Ghanam-Cyber-Security-Policy

Ghana: Cyber-Security Policy

Ghana now has a Cyber-Security Policy and Strategy that seeks to protect the country from attacks on its cyberspace. The policy, which was approved by cabinet in 2016, is a road map on what should be done to ensure that the country’s cyberspace is secure. The policy also talks about issues within the Cyber-Crime law enforcement area which currently is difficult for the law enforcement to implement because of the lack of capacity and necessary tools.

It has, therefore, outlined areas such as building the capacities of law enforcement bodies, as well as the legal fraternity such as the Attorney-General, judges and lawyers to empower them to deal with Cyber-Crime related issues. Briefing the Daily Graphic, the Manager of the Computer Emergency Response Team (CERT)-Ghana, Mr Eric Akomiah, explained that the policy was to secure and protect individuals from cyber fraud.

Legal frameworks

He recalled that in 2003, the Information Communications and Technology for Accelerated Development (ICT4AD) was enacted by Cabinet to govern ICT development in the country. Mr Akomiah explained that the policy was anchored on 14 pillars which cut across all sectors and what the government could use ICT for.

“Pillar 14 focuses on Cyber-Security, which talks specifically about what government wants to do with law enforcement to improve cyber security,” he explained.

He said in 2008, the Electronic Transaction Act (Act 772), which looked at different aspects of how transactions were done online, including specific legal text on how law enforcement could track criminals and prosecute them, was enacted.  “So in terms of legal infrastructure, we have an elaborate law that has all these things,” he stated, adding that it was that law that the law enforcement agencies were using today to prosecute cyber-criminals. He, however, said the challenge was that most of the law enforcement organisations were not savvy of technology, describing it as “a real challenge.”

Securing Cyberspace

Touching on events leading to the development of the policy, Mr Akomiah said in 2011, the Ministry of Communications reviewed the ICT4AD to look at the issues that were lacking in the policy. As a result, four things were identified, he explained, and identified them as Cyber-Security, broadband policy, green ICT and geospatial ICT. He added that the Ministry of Communications set up technical ad-hoc committees in 2011/2012 to work to develop the policy in those areas and also the government further set up the CERT to monitor and alert the country of possible attacks or any attacks on the Cyber-Space. The CERT, he stated, worked to show where there were weakness, “so that we can beef up those areas.” He said the second intervention was child online protection to ensure that innocent children were not taken advantage of by pedophiles. Mr Akomiah said because of the urgency of the intervention, the ministry set up a National Steering Committee, which had come up with a Framework Document draft.

At a three-day International Workshop on Criminal Justice Statistics on Cyber-Crime and Electronic Evidence on Wednesday, 29th March, 2017, the  Acting Director-General of the NCA, spoke on the potential increase in Cyber-Crime cases saying: “At the end of January 2017, the total mobile data subscriptions in Ghana was 20,064,110 with a penetration rate of 70.90% and as more and more people get access to data, we expect cases of Cyber-Crime to escalate. Another reason for this will be the fact that unscrupulous people are gradually shifting their strategies to other physically non-invasive strategies for crime and fraud. Also, new technologies and strategies are being developed daily to advance network security and these also have the effect of preventing Law Enforcement and Justice Agencies from securing the much needed electronic evidence.”

Take a peek at the Final draft.

As Songhai Advisory reported on 1/26/2017, internet penetration has deepened over the last decade, so too have Cyber-Security concerns. Home-grown ‘Sakawa boys’ employ advance fee fraud, phishing, electronic theft and other tactics to defraud Ghanaians and foreigners alike, while groups from further fields have targeted the Ghanaian state e.g. Turkish group Alsancak Tim, which was able to hijack 11 Ghanaian government websites in 2015[1] and Kapustkiy of the Powerful Greek Army group, which hacked into the Ghana High Commission in India in 2016[2]. In an attempt to protect internet users in the country, Ghana has adopted a Cyber-Security Policy and Strategy. The policy was approved by the cabinet last year 2016 and has now been adopted by parliament.

Credit: GhanaWeb, Ghana NCA and Songhai Advisory.
  • 4
    Shares