Home / News I have a News Tip

Sophia Bekele: The AUCC Debate on Cybersecurity Needs to Involve All Stakeholders

The following interview was conducted by Michael Ouma for CIO East Africa.

The African Union's Convention on the Establishment of a Credible Legal Framework for Cyber Security in Africa (AUCC) — which seeks to intensify the fight against cybercrime across Africa in light of rising incidences of cybercrime — has been the focus of debate recently.

In view of this and to further shed light on online security issues in Africa, CIO East Africa sought the views of Ms Sophia Bekele, an internet security expert and international policy advisor over internet and ICT. Below are excerpts.

* * *

Sophia Bekele, Executive Director of DotConnectAfrica Trust1. As regards the state of online freedom in Africa, what are the major issues surrounding online freedom of expression in Africa? What is the best way to empower users to stay safe online while protecting their freedom of expression?

Technology-wise, Africa is still growing in the matters of online freedom. We can draw from several examples in recent past, most visibly in case of the Arab spring, where the national internet connectivity is cut off to suppress freedom of expression. Other governments have also put strict legislation and laws to minimize any activism. As use of online services increases in Africa which is definably the most promising technology destination globally, continued awareness, training and benchmarking by all players will be important.

2. In relation to internet security, data and privacy protection in Africa, what elements need to be put in place to ensure all Internet users (including citizens, companies, as well as governments) continue to have confidence in the Internet?

Existing legislations have to be understood and be coherent so that users are in touch with what they are exposed to when they use online services. Also technology has one constant, and that is exponential dynamism. In 2012 there was a great debate on changing the 1980's ITU International telecommunication regulations, this debate in Dubai changed how stakeholders ought to manage discussions.

Online privacy will continue to be a major factor of the internet resource, thus constant awareness and involvement of users in developing those clear cut legislations, do's and don'ts will be handy. The best way is to make sure users, service providers and government are aware of the acceptable boundaries that every stakeholder must respect.

3. How can African civil society organizations engage ICT policy processes to ensure that rights are not traded for security?

The best and winning formula is to just involve everybody in every step or development that is going on. Multistakeholder approach is very important so that everyone's contribution is factored in. The private sector is good at driving most of the development and governments remains as endorsers and facilitators. That way a thriving balance will be created. I just urge that inclusivity be that main ingredient.

4. What are your thoughts about the African Convention on Cybersecurity, what other proposals need to be included to improve the draft document?

The Africa Union Convention on cyber security is a developing case, thus definitely, it is going to the open space for further debate. I have had a chance to look at the draft and I think with further improvement, critique and careful analysis on clauses that touch especially on privacy and rights of users both offline and offline the legislation will be usable. Our organization DCA, perhaps an early pioneer in IG issues to Africa has put in its early comment recently directly to the AU, soon as it was available in public domain and we are happy that it was accepted well by the African civil society organizations who have embraced our views, and included it as part of a joint voices to the AU. Individual governments have to first off develop their own legislations so that this will be a complement of such legislations.

Africa is endowed with many cultures, economic regions that operate uniquely and therefore this is a debate that cannot be just concluded and accepted without involving all stake holders. Governments and especially the African Union have a chance to involve everybody in continental matters such as this convention development. Everyone has to be aware of the details of what they are signing to adopt.

5. What can African governments learn from the NSA surveillance and Snowden revelations?

2013 was indeed the year of many revelations and definitely the Snowden revelations surfaced and changed perceptions on internet governance. Data is big and the more you know the more powerful you are regarded. The NSA disclosure of classified information to private media organizations places dire implications for global Internet privacy. The United States of America was exposed as a country that practically spies on everybody in a most indiscriminate manner, including its own allies. I made a commentary for the 2013 Year End Review that DotConnectAfrica produces.

African governments are still a long way in accepting such technologies as open data. In my experience in the technology world and especially championing many efforts to bridge the digital divide, I have learned, there is still a need for proper awareness creations on data, use of ICT services to provide government services. African governments can prepare proper legislations and strategize on how to handle private data in a manner that is not intrusive to rights of its citizens. The backlash of the NSA revelations wouldn't be a good experience for any government.

All this emphasizes that internet governance should be a matter that is handled by many stakeholders to avoid giving the governments a monopoly of leadership in policy development.

6. What are the current technology trends and which cyber-security threats raise the greatest concern?

In the past networks and connectivity of stationary computers was the epitome of technology, then came laptops. Now we see the increased preference to powerful hand held devices, such as the tablets, phablets and smart phones have completely taken over. Currently, the trend is to provide services though Apps and mobile devices. Businesses and Individuals have to now concentrate on 'tech-on-the-go'. Social media seems to be increasingly driving these trends. In the coming future all these mobile services have to be synergized in a manner that supports advancement of entities. Some of the cyber security threats include rogue apps, phishing schemes and middleman attacks.

7. Your early career involved Internet Security and Audit. How are evolving Internet services and technologies, such as mobile and cloud computing services, affecting these security threats?

Internet and Cloud are broadening the range of devices and effectively points of weakness. This is balanced by more robust central services that have sufficient scale to justify investment in solutions to address these threats. The world of technology is always evolving, mobile devices are common place and definitely an increased use come with known security threats and those unprecedented threats as well. Cloud computing being a concept that involves an exponential number of computers connected through a real-time communication supports and complements the mobile technologies and other services.

Security threats are real, spanning from denial of service to exposure of private documents and contacts to the public have happened in the past year and are bound to increase, its only paramount that users and service providers are better prepared to mitigate these unavoidable risks. Therefore as one who spent a good years of my career in IS Security and Audit as you noted, and founding and spear-heading various technology start-ups that was the earliest champion of digital divide in Africa, I encourage that proactive approach will be the best method of combating threats, even as we strive and look forward to setting up the first domain registry in Africa.

Related topics: Cybersecurity, Internet Governance, Policy & Regulation


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks