Ghana’s Cyber Security Advisor Says the Country is Preparing for the Opportunities and Threats of a Digital World
Since 2017, Dr. Albert Antwi-Boasiako has served as the national cyber security advisor to the government of Ghana. He is also the founder of e-Crime Bureau, a pan-African cyber security and digital forensics company. E-Crime Bureau has worked with police, military, and private and public institutions across the continent. It formed the first cyber security and digital forensics lab in West Africa. This interview has been edited to fit this format.
ADF: In your current role as national cyber security advisor, you’re helping to shape Ghana’s cyber security policy. What are the biggest threats facing Ghana in this realm?
Antwi-Boasiako: My fear is a cyber attack targeting critical national information infrastructure. That is the most difficult issue. It’s what keeps me thinking, what denies me sleep — an attack that would undermine our critical information systems. In Ghana, cyber fraud, impersonation, identity theft and business fraud are quite prevalent. However, those things, you live with them. They are reported, and some kind of response is deployed. But what really could undermine our developing country [is a different type of attack]. I’m making this point because the government has what is called a “Ghana Beyond Aid” agenda. This is a framework and policy direction of the government, and there is a huge element of digitalization. The government wants to develop through digitalization. A lot of initiatives have been deployed. We have the paperless ports, so ports, customs services, imports, exports are done through an online platform. The government is also rolling out a national identification system across the country. We just launched an E-Justice system in which the administration of justice is being delivered electronically. We have launched a national property addressing system. All these are what I call “government digitalization initiatives,” and together with the critical national information infrastructure, they constitute a significant sector of our economy. The fear of a cyber attack is that it would impact national security, and it would erode the trust that we are building in terms of cyber security.
ADF: What sector is most targeted?
Antwi-Boasiako: We have experienced a number of attacks targeting critical national information infrastructure in the financial sector. Indeed, more than 70 percent of the attacks that we have experienced are financially motivated. Systems are being compromised; attempts are made to remove money from customers’ accounts. The government has taken the initiative in establishing security systems in the Bank of Ghana to address the issue. A new finance cyber security directive has been introduced to ensure the financial institutions scale up their cyber security efforts. These measures are being rolled out across the critical national information infrastructure sectors, and that is a direct response to the fear that our critical information resources could be a target of a cyber attack.
ADF: Ghana has become a regional and continental leader in cyber security. The country is launching a National Cyber Security Centre. What role will this center play in improving cyber security?
Antwi-Boasiako: Cyber crime is a cross-cutting issue. It’s a multidimensional problem. Consequently, you have different agencies, both public and private, whose role or mandate relate to cyber security. In addressing a problem of this nature, you need to establish a central point of contact. So the National Cyber Security Centre has been established to coordinate cyber security-related activity both in government and the private sector. Some of its key functions are incident response, awareness creation, engaging with Parliament, providing advice and developing best practices. In terms of operationalization, we are at a formative level. We’re not a startup anymore, but still formative. This means we have been able to recruit staff, and we are actively working on awareness creation. We are deploying technology to facilitate threat and cyber incident information-sharing that will bring in all the stakeholders. This means they will be able to report incidents but also receive threat information that the center will distribute.
ADF: Ghana’s Ministry of Communications is partnering with the Kofi Annan International Peacekeeping Training Centre to create a training laboratory for security professionals. How important do you believe it is for members of the military and police to be trained in cyber security? What role should the military play in cyber security?
Antwi-Boasiako: In terms of the national architecture of cyber security, the military is an important player. Essentially, we’re talking about cyber defense that must be integrated into the military training. It’s also important to appreciate that there is a paradigm shift, and the necessary actions must be taken to incorporate cyber defense in the curriculum, in the thinking, in the strategy and policy in the military environment. So e-Crime Bureau established a relationship with the Kofi Annan International Peacekeeping Training Centre. A lab has already been established, a 32-computer lab with technology, hacking tools, forensic tools and training programs. The training is at two levels: creating awareness among men and women in uniform as well as law enforcement officers to appreciate the dangers of cyber issues so that they can lead the military action in terms of capacity building and research and development. There have also been training programs to introduce military officers who are technical to be able to play around with cyber offensive and defensive tools, just to get insight into this new field. Any military, to be relevant, has to embrace this and develop. I think, in terms of the military cyber capability, they are developing phenomenally in our region, and my advice is for government to develop a defense strategy that effectively incorporates cyber security both in protecting the data, systems and the networks of the military, but also in preparing our Soldiers to protect and defend the country. Attacks are coming from outsiders who are aiming to really damage and bring our country down. The military has to have a role in terms of preventive measures and defensive measures.
ADF: Ghana is creating computer emergency response teams (CERTs) to respond to cyber incidents. What role will these CERTs play in protecting the country from cyber attacks and responding quickly in the event of an attack?
Antwi-Boasiako: The national CERT has been established within the National Cyber Security Centre. Ghana is operating a decentralized system of CERTs. Decentralized means you have identified certain critical sectors. The military is one sector, the financial sector is another, government, telecommunications, energy and academic environment. Each of those sectors is working on a CERT that operates in coordination with the national CERT. So, for example, we already have established the CERT for the telecommunications sector. The National Communications Authority, which is the regulator and has authority for the security of the critical systems in the telecommunications environment, oversees this. The financial sector has established a CERT to protect the devices and networks in the financial sector, and that also is linked with the national CERT. The national CERT has a wider coordinating role while the sectorial CERTs have a role in taking care of the systems, networks and data within their territory, their particular sector. This has worked overall, and we have had countries in West Africa that are coming to learn from the Ghana example.
ADF: Many countries, including some in West Africa, have limited resources. How should they prioritize cyber security?
Antwi-Boasiako: By my estimation, in the next 50 years, I don’t think the question of lack of resources or lack of finances will be a question of the past. It will still be part of the African story. Let’s take this approach: If we should wait until we get money to get results, we will never get there. It is a question of pragmatic intelligence. The question we need to ask is: Do we see our development linked to digitalization? How can African economies develop without going digital? It is an impossibility. We would actually be cut off from the global world. I think the argument that Ghana has made is that we don’t have an alternative to digitalization. The United Nations and the World Bank have estimated that it has the potential to transform our economy. E-commerce is creating jobs on the continent. So, for any forward-thinking African country, digitalization is key, and therefore measures must be taken to ensure that the investment in information and communications technology development is protected. The government of Ghana has resolved to establish a cyber security fund, because the nation’s cyber security development cannot be sustainable if it is underpinned by donor support. Our president wants to build “Ghana Beyond Aid,” and we need to be innovative. By the end of the year the government will establish a cyber security fund to develop the cyber security ecosystem. And I have advised to look at innovative ways to have the necessary funds to staff the criminal justice sector, the defense sector, the government sector, private sector, civil society. That way they can have those resilient cyber ecosystems so that our investment in digitalization can be protected.