Buhari inks National Cyber Security Policy and Strategy of Nigeria

The new National Cyber Security Policy and Strategy of Nigeria providing the broad framework for addressing cybersecurity has been signed by President Muhammadu Buhari, Technology Times has learnt.

Barring any last minute change, the President is to formally unveil the new document building upon National Cybersecurity Policy and Strategy (NCPS) 2014 of Nigeria on Tuesday, after it was signed last week.

Major General Babagana Monguno (Rtd), National Security Adviser (NSA), had last year inaugurated a multi-stakeholder committee to review the 2014 version to strengthen the nation’s cyber security architecture.

File photo shows President Muhammadu Buhari, seen in top left of photo, in a virtual in an online meeting session with his Ministers.

The NSA says the Committee’s assignment is part of periodic reform of the Nigerian cyber ecosystem to improve efficiency and reposition the nation to exploit the internet for improved security and economy.

The new NCPS is expected to direct the government's attention on key pillars of strengthening cyber security governance and coordination across stakeholders; fostering critical national information infrastructure protection; improve cyber security incident management and strengthen legal and regulatory framework, Technology Times has learnt.

Attention will also be focused on promoting a thriving digital economy, improving Nigeria’s cyber defence capabilities, guaranteeing monitoring and evaluation as well as promoting international cooperation.

The ONSA says that NCPS 2014 “is a comprehensive document that provides cohesive measures and strategic initiatives towards assuring security of the Cyberspace, safeguarding critical information infrastructures as well as building and nurturing a trusted cybercommunity.”

Major General Babagana Monguno (Rtd), National Security Adviser (NSA)

“The National Cybersecurity Strategy aggregates government collective responses towards mitigating the identified cyber threats, the risk exposure of the Nigerian cyberspace and exploiting its associated opportunities. The strategy articulates priorities, principles, and approaches to understanding and managing cybersecurity risks at national level” the Office of National Security Adviser (ONSA), which oversees the cyber security programme says.

The ONSA says that NCPS 2014 “is a comprehensive document that provides cohesive measures and strategic initiatives towards assuring security of the Cyberspace, safeguarding critical information infrastructures as well as building and nurturing a trusted cybercommunity.”

National Cyber Security Policy: The progress report

A 2017 progress report by ONSA states that Nigeria’s cybersecurity efforts through the implementation of National Cybersecurity Policy and Strategy and other legal instruments including the Cybercrime (Prohibition, Prevention, etc) Act, 2015 have resulted in the following:

The Cyber Watchman

Major General Babagana Monguno (Rtd), National Security Adviser (NSA)

i. Establishment of Nigerian Computer Emergency Response Team (ngCERT), which serves as the Coordination Centre responsible for managing cyber incidents in Nigeria (Section 42 (c) of Cybercrime Act, 2015). Furthermore, ngCERT coordinates establishment and operation of sector-based Computer Security Incidents Response Teams (CSIRTS). Currently, a project is in progress to indigenously re-design and improve the capability of ngCERT’s Cyber Threat Monitoring Platform, which on completion will incorporate data

analytics and other artificial intelligence functionalities to enable proactive cyber incident identification and management.

ii. Establishment of National Digital Forensic Laboratory, which coordinate utilization of the facility by all law enforcement, security, and intelligence agencies for investigation of cybersecurity-related incidents.

iii. Inauguration of the Cybercrime Advisory Council, which is responsible for advising Government on measures to prevent and combat cybercrimes, threats to national cyberspace and other cybersecurity related issues.

iv. Commencement of the process for comprehensive identification, classification and development of protection plan for critical national information infrastructure (CNII) for all sectors of the economy. This is with a view to conducting detailed risk assessment and

recommending for Presidential order to gazette the CNII. Currently, the portal to enable MDAs and private sector stakeholders to document their CNII has been deployed and the documentation process has commenced. To ensure the success of this project, it is essential for all stakeholders to visit the portal to document infrastructure that are critical to their operations. This is a national security assignment that is crucial to effectively safeguard Nigerians CNII.

v. Commencement of the process for enactment of the Data Protection and Privacy Law for the protection of personal information of Nigerians from compromise.

vi. Implementation of series of capacity building and training on cybersecurity for legal practitioners and Law Enforcement Agencies (LEA) in partnership with key stakeholders. vii. Development of this Action Plan framework for the implementation of the national cybersecurity strategy.

viii. Developing guidelines to assist individuals and organisations report cyber incidents relating to their systems, networks and infrastructure to ngCERT.