The Internet Society and the African Union Commission unveiled a new set of Internet Infrastructure Security Guidelines for Africa during the African Internet Summit, taking place in Nairobi 30 May-2 June. The guidelines will help Africa create a more secure Internet infrastructure and are set to change the way African Union States approach cyber security preparedness.
The guidelines – the first of their kind in Africa – were developed by a multi-stakeholder group of African and global internet infrastructure security experts, and are the first step towards building a more secure Internet in Africa. They will help AU member states strengthen the security of their local Internet infrastructure through actions at a regional, national, ISP/operator and organizational level.
Africa’s cyber security environment faces a unique combination of challenges, including a lack of awareness of the risks involved in using technology. Kenya was ranked the 69th most vulnerable country (out of 127) in the 2015 Deloitte Global Threat Index. Some of the main reasons are: low awareness, underinvestment, talent shortage and overload of data.  Deloitte further estimates that Kenya lost $171 million to cybercrime in 2016.
“Africa has achieved major strides in developing its Internet Infrastructure in the past decade. However, the Internet won’t provide the aspired benefits unless we can trust it. We have seen from recent experiences that Africa is not immune from cyber-attacks and other security threats. These guidelines, developed in collaboration with the African Union Commission, will help African countries put in place the necessary measures to increase the security of their Internet infrastructure,” explained Dawit Bekele, Africa Regional Bureau Director for the Internet Society.
This document is launched at a time when the world feels the real and urgent need to build and reinforce structures aimed at tackling the growing cyber threat to the global digital economy. Governments, companies, network operators, universities and organizations across African Union member states are encouraged to take action to implement the Internet Infrastructure Security Guidelines.
“This is another timely milestone achievement given the new security challenges in cyberspace,” said Moctar Yeday, Head, Information Society Division, African Union. “The Commission of the African Union will continue its partnership with the Internet Society on a second set of guidelines addressing personal data protection in Africa,” he added.
According to ITU ICT Facts and Figures 2016, it is estimated that 25.1% of Africans are now online and despite lower Internet access rates vs. other regions in the world, there has been a sustained double-digit growth in Internet penetration over the past 10 years. This is due in large part to an increase of mobile Internet and in more affordable smart phones in the market and Africa’s young, technology-savvy population. However, to continue to improve access and connect the unconnected, people need to trust the Internet.
Symantec, a global leader in cyber security, observed 24 million malware incidents targeting Africa in 2016. As some malware incidents probably go unobserved, the real number of incidents may be much higher. In a 2013 report from Symantec, cybercrime was increasing at a faster rate in Africa than any other region.
As Internet penetration grows in Africa and more business takes place online, implementing security measures against malware incidents to protect Internet users becomes increasingly important.
Offering actions that are tailored to the African cyber security environment and solutions for an ever changing online landscape, the recommendations in the document launched today can play a key role in helping Africa respond to the kind of Internet attacks that recently paralyzed critical public and government services.