Friday, 22 November

Cybersecurity a shared responsibility – Bawumia

Technology
Dr Mahamudu Bawumia

Vice President Dr Mahamudu Bawumia has called on the private sector to support the public sector in creating awareness on the relevance of cybersecurity in the country.

Speaking at the official launch of the National Cyber Security Awareness Month (NCSAM) 2022, today, Monday, 3 October 2022 at the cedi conference centre, University of Ghana, Accra, on the theme: “Regulating Cybersecurity: A Public-Private Sector Collaborative Approach,” Dr Bawumia, said creating greater awareness of the Cybersecurity Act, 2020 (Act 1038) and building synergies among all relevant stakeholders to ensure compliance with them is absolutely critical.

He noted that the law and the relevance of cybersecurity regulations among children, the public, businesses and government, whilst highlighting the need for public-private sector cooperation must be paramount.

The awareness month, therefore, he noted was important to ensure that everyone is involved in cybersecurity activities to ensure a safer digital Ghana. 

Dr Bawumia noted that the government is not relenting in its efforts to crack down on cyber-criminal activities, “however, we all have a part to play for our collective security to ensure mutual benefits of the digital space to all users.”

He appealed to the public to relay relevant information to the appropriate authorities for cybercrime prevention and investigations. This he said includes issues that affect children.

“I am reliably informed that victims of child online abuses do not open-up to authorities for investigations and assistance, leaving abusers on the streets to continue their anti-social deeds. The National Computer Emergency Response Team (CERT) and the established sectoral CERTs are available for incident response and coordination, and I encourage businesses and government organisations to take advantage of them,” he noted.

The vice president added that “the Cybercrime/ Cybersecurity Incident Reporting Points of Contact is also available to the general public to report cybercrimes and to seek guidance.”

Ghanaians can call 292 freely and seek real time assistance on cybersecurity incidents and report same to the National CERT which operates within the Cyber Security Authority.

Dr Bawumia encouraged the public to utilise this contact as “we seek to promote preventive and cyber hygienic practices to protect our citizens and our digital assets.”

Read Dr Bawumia’s full speech below:

KEYNOTE ADDRESS BY THE VICE PRESIDENT, HIS EXCELLENCY DR. ALHAJI MAHAMUDU BAWUMIA, AT THE OFFICIAL LAUNCH OF THE NATIONAL CYBER SECURITY AWARENESS MONTH (NCSAM) 2022 ON OCTOBER 03, 2022 AT THE CEDI CONFERENCE CENTRE, UNIVERSITY OF GHANA, ACCRA

Hon. Minister for Communications and Digitalisation, Mrs. Ursula Owusu-Ekuful,

Hon., Minister for National Security, Mr Albert Kan Dapaah,

Hon. Minister for Information, Mr Kojo Oppong Nkrumah,

Members of the Parliamentary Select Committee on Communications and other Members of Parliament,

Members of the Governing Board of the Cyber Security Authority,

Ag. Director-General of the Cyber Security Authority, Dr. Albert Antwi-Boasiako,

Members of the Joint Cybersecurity Committee (JCC), 

Vice Chancellor of the University of Ghana, Professor Nana Aba Appiah Amfo,

Members of the Diplomatic Corps,

Media personnel,

Distinguished Guests,

Ladies and Gentlemen,

It is my pleasure to join you again to launch one of the most important national events in Ghana’s cybersecurity development, the National Cyber Security Awareness Month (NCSAM). In October 2018, I opened the National Cyber Security Awareness Month and launched the 5-year cybersecurity awareness programme dubbed “A Safer Digital Ghana,” an initiative of the then Ministry of Communications, which underpins Ghana’s cybersecurity awareness initiatives. Four years on, I must say that I am impressed with our achievements in cybersecurity development, leading to our progress on the Global Cybersecurity Index rating from 32.6% in 2017 to 86.69% in 2020 with respect to cybersecurity readiness. I thank the Minister for Communications and Digitalisation and her team, the Governing Board of the Cyber Security Authority, the Ag. Director-General and staff of the Cyber Security Authority, Members of the Joint Cybersecurity Committee, and all relevant stakeholders; including the private sector and international partners, for the commitment in achieving this feat. We, however, need to do more towards cybersecurity development as we step up our efforts to transform the economy through digitalisation.

Ladies and gentlemen, I note that the theme for this month-long event, is “Regulating Cybersecurity: A Public-Private Sector Collaborative Approach.” Cybersecurity development everywhere is a shared responsibility, and enhancing understanding of the provisions of the Cybersecurity Act, 2020 (Act 1038) and building synergies among all relevant stakeholders to ensure compliance with them is absolutely critical.  Creating greater awareness of the law and the relevance of cybersecurity regulations among Children, the Public, Businesses and Government, whilst highlighting the need for public-private sector cooperation must be paramount. This awareness month is therefore important to ensure that everyone is involved in cybersecurity activities to ensure a safer digital Ghana. 

Distinguished guests, in the era of the Fourth Industrial Revolution, new and emerging digital technologies and trends, such as Fifth Generation (5G) networks, Quantum Computing, Artificial Intelligence (AI), Cloud Computing, Mobile Web Services, Internet of Things (IoT) and Social Media, are radically changing the business landscape and reshaping the nature of work and business operations. Building a resilient digital ecosystem is therefore vital for national development. We need robust systems with relevant laws, directives, and guidelines to secure our digital ecosystem and we took a major step in this direction with the passage of Act 1038.

Ladies and gentlemen, the growing desire to accelerate inclusive growth through greater efficiency, transparency, and accountability in the delivery of public services has led to the implementation of national flagship digitialisation projects including Mobile Money Interoperability, the Digital Property Addressing System,  Universal QR Code Payment System (GhQR), National Identification System, the  Ghana.gov  payment infrastructure, the Paperless Port System, e-Justice System, e-Procurement  among others. The unique identification number for each citizen provides Ghana with a linked national database as the Ghana card is currently linked to Tax Identification Number, National Health Insurance Cards, Social Security and National Insurance Trust (SSNIT), Passports, and Sim Cards to provide seamless identification of all individuals and promote secure transactions.  The Digital Property Addressing System has also solved the problem of lack of functional address systems in the country by leveraging on GPS technology to implement a digital address system which captures every square inch of our land. We can now identify every person and every property in this country and very soon, it will be difficult for criminals to hide behind the anonymity of technology to defraud anyone.

Ladies and gentlemen, notwithstanding these strides, we are keenly aware that the dependence on digitalisation to transform our economy comes with increased risk of cyber threats and attacks. According to the World Economic Forum, cybercrime cost the world at least $6 trillion in 2021 and could lead to over $10 trillion in annual damages by 2025. Research by IBM also indicates that, it takes 280 days to find and contain the average cyberattack, while the average attack costs $3.86 million. There have been a number of attacks on critical infrastructures around the world; recently the Holiday Inn was hit by cyberattacks which disrupted its “booking channels and other applications”. Earlier in the year, SpiceJet reportedly faced ransomware attacks causing several flights to be either delayed or cancelled. Toyota Motor supplier, Denso, was also hacked and sensitive data stolen. These incidents are increasing and affect all sectors of society. These attacks do not only affect the named institutions; they have effects on employment, company finances, national investments and on individuals who interact or do business with affected institutions. These are just a few examples to emphasise the point that in our current digitalised and interconnected environment, a single cybersecurity incident can affect an entire organisation, a whole nation or the world at large. Therefore, it is critical to build a strong shield against cyber threats and incidents that could undermine our capacity to act and develop.

Ladies and gentlemen, the Government of Ghana is committed to putting in place the needed structures to deal with cybercrimes that keep arising as a result of increasing digital connectivity. That is why in 2017, we set up the National Cyber Security Secretariat, which, in three short years, has now evolved into the Cyber Security Authority following the passage of the Cybersecurity Act, 2020 (Act 1038).  I am delighted that the Authority has continued in efforts to develop cybersecurity in the country, and also, enhanced its awareness creation activities. As businesses and individuals, we must develop the needed cybersecurity consciousness to help mitigate cybercrimes, which according to statistics are caused by human actions in about 90% of the cases.

Ladies and gentlemen, Critical Information Infrastructure (CII) constitutes assets (real or virtual), networks, systems, processes, information, and functions that are so vital to the nation that their incapacity or destruction would have a devastating impact on national security, the economy, public health and/or safety. Thirteen (13) sectors of our economy have so far been designated as CII and these include: National Security and Intelligence, Banking and Finance, Information and Communication Technology (ICT), Energy, Transport, Water, Health, Government, Emergency Services, Food and Agriculture, Manufacturing, Mining and Education. A Directive for the Protection of Critical Information Infrastructures (CIIs) was launched by the Authority on October 1, 2021 to assist CII owners in registering with the Authority and guide them to protect their critical systems. I will urge all operators to familiarise themselves with the Directives and comply. I am reliably informed that from January 2023, all Critical Information Infrastructure Owners, whether in the private sector or public institutions, will be required to undergo mandatory compliance checks and audits to ensure the protection of Ghana’s critical systems. This audit and compliance actions will be in line with regulations aimed at reinforcing the resilience and response capacities of these institutions against cyber threats and incidents, as well as to ensuring a resilient, secure economy. This will help protect our critical systems from rising malicious cyber activities in the global landscape. They are also important to assess the adequacy and effectiveness of controls/measures put in place to meet the requirements of the law. Designated CII owners who fail to comply with the regulatory measures to protect our critical databases and systems will be sanctioned in accordance with the Cybersecurity Act.

The Ministry of Communications and Digitalisation is committed to the full enforcement of the Cybersecurity Act and from January 2023, no firm will operate a cybersecurity service in the country without a license granted by the Authority. We can no longer take chances to allow access to sensitive and critical data without the necessary legal and technical due process. There must be a way to ensure that the institutions and the people we engage to provide cybersecurity services meet the fit-for-purpose tests and can be held accountable for the services they provide. 

Distinguished guests, cooperation is one of the strategic imperatives in our National Cybersecurity Policy and Strategy. The Joint Cybersecurity Committee is enshrined in our law and has been duly inaugurated, I’m told. It comprises representatives from all sectors and agencies, both public and private, involved in cyber defence.  As cyberspace is borderless and interdependencies keep widening, Ghana is committed to improving collaboration not only at the domestic level but internationally in the fight against cybercrimes. I commend all international and local partners who have been instrumental in Ghana’s cybersecurity development so far. Our modest strides in cybersecurity development have been acknowledged and Ghana is increasingly being noted as a hub for training and capacity building for our sub region by the European Commission, World Bank and ECOWAS.  Several African countries have shown a commitment to work with Ghana as part of efforts to improve cybersecurity in our respective countries and on the continent at large and I am informed that, we have had teams from Sierra Leone, the Gambia and Niger amongst others, visiting us to learn from our modest but significant achievements in cybersecurity. In Ghana, we believe that we will go far when we walk together, and are committed to walking with you all. We believe that international cooperation is an indispensable tool in countering cybercrime.

Today, representatives from Rwanda and Mozambique are here to support the event and sign Memorandums of Understanding for cooperation with Ghana on cybersecurity matters. I welcome you all to Ghana. The MoUs will provide for joint capacity building exercises and training in the relevant areas through the sharing of expertise. It also entails exchange programmes for staff to promote capacity building and talent development in both countries and conduct of joint cybersecurity exercises. The countries involved will learn, share, and promote effective cybersecurity practices to ensure resilience and cyber readiness on both ends.

Distinguished guests, indeed no country can tackle the world’s current challenges alone: from wars and other conflicts, climate change, poverty, inequality, lack of respect for human rights,  food insecurity, unemployment –  the list is endless  and cybercrime ranks high up there. International cooperation is vital if we are to overcome these challenges.

Hon. Ministers, ladies and gentlemen, Government is not relenting in its efforts to crack down on cyber-criminal activities, however we all have a part to play for our collective security to ensure mutual benefits of the digital space to all users. I appeal to the public to relay relevant information to the appropriate authorities for cybercrime prevention and investigations. This includes issues that affect children. I am reliably informed that victims of child online abuses do not open-up to authorities for investigations and assistance, leaving abusers on the streets to continue their anti-social deeds. The National Computer Emergency Response Team (CERT) and the established sectoral CERTs are available for incident response and coordination, and I encourage businesses and government organisations to take advantage of them. The Cybercrime/ Cybersecurity Incident Reporting Points of Contact is also available to the general public to report cybercrimes and to seek guidance. I am reliably informed that, our citizens can call 292 freely and seek real time assistance on cybersecurity incidents and report same to the National CERT which operates within the Cyber Security Authority. I encourage the public to utilise this contact as we seek to promote preventive and cyber hygienic practices to protect our citizens and our digital assets.

Distinguished guests, in order to gain the full benefits of our digitalisation efforts, we must create a risk-aware cybersecurity culture. I have a lot of confidence in the work of the Cyber Security Authority in implementing its regulatory mandate and the government will ensure that the Authority is provided with the necessary resources to do its work. I urge all corporate bodies, faith based and civil society organisations and the media to collaborate with the Cyber Security Authority and get involved in the awareness creation and capacity building exercises in the month of October as we promote cybersecurity at the national level.

I hereby declare the 2022 National Cyber Security Awareness Month launched.

Thank you for your attention.

Source: Classfmonline.com