By Ajong Mbapndah L
After a highly successful stint as Ambassador of Benin to the USA, Omar Arouna has taken on a new challenge with zeal -cyber security. As Managing Partner at the US-Africa Cyber Security Group-USAFCG, Ambassador Arouna has taken the lead in raising awareness, and proposing solutions to African countries. The challenges are real, and the threats enormous,says Ambassador Arouna as he situates where Africa stands today in terms of cyber security. While countries like Mauritius, and Rwanda have made great strides, there are many other countries and businesses taking the threat for granted and the result is evident in a loss of circa $3.5 billion due to to cyber crimes in 2017 says Ambassador in an interview with PAV magazine.
For those who are not familiar what is cyber security, and should it be of interest to Africa?
Cybersecurity is the collection of technologies, processes, and practices that protect networked computer systems from unauthorized use or harm. Broadly speaking, cybersecurity topics can be subdivided into two complementary areas: cyber-attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber-attacks. Cybercrime has grown to more than $ 1 trillion a year in online fraud, identity theft and loss of intellectual property, affecting millions of people around the world, as well as countless businesses and governments in every country. Africa has 1.21 billion people and almost all African countries are about to grow over the next year. Technology adoption is also continuing to grow, with an exponential increase in the number of mobile owners, increasing use of social media, and the Internet of Things (IoT) quickly becoming a reality. This rapid economic growth is accompanied by a thriving e-commerce industry, which is expected to reach $ 75 billion by 2025. African financial institutions and governments have suffered a loss of $ 3.5 billion for Cybercrime in 2017. More than 95% of African businesses operate below the poverty line of cyber security.
When people hear about cyber security, people think of the west, how much of a threat is this to Africa?
Private sector businesses and organizations including their consumer base have become extremely vulnerable online. Digital economies are taking off throughout all the regions of Africa. Cybercrime has emerged and already taken advantage of mobile banking, online banking and financial services delivered regionally. Local support for cybersecurity across the region needs to be strengthened, and financial institutions in the region are demanding training, servicing, and consulting services in cybersecurity.
About 300 million users have been brought online since 2000 due to the liberalization of telecommunications markets across African countries and the increasingly widespread availability of mobile technologies. For Africa, the technology age is booming– and shows few signs of slowing. The rapid turnaround from being a continent essentially offline in 2000, with only 4.5 million Internet users, to this level of connectivity has left African leaders scrambling to implement adequate cybersecurity policies and regulations.
May we know some of the ways in which the threats of cyber security manifest themselves, or some of the most vulnerable sectors?
The most vulnerable sector is the financial sector. For example, the 2017 Wannacry attack forced companies around the world to shut down their systems to stop the spread of the malicious code. The attack “immobilized” banks, hospitals, and government agencies in dozens of countries, particularly hitting Kenya’s financial institutions. The Renault Tanger-Méditerranée automobile plant in Morocco closed for a full day, causing a loss of production of a thousand cars. Many other African companies may have been seriously impacted by the attack, but the extent is unknown due to failure to report these attacks to the national authorities in charge of computer security incident response.
The financial cost of cyberattacks for businesses has increased significantly over the years. African companies publish very few figures on cybercrime, but the highest estimated costs in 2013 stood at $47 million (26 billion FCFA) in Côte d’Ivoire and $27 million (15 billion FCFA) in Senegal. More recent figures on annual losses (2017) are estimated for Nigeria at $649 million, followed by Kenya at $210 million. And many sectors are concerned by these losses, with financial institutions, government, and e-commerce hitting the top three impacted industries in Africa.
How equipped and how serious are African governments in the fighting cyber security crimes?
In spite of the breathtaking growth of ICT use, the development of national cybersecurity legislation has been relatively stagnant in the region. Mauritius, which has legislation addressing cybercrime, e-commerce, data protection, and privacy as well as an established Computer Emergency Response Team (CERT), remains a distant outlier on the continent. Countries such as Chad, Guinea-Bissau, and Gabon, which have minimal-to-no legislation addressing cyber issues, are much more typical. The AU faces the challenge of developing a common continental cybersecurity policy, which requires not just the harmonization of legislation across several economic regions but also encouraging national policy development in a majority of member states. Attaining this level of political cohesiveness–in a regional organization that consistently faces criticism of ineffectiveness–is a steep hurdle to overcome.
On specific examples, may we know examples of what some countries are doing to keep staying safe from attacks?
Certification processes, like ISO/IEC 27001, released by the International Standard Organization (ISO), are useful resources for businesses seeking a baseline to address cybersecurity from a management system perspective. Some African organizations are taking cyber threats seriously; ISO has reported an increase of 73 percent of Information Security Management System certified companies within a year, from 129 in 2015 to 224 in 2016, with the majority in South Africa, Nigeria, and Morocco.
Mauritius is the top ranked country in the Africa region. It scores particularly high in the legal and the technical areas. The Botnet Tracking and Detection project allows Computer Emergency Response Team of Mauritius (CERT-MU) to proactively take measures to curtail threats on different networks within the country. Capacity building is another area where Mauritius does well. The government IT Security Unit has conducted 180 awareness sessions for some 2 000 civil servants in 32 government ministries and departments.
Rwanda, ranked second in Africa, scores high in the organizational pillar and has a standalone cybersecurity policy addressing both the public and private sector. It is also committed to develop a stronger cybersecurity industry to ensure a resilient cyber space.
Kenya, ranked third in the region, provides a good example of cooperation through its National Kenya Computer Incident Response Team Coordination Centre (National KECIRT/CC). The CIRT coordinates at national, regional and global levels with a range of actors. Nationally this includes ISPs and the financial and educational sectors; regionally it works with other CIRTs through the East African Communications Organization; and internationally it liaises with ITU, FIRST, and bi-laterally with the United States and Japan CIRTs among others.
Ambassador Arouna is managing partner at US-Africa cyber security group, what services are offered by your company?
USAFCG provides cybersecurity consulting services and delivers training programs for capacity building
We have partnered with cyber technologists specialized in the development and deployment of advanced cybersecurity solutions to strengthen our services. Our teams work with private and public sector organizations across Africa, and we understand the business, technology and legal policy aspects as requirements vary at the region, country, and local level.
- Coordination and Cooperation between public and private sector
- Engagement and Assessment
- Training and Exercise
- Technical Assistance
- Education and Toolkits
- Support Services
Cyber Hygiene e-Learning Course
We have partnered with the leader in Cyber Hygiene training,to deliver a state of the art interactive, engaging and effective tool consisting of a training module and two separate test modules to address human risk behaviour in cyberspace.
Cybersecurity Program for the Prevention and Fight against Cybercrime
Strengthening the cybersecurity management capacity of African government agencies. The objective is to establish an integrated, effective and modern national/regional system for the prevention and fight against cybercrime.
How have these services of USAFCG been of help to African countries and companies in need, any projects you have carried out in Africa?
But we have been building cybersecurity awareness to our potential clients in the public and private sector, helping them design the project that works for their context. We have been building the case to our African governments and private enterprises to plan to implement strategies to protect their clients, their data, and themselves from a cyberattack.
Given the regional context, this can be achieved by considering four key initiatives: implementing cyber resilience strategies, developing cybersecurity skills, protecting data integrity, and integrating cyber risk protection in the decision-making process throughout all levels of management. And that is why we created USAFCG, to be the catalyst to carry out those initiatives in Africa.
For the seasoned professional that you are, what is your current reading of ties between the USA and Africa, what changes has the trump African policy brought?
On Dec 6th, 2018 US National Security Advisor John Bolton unveiled the Trump administration’s new strategy for Africa. The strategy is focused on three priorities, all of which have long been advocated by foreign policy experts. These priorities include advancing U.S. trade across the region, continuing to combat terrorism, and making sure U.S. money for aid is used as most effectively that it can be. The new US Africa strategy premise is that a free, growing, and self-sufficient Africa is of the utmost importance to the United States’ national security interests—a belief that the Trump administration said previous administrations did not share.
The view of the Trump administration is that, “Great-power competitors—namely, China and Russia—are rapidly expanding their financial and political influence across Africa,”. “They are deliberately and aggressively targeting their investments in the region to gain a competitive advantage over the United States.” So American foreign policy makers in the pursue of the interests of the American people and American values are mainly refining they approach in regaining the loss ground on the continent. Things have changed between the US and Africa now Governance and Democracy are taking back seat to investment and trade.
It should not come as a surprise that some of your compatriots are intrigued by your plans, after a successful stint as ambassador and doing well in the corporate world, what next for Omar Arouna…any political ambitions?
Politics is something that is important to me and have always been in my mind…
* Interview originally published in March edition of Pan African Visions Magazine