26.04.2016 Feature Article

“Cyber-Security Awareness in Ghana is Below Minimum Threshold” – Cyber-Security & Forensics Expert

Cyber-Security Awareness in Ghana is Below Minimum Threshold – Cyber-Security  Forensics Expert
26.04.2016 LISTEN

ACCRA, Ghana – Cyber-security & Forensic Scientist Albert Antwi-Boasiako believes cyber security “is a collective business that runs from individual to government”. In his view, Ghana must develop a cyber-security culture “that will enable implementation of specific cyber-security legislation and measures.”

Speaking to E.K.Bensah Jr on the “Africa in Focus Show”, which commenced a series of discussions on Ghana and Africa’s response to law enforcement and cyber-security, Antwi-Boasiako, who was speaking to Bensah from the France/Geneva border, explained that he was in Geneva to make presentations to UNCTAD during the UNCTAD e-commerce week.

Albert Antwi-Boasiako is the Founder and Principal Consultant of the Accra-based E-Crime Bureau. He has spent the past five years dedicating his life to forensic investigation and cyber-crime. In his view, the cyber-phenomenon is “a new phenomenon”. He believes that, if even the EU and the West are not fully-prepared to tackle it, how much more a country like Ghana, where agencies are likely to be handicapped to fight it. It is a given that, the financial sector will not have the capacity, and that it would need specialist skills to address and engage specific issues, too.

Definition of Cyber-Crime
The E-Crime Bureau founder explained that, cyber-crime is “any criminal activity, which is committed using cyber-space or an electronic medium.” He maintains in every jurisdiction, it is the Criminal Code that identifies specific criminal offences. What is cyber-crime in Ghana may not necessarily constitute a crime elsewhere. In principle, though, Cyber-crime refers to specific criminal activities, especially offences that constitute criminality.

That said there are two angles to the definition: there is a difference between cyber-criminality and cyber-facilitated crime.

Cyber-criminality usually involves criminal activity involving IT infrastructure. This includes when someone hacks into a protected network, such as Denial-Of-Service attack on a computer system. Conversely, cyber-facilitated crime involves traditional criminal activities – such as fraud; terrorism; blackmail; threats – that are facilitated through an electronic medium.

Situational Analysis of Cyber-security in Ghana

Antwi-Boasiako believes it’s erroneous as professionals to be asking whether Ghana is serious about Cyber-security; rather, it is important to examine the situational analysis, with a focus on the following elements.

First: cyber-security awareness, which needs to be looked through a certain matrix that includes the national; the individual; and at the corporate level. At these levels, if one were to look at the manner in which each handles electronic data, he would say that Ghana is not ready at all. In his view, Ghana’s “cyber-security awareness is far below the minimum threshold.”

Secondly, Ghana needs to look at standardization of ICT products. For example, mobile money sector is on the increase. We need as a country to be asking whether we have mechanisms to test the system before it is deployed. In this area, Antwi-Boasiako believes Ghana would also be marked low, as much more can be done.

Third, there is the issue of cyber-legislation, or what he calls “Cyber-hygiene”. These are issues he says are currently being discussed at the UN level. Antwi-Boasiako explains that, Ghana is one of the few countries with data protection. Ghana has an Electronic Transactions Act (2008); and Anti-Money Laundering legislation. However, he adds, these legislations are not themselves cyber-crime legislation. There is a Computer Misuse Act, but none in Ghana. Nigeria, he continues, has a Cyber-Security Bill (2015), and Ghana’s Evidence Act was passed in 1960 – long before personal computers.

For the Forensic Expert, handling electronic evidence needs an unambiguous law to deal with it. The laws passed recently have their own challenges. The big issue is that the legislation needs to be reviewed to be in line with contemporary trends, where e-evidence “becomes part of criminal proceedings.”

Ghanaians, for example, use smart phones, which mean evidence is in the electronic domain. Ghana, he avers, needs to empower law enforcement so that we get to the stage where we can use electronic evidence “to convict people for murder; narcotics; human trafficking; fraud; tax evasion; and terrorism.” For Antwi-Boasiako, the cyber-environment has become the “centre of gravity around current criminalities.”

Still on Ghana, he explains how Ghana is working on a National Cyber-Security Policy with the Ministry of Communications. However, it is still in Parliament. It ought to be the fundamental document that will guide all institutions in the country.

Another positive development for Ghana is the Computer Emergency Response Team (CERT), which he describes as a “cyber-NADMO”, or a cyber response to Ghana’s National Disaster Management Organisation (NADMO). For example, if there is a cyber-attack on Ghana’s e-sovereignty, CERT would help resolve the problem. Even then, it plays a preventative role by monitoring Ghana’s cyber-space to ensure such attacks do not happen in the first place.

State of Cyber-security at the ECOWAS/AU level

As far as the regional space is concerned, Mr.Antwi-Boasiako believes there “is no good news on ECOWAS.” The E-Crime Founder laments how in Geneva he asked a senior ECOWAS representative hoe far the region had gone on its Cyber-security work. To which the official lamented how it had stalled because of lack of funding. In 2011, Antwi-Boasiako maintains, the regional bloc signed up to a Directive against Cyber-Crime. He equally-laments how, while it is good to fight cyber-crime at the UN level, if ECOWAS can come together, “it would be useful.” For example, you could have someone living in Nigeria, and committing cyber-crime in Ghana, but being able to be tried in Ghana for prosecution if frameworks were implemented.

At the African Union level, the continental organisation has a Convention on Cyber-Crime. When one is in Europe, avers Antwi-Boasiako, one hears a lot about the so-called Budapest Convention on Cyber-Crime. According to him, it was announced the week of the interview that Senegal would be signing that international treaty, and Ghana is also to sign soon. Antwi-Boasiako worries that African Member States seem to be more receptive to the Budapest Convention than their own regional and continental initiatives, which suggests a lot more needs to be done at these two levels. He believes that, while it is good to have conventions like these, Africa’s institutions need to benefit from it.

Other international initiatives on Cyber-Security include the Council of Europe, which will help build capacity of selected West African delegates from ECOWAS countries 9-11 May in Senegal. At the UNCTAD level, the institution is helping ECOWAS member States harmonize their Cyber-laws, and help them get the countries’ legislation in line. Apart from initiatives by the UN Office on Drugs and Crime; and the US Justice Department, INTERPOL itself is also holding expert groupings and training programmes.

In Antwi-Boasiako’s view, ECOWAS needs to act with some urgency on building its capacity on Cyber-Security.

Pressed to explain why it has taken so long to implement strategies at the regional level, Antwi-Boasiako explained how it was important to put things into perspective: cyber-crime, in his view, “borders on security and national security.” Consequently, national security may not necessarily involve sharing intelligence openly with Nigerian counterparts. There are other dimensions including, the necessity of telcos coming on board, as well as the rest of the private sector.

He deduced that, ECOWAS may probably not have promoted private sector in Cyber-security, but without a shadow of a doubt, we need “more engagement so that you can bring all fragmented working groups into one pool so that” resources, expertise, and advisory services will be available. He believes this will facilitate intelligence-sharing as well.

The Way Forward on Cyber-Security in Ghana
In conclusion, it cannot be over-emphasized how much of a collective business Cyber-security remains. It is a multi-stakeholder eco-system that includes telcos; Internet Service Providers (ISPs); and even developers of systems. According to Antwi-Boasiako, each one has a responsibility to assume.

To this end, it is important Ghana pays attention to developing a Cyber-security culture, and equally-appreciates issues of Cyber-security that will eventually lead to specific actions. Our e-commerce sector is growing. We need to develop and build capacity to help detect and track the cashless environment, including anti-money laundering systems.

Finally, Ghana needs to invest in technology and policies in Cyber-security as the human factor remains the weakest link in Cyber-crime cases. By incorporating these recommendations into Ghana’s policy, we would, Antwi-Boasiako believes, be able to make a serious case in fighting cyber-crime.

The “Africa in Focus” Show is hosted by Emmanuel.K.Bensah Jr from 14h05 to 15h00 every Wednesday on RADIO XYZ93.1FM. Since May 2014, it has been offering compelling, cutting-edge content that seeks to demystify, educate, and unpack ECOWAS, AU, & South-South Cooperation around Africa’s integration. You can download all podcasts from . Follow the conversation on twitter on @africainfocus14, using #africainfocus. Contact Emmanuel on 0233.311.789/0268.687.653