Remarks By Comm. Minister Adebayo Shittu At Cybercrime Conference Abuja
I feel greatly honoured to be invited by the Senate Committee on ICT and Cybercrime to deliver a keynote address at the 2018 Cybersecurity Conference holding at the NAF Conference Centre with the theme: “Cybersecurity : The Implications of Disruptive Technologies on National Security and Economy”.
In recent years, cyber space has become a matter of global security concern. Large scale attacks, such as the one Europe faced sometimes ago, have evidenced the existence of a new layer to transnational interaction and modern conflict: cyber warfare.
The significance of cyberspace to the economic growth and security of our nation is no longer in doubt. Globally, most organizations are defining and aligning their roles to the cyberspace in order to continue to be relevant in their contents.
International treaties and cybercrime law shows that cyberspace is not simply a jungle where the strong do what they want and the weak suffer what they must. The law applies there just as it does elsewhere. Especially in times of tension and conflict, the law should not be silent.
Cyber conflict represents a rapidly changing strategic problem for nation states; and lacks an adequate policy framework to manage its implications. Cases such as Estonia, Saudi Arabia and Iran, or the most recent US presidential elections, have demonstrated that cyber-attacks can compromise critical services, damage economies, undermine the basic pillars of democratic states, and reach the consideration of formal state conflict.
Cyber space crosses multiple national, administrative and jurisdictional boundaries, and brings a wide array of non-state actors together, from commercial entities, individuals, cybercriminals, to terrorist groups; creating a terrain that blends all possible scopes of action.
Nevertheless, states remain the most powerful and active elements within cyberspace, and have effectively developed a new arena for international conflicts. This becomes clear through the use of cyber criminals by nation states to further their own interests.
Ladies and Gentlemen, to understand the singularity of cyber space and its role in interstate conflicts, one must evaluate its structure. This is due to the fact that the complexity inevitably embedded in the scope of cyber attacks emanates from the characteristics of the space itself.
Cyber conflicts occur and develop within technologies that were mainly designed for commercial transactions; created to favor independency, anonymity and worldwide interconnectivity.
For this space to be the context within which cyber conflict develops, reflects the sheer difficulty of establishing solutions or simply standardized responses to this issue.
Current state practices will determine to which extent cyber-attacks will be contemplated as acts of war, and with which severity they should trigger diplomatic or even military response.
NATO declarations have even suggested that cyber-attacks can trigger its collective security response clause. Thus, within the reality of an interconnected world, these limits may soon become one of the most delicate issues in conflict management.
Cyber warfare blurs the limitations and perceptions of what accounts for conflict itself, and may favor quick escalation. Hybrid conflicts, such as Ukraine; in which physical action and cyber warfare have colluded and combined, represent a new kind of threat altogether.
This reality is effectively already under way; conditioning relations between world powers, in a manner often not exposed to the general public. It is fundamental to address the reality of this issue in international dialogue platforms and discuss cyber actions openly as a global threat to peace and security, as well as establish dynamic response protocols that can curb escalation and regulate state reaction.
Ladies and Gentlemen, cyber conflict is no longer simply a rising phenomenon, but a new battlefield; one that, upcoming years will redefine the way in which states behave, cooperate, respond, and ultimately, wage war.
Today, there are available statistics to show that Africa is no doubt, in the throes of a technological revolution, leapfrogging computers in favour of Internet connections through mobile devices. In fact, a fifth of the continent of Africa is now said to have access to broadband connection, a figure predicted to triple in the next three years.
We are all witnesses to the fact that technology, boosted by mobile connectivity, is spreading like wildfire across the continent. The young, the old, virtually everyone in every remote home in Africa now has a mobile phone which they use to communicate with their loved ones, family members and business associates. Lives of ordinary Africans are undergoing changes as a result of technology represented by mobile phones and the Internet.
From what New Media platforms such as Facebook, WhatsApp, Twitter and their likes are doing, the technology disruptions in the financial sector, the revolution in the banking sector occasioned by mobile banking and cashless regime, the springing up of tech hubs and startup incubators across major cities, there seems to be a renaissance of a continent hitherto considered technologically marginalized. The internet has brought enormous benefit to humankind; however it has also extended the reach of malignant forces.
Cyber-attacks can disable critical infrastructure, while digital disinformation and manipulation can sow discord and conflict in free societies, and undermine the very institutions which sit at the heart of our democracies.
At the same time, we continue to face rapidly evolving threats from non-state actors. The threat to Nigeria from cyber terrorism and violent extremism remains high. The use by ISIS, the terrorist group, of cyber tools to build and influence its support base has been a major challenge globally.
I am particularly happy that this conference has been carefully planned to stimulate conversations towards helping organizations and agencies appreciate their enormous responsibilities in the digital space, and preparing them to adequately participate in ensuring that Nigeria’s security and economy are kept ahead of the raging dimensions of cyber-threats.
Transnational criminal networks have also become increasingly complex and sophisticated. Crypto-currencies are being used to pay for illicit goods and to fund terrorism. The dark net allows for horrific child exploitation as well as arms and drug dealing.
Governments all around the world are grappling with a security environment that has never been more complex or multi-layered.
Conflicts have always been a feature of the international system and states have devised means of dealing with them along the diplomacy-defence spectrum.
Today however, the international community is confronted with a special challenge regarding conflicts in a domain of an entirely new sort, one that has only existed for 15 years or so and is a human and not a natural creation, such as the land, sea and air.
This domain is the Internet, or more broadly cyberspace and constitutes an environment that possesses features significantly different from other realms of internationally regulated activity. It would be hard to exaggerate the importance of this environment for the functioning of global society and the high level of dependency that has developed on a cyberspace free from threat of deliberate damage or disruption from state actors.
It would also be difficult to overstate the rapidity of developments in this new realm. International cyber security diplomacy is an area of activity that barely existed a decade ago. The human made environment of cyberspace itself is but a generation old.
In addition to its rapid growth, the pattern of Internet usage has also changed considerably. Until recently the majority of Internet users were located in Europe and North America. Today the majority of Internet users live in the global south.
Developing countries have increased their share from 44% in 2006 to 82% in 2017. Asia itself has half of the world’s Internet users. The rate of increase in connectivity is incredible. Nigeria has approximately 90million Internet users in 2016.
The growth of the internet and the even more pervasive use of “smart phones” with some 4 billion users worldwide has transformed telecommunications and brought a myriad of benefits for the social, cultural, political and economic life of people everywhere. Of course there are, as with any technology, dark forces that will exploit the capabilities of that technology for malicious ends.
Cybercrime is a real and costly threat and it is not surprising that the initial steps to promote inter-state cooperation in cyberspace have been directed at joint efforts to combat cybercrime. Indeed the first and to this day the only international legal agreement dealing with cyber security is the 2001 Budapest Convention on Cybercrime that was initiated by the Council of Europe.
This treaty entered into force in 2004 and now has 42 states parties that have ratified it while another 11 states have signed the documents. The treaty has however been slow to attract support from states outside the members of the Council of Europe: from the Asia Pacific region, only Australia and Japan have ratified the treaty and in Africa, South Africa remains the only state to have ratified it.
This is not only an issue with developing countries; although Canada was an early signatory back in 2001, it still has not ratified the convention.
These difficulties with developing acceptable arrangements to foster state cooperation in cyberspace, even when it is non-state actors that are the sole objects of this cooperation, should alert us to the problems that await us if we look to constrain the conduct of states themselves.
The ICT Roadmap 2017 -2020 and Cybercrime Act 2015, commits Nigeria to an ambitious, proactive, strategic and diplomatic agenda to ensure the deployment, utilization of ICTs and safe and secure cyberspace.
In 1945, the issue of cyber security was not as it is today. While the challenges today are different from those of 1945, the duty of government remains the same. National security is the foundation on which our freedoms have been built and maintained. Keeping Nigerians safe, secure and free is our most fundamental responsibility.
We are building strong defence and resilient communities by leveraging on ICTs. We are introducing, for example, transparency scheme and counter-intelligence legislation with the ONSA to bolster our defences against foreign interference.
We shall continue to work with ONSA and the National Assembly to reinforce or build international norms to regulate adverse state behaviour, and we will continue to partner with NASS and ONSA to impose sanctions on those that undermine our interests and global security on the cyberspace. One of the most important principles underpinning the rules-based order is that nations must resolve their differences peacefully through negotiations.
Cyber is no doubt, the new frontier. Conflict is no longer restricted to the physical world, and cyber is opening up new opportunities for nation states to challenge one another. Cyber-related threats to Nigeria and our region are increasing in number, type and sophistication.
It would be recalled that on the 24th August 2017, President Muhammadu Buhari, GCFR issued a Presidential directive for implementation of the Policy framework and National Action Plan for preventing and countering violent extremism.
The Policy is aimed at mainstreaming peace building into national efforts in dealing with violent extremism. We are currently working with ONSA for safer and resilient communities. We are partnering with ONSA to ensure the full implementation of this policy framework and national action plan.
Nigeria, like all nations, is increasingly reliant on the internet in many aspects of our society and economy. We are building strong cyber defences. Nigeria can and will respond to, and deter cyber aggression, whatever the source and whatever the intent, including through an offensive cyber capability. However, our emphasis is on enabling effective regulation of the internet to keep it open, free and secure.
We will continue to partner with ONSA to build capacity to benefit from the internet, to secure it, and to engage with international rule-making. The cyber ecosystem has been weaponised and manipulated to devastating effect to undermine democratic processes, influence voting in elections and whip up tension and divisions between and among societal groups.
Over 300,000 cyber- attacks were recorded in one single day earlier this year all over the world.‘ ’Major international financial institutions have had their systems crippled for up to 48 hours after being targeted by criminals using Distributed Denial of Service (DDoS), among other methods.
These attacks threatened economic activities; added to that is the fact that personal data of millions of people were compromised by cyber criminals, who demanded the payment of ransom before hijacked data could be released.
Kidnapping, already a scourge in the Nigerian physical space, is also becoming a problem in the virtual realm as ‘cyber-kidnapping’ of encrypted data poses a clear and present danger to our economic viability.
The Federal Ministry of Communications in conjunction with the relevant stakeholders, is coming up with an essential and effective cyber-security management strategy based on existing legislative frameworks, while building on the work already being done by bodies like the Cybercrime Advisory Council.
In particular, the Ministry will work with ONSA and other private sector to remove the terrorist content from the internet, and to provide lawful, and reasonable access to information for national security purposes. Again, the law must apply equally online as it does offline as we cannot allow cyber terrorists to use ungoverned spaces online.
We will continue to work with NASS to improve counter terrorism legislation and enforcement – detect, disrupt and prevent terrorism funding – and to keep developing measures to detect individuals on the path to extremism.
Nigeria will lead with a strong voice in the international effort to prevent the proliferation and use of chemical and biological weapons. We must maintain and reinforce the ban on these weapons.
Nigeria’s security community works relentlessly to understand, anticipate, expose threats and respond to them so that Nigerians can safely go about their lives. Can the same be said about the cyberspace? We will keep building security cooperation with our partners to keep Nigeria safe, uphold agreed international rules, deter destabilizing behaviour by states or their proxies, and negotiate with others to settle differences.
The Ministry is collaborating with the National Identity Management Commission on the strategic roadmap for ID ecosystem for Nigeria: handling the entire cybersecurity component of the ecosystem and in particular the Personal Identifiable Information. The Ministry, in conjunction, will soon conduct a cybersecurity assessment of the ID ecosystem.
In doing so, we contribute to the work of other likeminded states to sustain and broaden international backing for that international rules-based order that is essential to the maintenance of the peace and security necessary for economic growth and advancement.
Concerned government would have to invest considerable political and diplomatic energy in any effort to forge a consensus around such norms. An intensification of bilateral cyber security consultations on the part of leading cyber powers, such as those underway between the U.S. and Russia and the more recently agreed upon working group between China and the U.S. will be a vital complement to multilateral efforts to develop agreed norms for state behavior in cyberspace.
These are exciting times. The digital revolution is proceeding at breakneck speed, bringing growth and prosperity to many. Just look at this country. The Nigeria digital gateway to Europe is now more important to our economy than Apapa’s Port, Tin can Island and Lagos International Airport combined. So, for Nigeria, bits and bytes outweigh Boeings and Ship. And it’s the same story for more and more countries.
But our digital dependency also leaves us vulnerable. To criminals who prey on our citizens and companies. To states that use cyber operations for espionage, disinformation campaigns and military gain. There are plenty of recent examples I could cite. Take the cyber attacks against the power grid in Australia and one of their eastern neighbours. They left entire cities and provinces literally ‘in the dark’.
Or take the attack that wiped computer drives at several government Ministries in a Middle Eastern country. Public services were severely disrupted. I shudder to think what would happen if the over 1,000,000 civil servants in the MDAs turned up to work tomorrow and found they couldn’t log into their accounts.
When attacks like these happen, a lot of technical questions get asked.
(i) What malicious software did the attackers use to gain entry into our systems?
(ii) What made our systems vulnerable to outside interference?
(iii) What action should we take to prevent such intrusions in the future?
And these are all important questions. But technical questions don’t deal with behaviour. To understand and change behaviour, we need to think about rules and laws, hence diplomacy comes to the fore.
The strategy describes where we need reinforcements to help us meet tomorrow’s threats. It aims to keep cyberspace free, open and safe by strengthening international cooperation and diplomacy.
The cyberspace we value and rely on needs protecting. The sooner we recognise cyber-attacks and disinformation, the better we can prevent harm. The strategy helps prepare possible diplomatic responses to such threats. Because cyberspace spans so many borders and involves so many private parties, we need to protect it by working together: with other countries, with the technical community, with companies, with nongovernmental organizations and with academics.
The last thing we need is an arms race in cyberspace. The Ministry, in conjunction with the ONSA, plans to launch a network for ‘cyber diplomats’, who will help to build trust so that Nigerians can agree on norms for online conduct.
Or consider attempts to influence the outcome of an election – remember, next year there will be national elections in Nigeria and other countries. We’ve already seen attempts to spread disinformation, with lies about some candidates.
But we mustn’t be naïve. Cyber operations against institutions, political parties and individuals underline why we need the international legal principles of sovereignty and non-intervention in the affairs of other states.
Today, cyber operations are becoming a weapon of choice. Matters of war and peace have entered the digital age.
Today, international relations are entering a time of increasing uncertainty. It won’t be another Cold War – the world is too interconnected for that. Nor will it be World War Three. We’re looking at something altogether different from what we’ve seen before. The digital revolution provides new ways to destabilise a country or to claim one’s place in the world order. Conflict will take on new, more hybrid and ambiguous forms.
Again, cyber operations are not simply a technical issue. The use of cyber operations by states is highly political. States can exercise power through them. How they do so is determined by their broader interests, their national strategies, and their assessment of the costs and benefits.
In short, this is about behaviour, not about the technology itself. The good news is: we can influence states’ behavior by:
(i) engaging in cyber diplomacy and digital conflict prevention.
(ii) promoting an international normative framework for regulating cyber operations.
Nigeria under President Muhammadu Buhari is poised to adopt cyber diplomacy to limit the threat that the Internet and the flow of information may pose to domestic stability and regime legitimacy; shape cyberspace to extend political and economic influence; and counter foreign advantages in cyberspace.
Like its efforts in more traditional areas of foreign policy, Nigerian cyber diplomacy will be rooted in noninterference in the internal affairs of the nations, equal participation, development assistance and capacity building and support for the United Nations and other multilateral institutions in collaboratively dissuading cyber attacks.
Cyber sovereignty may be at the center of our cyber diplomacy, but we will use it for technical standards to shape cyberspace for economic and political interests. It will also be part of our efforts to contain the risk of terrorism, consolidate our regional influence and manage our bilateral relationships with other important partners.
The rapidly changing nature of the cyberspace has brought about a situation where some state-sponsored attacks have allegedly occurred. It is currently theorized that the next front for future attritions will be the Cyberspace. Here nations in dispute can aim cyber-attacks at critical infrastructures of other nations, including their financial sectors and the military institutions of “enemy countries”.
The added threat of cyber espionage among other exploits has made the cyberspace a tricky place to operate, situations where businesses in competition steal the secrets of their rivals makes it rather interesting and more threatening.
Luckily, the world in coalition, is working hard to secure the cyberspace and make its use much safer for everyone. The Budapest Convention is one of the few initiatives geared towards binding nations together to develop a common basis for creating cyber laws to aid cross-border cooperation in the fight against cybercrimes. Nigeria has been invited to accede to the convention. We therefore have no option than to collaborate.
Another of such alliances is the 24/7 network, here law enforcement organization who are members, can request for support from other partners in combating cross-border cybercrime. Other partnerships within the ECOWAS sub-region and the AU exist as means to foster cyber diplomacy within Africa.
There exists a need to be involved in these diplomatic efforts, not only for the ease of law enforcement, but the ability to enable Nigeria learn how far others had gone in this fight against cybercrime and exchange notes on best practices.
In conclusion, we must therefore, learn to build synergy, strengthen the policy framework and agree on targets. We believe that these strategies and initiatives can be effectively achieved.
I wish to thank the Senate Committee for their foresight, leadership and commitment towards this noble course of working towards ensuring cyber safety for all and sundry.
I also thank the various development partners collaborating with them for commitments leading to the delivery of this event
Be assured that Federal Ministry of Communications and other MDAs will popularize, mainstream and support the Senate Committee in its most invaluable efforts. I urge the NASS to provide strategic coordination and synergy of efforts towards the successful implementation of this patriotic and nationalistic goal.
I look forward to an effective networking opportunity that this event presents as well as congratulate the organizers for a well put together program.
I thank you for your attention, and wish you fruitful deliberations.