A Review of the Nigeria National Cybersecurity Strategy

National Cybersecurity Strategy (NCSS) is the nation’s readiness strategy to provide cohesive measures and strategic actions towards assuring security and protection of the country presence in cyberspace, safeguarding critical information infrastructure, building and nurturing trusted cyber-community.
Nationa Cybersecurity Strategy

What is the National Cybersecurity Strategy (NCSS)?

National Cybersecurity Strategy (NCSS) is the nation’s readiness strategy to provide cohesive measures and strategic actions towards assuring security and protection of the country’s presence in the cyberspace, safeguarding critical information infrastructure, building and nurturing trusted cyber-community.

The NCSS comprises short, medium, and long-term mitigation strategies covering all national priorities, addressing the nation’s cyber risk exposure.

Specific key cyber threats worldwide are inimical to National interest are identified such as; Cybercrime, Cyber-terrorism, Cyberconflict, Cyber espionage, Child online abuse and exploitation. These threats have significant capability to damage the integrity of the nation, disruption of critical information infrastructure operations, undermine government operations and national security.

What is the Aim of the National Cybersecurity Strategy?

The aim of the NCSS is to provide a cohesive roadmap, initiatives, and implementation mechanism for achieving the national vision on cybersecurity.

What is the Nigerian Cybersecurity Vision?

Its vision is a safe, secure, vibrant, resilient and trusted community that provide opportunities for its citizenry, safeguard national assets and interests, promote peaceful interactions and proactive engagement in cyberspace for national prosperity – National Cybersecurity Policy 2014

But how can the goal and objectives of the National Cyber Security Strategy be achieved when most of the professionals have no idea about what the strategy entails?

How can we follow up on the implementation of the strategy when we don’t even know what the content looks like.?

In the course of my writing, I will be dissecting and reviewing the content of the National Cyber Security Strategy (NCSS), with the aim of knowing which of the objectives of the strategy has been achieved, those that are still pending, and those that are ongoing.

This will point us in the direction of asking the right questions from agencies (both public and private) that are responsible for ensuring the implementation of the strategy on a national ground. This will also help the public understand the roles of every stakeholder involved in the implementation.

About the Nigeria Cybersecurity Strategy

The NCSS was formed in 2014, and if we notice,a couple of improvements have happened to our national cybersecurity posture five years down the line due to implementation of some of the concerns of the NCSS such as:

  • The development and implementation of an appropriate legal framework, The Cybercrime Act 2015.
  • Establishment of National Computer Emergency Response Team (CERT) and introduction of a roadmap for implementing Detective, Preventive and Response capabilities to deal with cybercrime activities.
  • Protection of Privacy through The Nigeria Data Protection Regulations
  • The Strategy on Public-Private Partnership highlights the need for inter-agency collaboration with the private sector. It engages the framework for a public and private partnership in developing a cohesive response to mitigating cyber-risk.
  • National awareness programmes through multi-stakeholder engagement, and international cooperation in the countermeasures giving birth to National Cybersecurity Awareness Month, Child Online Safety, and many more.

There are other objectives of the NCSS that  are ongoing.These include;

  • Protecting Critical information Infrastructures which includes shared responsibility between government, owners and operators of critical infrastructure. Government approach to Critical Information Infrastructure Protection and Resilience (CIIPR).
  • National Cybersecurity Skills and Manpower Development is another area that we’ve had a lot of improvement in the last five years as many universities and other private training centers are now out there to develop cybersecurity skills and many are upcoming.

From here, we still have a long way to go to fully implement all of the concerns of the NCSS. The following areas needed to be address;

  • Building of a National Incident Management Strategy that will help the country to have a central pool of cybersecurity incidents, track them, and learn from how those incidents were resolved.
  • The continuous monitoring and review (i.e. assessment and evaluation) of the implementation and management of the National Cybersecurity Program, and the surrounding context that it operates within which is critical to providing assurance to various stakeholders that the National Cybersecurity program is able to safeguard our critical national infrastructure.
  • National Readiness strategy which addresses the willingness to empower the nation in building a comprehensive, coherent, structural and procedural capability at strategic and tactical levels in mitigating cyber risks.

The question is how can we rate ourselves after five years comparing what we have achieved so far. Maybe or maybe not we need to do a revision of the National Cyber Security Strategy (NCSS) to add up a new trend of concerns in the national context. We also have to answer the question of how well those implemented objectives have gone over the years.

Summary of the National Cybersecurity Strategy

The NCSS examines the strategic imperative of national cybersecurity. It highlights various strategies that will be used to implement the measures outlined in the new National Cybersecurity Policy.

These include the following:

  • The development and implementation of an appropriate legal framework, with initiatives that will allow for the identification and prosecution of cyber crimes that impact Nigeria regardless of whether they originate within Nigeria or are launched from outside of the country. It encompasses training the judiciary, security and law enforcement agencies, seeking international co-operation, public and private sector co-operation and public awareness programmes. It also introduces a special focus on data protection, privacy and lawful interception.
  • Establishment of a National Incidents Management Strategy which outlines the commissioning of a National Computer Emergency Response Team (CERT) and introduces the roadmap for implementing Detective, Preventive and Response capabilities to deal with cybercrime activities.
  • The strategy for Protecting Critical information Infrastructures including shared responsibility between government and owner-operators of critical infrastructure. It also highlights the ways in which early warning, detection, reaction and crisis management will be assessed, developed and implemented to provide a proactive readiness to react to and deal with threats towards Nigeria’s Critical Infrastructures.
  • The strategy seeks to ensure the development of information security assurance and monitoring plan. It includes a new national mechanism on cybersecurity assurance, adoption of fit for purpose standards for Governance, Risk and Control, Core Assurance Capabilities, National Enterprise Architecture Framework. It also endorses the adoption of application security testing as well as the adoption of a Balanced Scorecard Framework for cybersecurity.
  • The introduction of a sustainable strategy to develop, maintain and ensure Nigerians are informed and equipped to deal with cybersecurity events by establishing a mechanism for Cybersecurity Skill and Manpower Development initiatives. These initiatives will be driven through a public-private partnership. It introduces a model for certification of individuals to ensure the quality of competence in the field of cybersecurity relevant to the nation.
  • The strategy for protecting Nigerian Children from Online Child Exploitation and Sexual Abuse includes initiatives, such as the national awareness programmes through multi-stakeholder engagement, and international cooperation in the countermeasures.
  • The Strategy on Public-Private Partnership highlights the need for inter agency collaboration with the private sector. It engages the framework for a public and private partnership in developing a cohesive response to mitigating cyber-risk.

In conclusion, The National Internet Safety initiative is aimed at providing general public awareness, education, and advocacy through multi-stakeholders’ engagement, development of local tools, training software and applications in Internet safety and security readiness. It provides a mechanism for gauging the nation’s cybersecurity posture.

You can download the document here 

The NCSS was accompanied by an action plan document for its implementation spreading out the responsibilities and roles of all stakeholders involved for its success.

Nigeria National Cyber security strategy
About the Nigeria Cybersecurity Strategy

 

Total
0
Shares
0 0 votes
Article Rating
Subscribe
Notify of
guest
9 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Azeez Olayinka
Azeez Olayinka
4 years ago

Weldone. I want to know is there any way NCSS team accommodate membership so that experts from distant locations can contribute to the goals.

Hamzah 'Lateef
Hamzah 'Lateef
Reply to  Azeez Olayinka
4 years ago

Office of the National Security Adviser is responsible for the NCSS document. I guess any input and contributions has to be address to ONSA.

Rabiu shuaib
Rabiu shuaib
4 years ago

Well done,it very educative.

Kamilu Umar Boyi
Kamilu Umar Boyi
4 years ago

Very passionate and committed in learning and building my career in CyberSecurity.

Thank you

Hamzah 'Lateef
Hamzah 'Lateef
Reply to  Kamilu Umar Boyi
4 years ago

Wow. That is good to know, hope you will find a lot of resources online that can help you. Cybrary is a place I can recommend.

Ovuoke
3 years ago

Sir please help me…. I’m a teen, wanna become a cyber security pro, don’t have mentor or teacher.. already develop passion in cyber security. I’ll have came across a post on one Hacking blogs, which stated that for one to become a pro Cyber security, he/she need some essential hacking skill.. I wanna learn every essential skill of a hacker, so I won’t be a script kiddies.
programming
Operating system
Networking..e.t.c. I’ll wanna learn programming but don’t have someone to take me with it. I can’t learn on my own, it’s difficult for me to understand and I don’t know anyone who’s gonna teach me programming for free…i need your help sir please🙏🙏🙏
I don’t want to engage my self in Yahoo or other fraud activities, please help me!

Henrietta Ijenebe
Reply to  Ovuoke
1 year ago

Ovuoke please visit cybrary for very detailed materials to help your Cybersecurity journey. I hope this helps.

okorie christian
okorie christian
2 years ago

How can we ensure cyber security in Nigeria

Henrietta Ijenebe
Reply to  okorie christian
1 year ago

Hi Okorie Christian, please if you see this can you explain your question better? Thank you.

Prev
Attackers Distribute new JavaScript-based Trojan MonsterInstall using Game Cheats
MonsterInstall Trojan

Attackers Distribute new JavaScript-based Trojan MonsterInstall using Game Cheats

Attackers have distributed new javascript based trojan in form of game cheats

Next
The Human Firewall is Needed for the Effective Security of Organizations
The human firewall

The Human Firewall is Needed for the Effective Security of Organizations

Majority of today's data breaches and cyber attacks results from human error

You May Also Like
9
0
Would love your thoughts, please comment.x
()
x