28 February 2017

Africa: Is Cyberspace the Latest Conflict Frontier On the African Continent?

Photo: Pixabay
Data is key to Africa's development.

In August 2012, terrorist group, Boko Haram, reportedly hacked into Nigeria's secret service and acquired private data on current and former personnel.

In April 2016, a group calling itself "Anonymous" was able to hack into the database of the Kenyan Ministry of Foreign Affairs and steal sensitive data.

More recently, a number of South African companies' systems were infiltrated by cyberattackers and data held for ransom. The firms included Johnny Bags food manufacturers, DSV Global and Gebers & Partners.

These incidents illustrate the risks that the use of cyberspace poses to the African continent in the 21st Century.

To counter these risks, Africa has rolled out several initiatives. These include the adoption of an African Union convention on cyber security and personal data protection and an initiative to harmonise and ICT policy in sub-Saharan Africa.

A number of countries have also taken initiatives at the local level to address cyber security threats. For example, Kenya has created the National Computer Incident Response Team Coordination Centre to offer technical services. Similarly, Ethiopia has created an agency to improve its cyber resilience.

But cyber security systems in both the private and the public sectors are still below average in many countries. A 2016 cyber security report, for example, shows that most Africa-based businesses and government online services have weak security features.

These low levels of security, combined with increasing connectivity, make Africa's cyberspace one of the most vulnerable to attack.

The new frontier of attack

Cyberspace is the latest domain within which human beings operate. The others are land, sea, airspace and outer space. Unlike the other domains, cyberspace has unique features that make it an attractive frontier of attack.

First, it's situated within the networks of computing devices that are now connected by the internet. Because the internet has global reach, attackers are able to roam cyberspace freely and attack computing systems in locations that would be impossible to access physically.

Second, no passport is required to enter the cyberspace. This makes it possible for attackers to mask their identity, impersonate others and cheat their way into protected systems.

Third, cyberspace facilitates communication between networked computing devices through electronic messages. This makes attacks speedier than conventional warfare.

Finally, cyberspace networks use a decentralised network architecture. This enables attackers to continue functioning even when one network router is blocked or disabled.

More importantly, with the growth in computing technology, essential services of most states are now integrated into the cyberspace networks. This makes the cyberspace a strategic medium of attack.

Cyberattacks on the rise

The United Nations describes cyber attacks as those involving illegal behaviour that targets the security of computer systems and the data processed by them. These take various forms that include;

Malware injection, which is the installation of malware (viruses, spyware, trojans or worms) into cyberspace with malicious intent.

Phishing, which is a request for data from what looks like a trusted source. The aim is to trick users into providing sensitive information, or clicking on a malicious link.

Hacking, which involves figuring out the password of a system's platform so as to gain access into the system.

Denial of Service, which involves flooding a system's network with traffic and spam data. The objective is to overload it and make it slow or unresponsive.

These cyber attacks happen through information exchange without physical contact between the attacker and the victim. So, at the individual level, direct physical harm is almost non-existent. The harm is mostly emotional, psychological and reputational. Of course, in some cases, cyberspace communications can result in actual physical harm. For example, a victim of cyber bullying may be pushed to commit suicide or a hacker may use the gained data to track a victim and commit rape or murder. But these cases are isolated and indirect.

But when the attacks are targeted at state or institutional systems, they have the potential to harm society in new and critical ways.

The attacks can, for example, corrupt electoral systems or derail automated trains. They could also bring down electric grids, collapse traffic control systems, scramble financial data, explode oil refineries, and cause aeroplanes to fly out of control.

The 2007 attack against Estonia, the 2016 attack on Ukraine's power grid and the recent claims of hacks of the US Democratic National Committee database, are illustrative of the devastating harm that a cyber attack can cause on modern society.

These realities of cyber attacks are especially stark in developing countries, like in Africa, where the technology and skills necessary to fend off such attacks are lacking.

Securing the cyberspace

Given the importance that the cyberspace network plays in the life of modern African society, the imperative of securing this domain cannot be gainsaid.

The International Telecommunications Union estimates that one in five Africans is now connected to cyberspace.

An overview by the United Nations also reveals that the supply of essential services in many African countries now relies on the cyberspace network.

However, a survey of 21 African countries conducted by UN Economic Commission for Africa found that while many countries had proposed legislation, the level of deployment of security systems to combat cyber crime was low.

One practical way of countering cyber attacks is to ring the vulnerable systems with a protective firewall. This would also entail the use of end-to-end encryption to ensure that data is always protected.

It is also imperative that the users of computing devices be educated on the need to only use licensed operating systems, to create strong passwords, and to ignore suspicious messages and links.

Legislation should also be in place to identify and criminalise harmful cyber behaviour and to assign responsibilities to the various cyberspace actors including cyberspace intermediaries like internet service providers.

Disclosure statement

Ken Obura does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond the academic appointment above.


Record 68 Million People Worldwide Displaced in 2017 - UN

The United Nations refugee agency says a record 68.5 million people around the world were forced to flee their homes… Read more »

See What Everyone is Watching

Copyright © 2017 The Conversation. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 800 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.