NEPAD Planning and Coordinating Agency

Trans-boundary issues in Cybersecurity

Africa Internet Summit- Tunis, 2015

Towela Nyirenda Jere, PhD

Cyber-security imperatives

• Increasing number of users & devices (IoT)

• Geographical reach of the Internet

• “Freedom to innovate”

• Low levels of consumer awareness

• (Mass) surveillance

Cybersecurity & Human Rights

• Freedom of opinion and expression

– #ArabSpring #147NotJustaNumber #No2Xenophobia

• Right to information

• Privacy

• Right to development – access to the Internet as a human right

The African Declaration on Internet Rights and Freedoms

• promotes human rights and openness in policy-making and implementation in Africa.

• Part 1 - key principles

• Part 2 - requirements for effective realization of the principles

• Part 3 - call to action and recommendations aimed at different stakeholder groupings.

• (http://africaninternetrights.org/declaration-container/declaration/ )

Cybersecurity & International Law

• UN GA resolution on the right to privacy in the digital age (December 2013)

– human rights apply online in the same way as they do offline, including the right to privacy

– national laws on surveillance should comply with international human rights laws

• International Principles on the Application of Human Rights to Communications Surveillance (https://en.necessaryandproportionate.org/).

Peace and Security?

• Cyber-terrorism

• Cyber-warfare

• National security & classified information

• Organized crime

• Physical security of infrastructure

Cybersecurity in Africa – cyber incidents

• Internet

facilitated communication in child kidnappings

• Fraudulent

transactions

• Cyberespionage

• Chronic hacking

• Spreading of

malware

• Illegitimate emails

Africa Image: http://www.clker.com/clipart-369206.html

Cybersecurity in Africa – issues and challenges

20%

80%

% of Africancountries withCERTS*

% of Africancountries withoutCERTS

• *African countries with CERTS or cyber security legislation: Burkina Faso, Cameroon, Cote

d’Ivoire, Egypt, Ghana, Kenya, Mauritius, Morocco, South Africa, Sudan, Tunisia

• www.africacert.org/home/countries/

Cybersecurity in Africa – cybercrime legislation

UNCTAD Information Economy Report 2015

The AU Convention on Cybersecurity and Personal Data Protection

• create a reliable digital space where

electronic transactions can occur, personal

data is secure and cybercrime is

combatted.

– harmonize e-legislation

– personal data protection measures

– cyber security promotion

– fight against cybercrime.

The AU Convention - Objectives

• Define key cyber terminologies in legislation

• Develop general principles and specific provisions related to cyber legislation

• Outline cyber legislative measures required at Member State level

• Develop general principles and specific provision on international cooperation

The AU Convention - Structure

•Covers: Electronic commerce, Contractual obligations in electronic form & Security of electronic transactions

Part 1 - ORGANIZATION OF ELECTRONIC COMMERCE

•Covers: Personal data protection, Institutional framework, Obligations relating to conditions governing personal data processing & Data subjects rights

Part 2 - PROTECTION OF PERSONAL DATA

•Covers: Cyber security measures to be taken at national level & Criminal provisions

Part 3 - COMBATING CYBER CRIME

•Covers: Measures to be taken at the level of the African Union

Part 4 - COMMON AND FINAL PROVISIONS

AU Convention – Implementation • Consumer awareness

• Capacity building

• policy makers, law enforcement, judiciary, parliamentary representatives, media

Awareness & Capacity Building

• Ratification of AU Convention

• National legislation

Enabling Framework

• National & Regional CERTs/CSIRTs Response and

Recovery

Conclusion

• There is need for an all-encompassing mobilization of public and private actors in order for cybersecurity initiatives to be efficiently carried out, and for international norms and standards on the Internet to be effectually applied in all regions across Africa to combat potential threats, maintain international peace and security and safeguard international human rights.

Thank you

Merci

Obrigada

Gracias

شكر

Towela Nyirenda-Jere, PhD.

Programmes Manager

NEPAD e-Africa Programme

Email: towelan@nepad.org

Tel: +27 11 256 3600

Web: http://www.nepad.org/regionalintegrationandinfrastructure/infrastructure/ict