately targeting ICT infrastructures that affects the economic well-being of Nigeria and our collective security as a country; eg telecoms, power, oil and gas, civil aviation, etc level of punishment much higher 16

Law.4 Part I Offences & Enforcement Enforcement of the Act by Law Enforcement Agencies Unlawful access to a computer Unauthorized disclosure of access code Fraudulent electronic mail messages Data forgery Computer fraud System interference Misuse of devices Denial of service Identity theft and impersonation Records retention and data protection Unlawful Interception Failure of service provider to perform certain duties Cybersquatting Cyber-terrorism Violation of intellectual property rights with the use of a computer, etc Using any computer for unlawful sexual purposes etc Attempt, conspiracy and abetment 17

Law.5 Part II - CIIP SECURITY AND PROTECTION OF CRITICAL INFORMATION INFRASTRUCTURE Critical information infrastructure, etc. Audit and inspection of critical information infrastructure. Offences against critical information infrastructure. Civil liability 18

Jurisdiction, etc. Law.6 Part III General Provisions Powers of search and arrest. Obstruction. Admissibility and evidentiary weight of electronic documents Tampering with computer evidence. Prosecution. Forfeiture of assets, etc. Compounding of offence. Order for payment of compensation, etc. Conviction for alternate offence. Power to make Regulations Interpretation Short title 19

Capacity Building & Awareness Institutional Capacity Building: A. Enforcement Police Cybercrime Unit; B. Prosecution Computer Crime Prosecution Unit (CCPU) for the Office of the Attorney General recently approved by Mr. President; C. Judiciary Digital Evidence Management System and Judicial Reform Project, focusing on new Court Rules and Training of officials for Electronic Evidence Handling D. Public Private Collaboration (PPP) - CERT National Capability for computer emergency responses and incident handling issues: One size fit all (joint)?, or separate for industry and Government; Awareness Programs: 3 pronged approach: institutional, sectoral and general public enlightenment 20

Global Cooperation International Law Enforcement Cooperation provide adequate capacity (technical facilities and human skill) to enable cross-border information exchanges and joint LEA operations (MLAT no longer serves the purpose in view of speed and potential for multiple forum shopping by cybercriminals before hitting target. G8 24/7 Network; Council of Europe s Convention on Cybercrime; European initiative, open to all countries, currently 40 countries, including USA, Canada, South Africa and Japan. Nigeria is not a signatory member, but represented in the 24/7 Network by the EFCC; Our memo to Mr. President recommending Nigeria s accession to the Cybercrime Treaty 21

Conclusion While no two countries or legal jurisdictions are the same, issues of cybersecurity seem to cut across many countries and jurisdictions. So, basic frameworks that focus on changes in Policy; Laws; Capacity Building; Private Industry Partnership; International Cooperation and Public Enlightenment, at the very least, should be developed at national levels, employing models adopted successfully in other countries. If this conference makes any country here to take a look at its existing legal framework or the operational activities of her law enforcement organizations, for the purpose reforming either or both to meet the challenges of ICT, then this would be a very successful conference indeed. 22

THANK YOU CONTACT Directorate for Cybersecurity (DfC) Office of the National Security Adviser Three Arms Zone Aso Rock Villa Abuja Tel +234-9-630-3553 to 57; Ext. 2228 Mobile +234-803-306-6004 b.udotai@cybercrime.gov.ng 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback