Ghana’s Multistakeholder Strategy to Cyber Safety

Ghana's Joint Cybersecurity Committee

The inauguration of Ghana’s Joint Cybersecurity Committee. (Picture: Cyber Safety Authority)

The inauguration of Ghana’s Joint Cybersecurity Committee. As web penetration has exponentially grown, African nations have turn into extra uncovered to cyber-related threats. More and more organized malicious actors deploy more and more subtle types of malware that threaten crucial maritime and vitality infrastructure, trigger billions of {dollars} in annual losses, disrupt web entry, and steal delicate info from governments, politicians, businesspeople, residents, and activists throughout the continent. Most African nations have skilled at the least one publicly documented disinformation marketing campaign, a majority of that are sponsored by exterior actors.

Sadly, most African nations have but to determine foundational cybersecurity insurance policies to confront these threats. A majority have but to creator a nationwide cybersecurity technique, to arrange establishments able to responding to main cybersecurity incidents, or to outline an method to worldwide cooperation in our on-line world.

“Ghana has positioned a citizen-centric, multistakeholder method on the core of its efforts to handle the nation’s cybersecurity challenges.”

Ghana isn’t most African nations. It’s 1 of solely 12 nations in Africa to own each a nationwide cybersecurity technique and nationwide incident response capabilities. It’s also one in every of solely 4 to have ratified each the Budapest and Malabo Conventions, two main treaties aimed toward addressing the worldwide dimensions of cyber-related threats.

Simply as impressively, Ghana has positioned a citizen-centric, multistakeholder method on the core of its efforts to handle the nation’s cybersecurity challenges. Civilians are in management roles in shaping most features of cybersecurity coverage and technique, from defining interagency duties to creating incident response capabilities. Different nations throughout the continent have a lot to be taught from Ghana’s method, which has introduced super development in cyber capabilities, enabled Ghana to take motion to handle rising threats, and bolstered belief between the federal government and residents.

A Civilian-Led Strategy to Cyber Technique

In lots of nations the world over, a nationwide safety company serves as a rustic’s lead authority accountable for cybersecurity. Whereas safety sector involvement in cybersecurity is important, safety actors will not be sufficiently versatile to successfully steward a rustic’s info ecosystem. Moreover, it may be expensive, ineffective, and undermine belief between public, non-public, and civilian stakeholders.

The expertise of Ghana illustrates the deserves of a civilian-led method to cybersecurity technique and coverage. When he took workplace in 2017, President Nana Addo Dankwah Akufo-Addo inherited implementation of the 2015 Nationwide Cybersecurity Coverage and Technique (NCPS). Although Ghana’s Nationwide Safety and International Affairs Ministries sought accountability of the implementation of the NCPS, President Akufo-Addo chosen Ghana’s Ministry of Communication and appointed a Nationwide Cybersecurity Advisor throughout the ministry to function the nation’s high cybersecurity official. The choice was taken for a lot of causes:

  • Cybersecurity threats have been pervasive and concerned almost all residents within the nation
  • Perceived advantages to the nation’s Data, Communications, and Expertise sector from an improved cybersecurity posture
  • Drafting of the technique and coverage have been completed on the Ministry of Communications, inserting it in the very best place to steer implementation
  • Considerations {that a} cybersecurity infrastructure dominated by nationwide safety officers would scale back public belief and make interagency cooperation harder

Underneath the management of the Nationwide Cybersecurity Advisor, Ghana established a three-tiered governance construction with key civilian, safety sector, and nongovernmental stakeholders. First, a ministerial-level Nationwide Cybersecurity Council chaired by the Minister of Communications was established to take high-level cybersecurity selections.

The Nationwide Cybersecurity Council was supported by a Joint Cybersecurity Committee (JCC) that oversees the day-to-day implementation of Ghana’s nationwide cybersecurity technique. The JCC consists of each sub-ministerial-level authorities departments and companies, and suggested by nongovernmental actors, every with the authority to implement the implementation of the NCPS of their respective companies.

Lastly, a Nationwide Cyber Safety Centre (NCSC) was established to supervise and coordinate all day-to-day nationwide cybersecurity actions. Renamed the Cyber Safety Authority (CSA) in 2021, it homes Ghana’s Nationwide Pc Emergency Response Group (CERT-GH), serves as the federal government’s cyber risk intelligence nerve heart and helps coordinate the response to main cybersecurity incidents.

Ghana’s Three-Tiered Cyber Safety Governance Structure

Ghana Cyber Chart

These efforts have quickly constructed Ghana’s cybersecurity establishments by defining clear interagency roles and duties. Each horizontal and vertical traces of communication and accountability allow selections to be quickly taken at an applicable stage and by the suitable company.

Consequently, Ghana has emerged as a regional chief in cybersecurity. In simply 3 years, it moved up over 40 locations within the Worldwide Telecommunications Union’s International Cybersecurity Index, from 89th to forty third, making it 1 of solely 7 African nations within the high 50 locations (together with Mauritius, Egypt, Tanzania, Tunisia, Nigeria, and Morocco). It has additionally turn into actively concerned in strengthening cyber capability in neighboring nations, together with Sierra Leone and The Gambia.

Growing Main Incident Response Capabilities

Ghana’s civilian-led, inclusive method to cybersecurity has allowed the nation to quickly develop incident response capabilities. These capabilities are essential in serving to authorities, non-public sector, or civilian establishments determine malicious cyber threats and put together and recuperate from assaults.

Ghana’s incident response structure dates to 2014, with the institution of Ghana’s Nationwide Pc Emergency Response Group (CERT-GH) beneath the authority of the Ministry of Communications (now Ministry of Communications and Digitalisation). CERT-GH serves because the nation’s focus for laptop safety incident response. It possesses the potential to visualise Ghana’s cybersecurity risk panorama in real-time. It additionally operates an info sharing platform to share risk intelligence and response to safety incidents in coordination with worldwide, native, and personal sector stakeholders.

Ghana's Cyber Security Authority

Ghana’s Cyber Safety Authority received the 2022 Cybersecurity Regulator of the 12 months award on the Ghana Data Expertise and Telecom Awards.

Ghana has additionally stood up a strong community of CERTs on the sectoral stage. The sectoral stage CERTs draw on technical experience, area particular authorities, and shut relationships with the non-public sector to assist safe crucial infrastructure inside their sectors from cyberattacks. To this point, Ghana has established efficient sectoral stage CERTs within the banking, authorities, telecommunications, and nationwide safety sectors. These capabilities put Ghana far forward of most African nations. Solely 21 of Africa’s 54 nations have established the equal of a nationwide CERT and 9 have sectoral stage CERTs.

This sturdy incident response structure has helped enhance Ghana’s resilience to cyberattacks, significantly in susceptible sectors akin to banking. Amid rising cyberattacks in Ghana’s monetary sector, the Financial institution of Ghana’s CERT arrange a safety operations heart that enabled it to observe cybersecurity incidents in actual time and facilitate the sharing of risk info. In 2018, the Financial institution issued a Cyber and Data Safety Directive that inspired industrial banks to determine incident reporting mechanisms and dedicate human and bodily sources to enhance their cybersecurity posture. The Financial institution of Ghana and business representatives have attributed vital declines in cyber fraud, from 174 instances in 2018 to twenty-eight in 2020, to the passage of the Directive.

Leveraging Exterior Partnerships

Ghana has managed to construct its cybersecurity infrastructure comparatively shortly partially due to the exterior partnerships it has cast. These partnerships have been leveraged by the nation’s leaders to construct cyber capability in alignment with Ghana’s aims and pursuits.

Main nonprofit incident administration organizations, together with the Discussion board of Incident Response and Safety Groups (FIRST) and AfricaCERT, helped set up Ghana’s first CERT (CERT-GH) and enabled CERT members to obtain coaching and entry to world cyber risk monitoring networks. The intelligence obtained by means of participation in these networks enabled CERT-GH to determine and assist community operators recuperate from a number of vital cybersecurity incidents. Help Ghana obtained by means of the U.S. Safety Governance Initiative supported the drafting of Ghana’s nationwide cybersecurity technique and knowledgeable the event of Ghana’s sectoral CERTs. The World Financial institution helped present Ghana’s incident responders with state-of-the-art gear.

“Ghana’s expertise illustrates the diploma to which the event of nationwide cyber capability could be nurtured by means of savvy exterior partnerships.”

The Ministry of Communications requested that Oxford College carry out a cybersecurity capability maturity mannequin evaluation for Ghana in 2018. Following this evaluation, Ghana took steps to enhance casual and formal cooperation mechanisms to answer cybercrime and to coach judges and prosecutors on the way to deal with digital forensic proof. These enhancements allowed Ghana to accede to the European Union-sponsored Budapest Conference on Cybercrime in 2018 and to ratify the African Union-sponsored Malabo Conference in 2021. Ghana is just one of 4 African nations to have ratified each conventions, and its accession to those necessary treaties has helped solidify Ghana’s popularity as one of many continent’s cybersecurity leaders.

However Ghana’s accession to those treaties has completed way more than that. Each the Budapest and Malabo Conventions present ratifying states with a typical sequence of protocols, requirements, and procedures for offering authorized help, gathering and exchanging proof, and holding cybercriminals to account. In a world the place malicious actors primarily based in Lagos, Prague, or Moscow routinely assault networks in Accra, the accession of extra African nations to those necessary treaties shall be important to coordinate a response to globalized threats.

Ghana’s expertise illustrates the diploma to which the event of nationwide cyber capability could be nurtured by means of savvy exterior partnerships, and the way the event of nationwide cyber capability can, in flip, enhance world cyber resilience.

A Multistakeholder, Rights-Oriented Strategy to Cybersecurity

A closing good thing about civilian management is that Ghana has resisted the rising winds of digital authoritarianism. It ranks third amongst African nations when it comes to total web freedom. Furthermore, not like many nations throughout the continent, the federal government is constrained from censoring web content material, political group, or freedom of expression. This has enabled Ghana to construct cyber capability in a clear method that has helped reinforce belief between authorities and residents.

Civil society in Ghana has taken on the next profile position lately in guaranteeing authorities accountability and elevating consideration on cybersecurity. Nongovernmental organizations such because the Africa Cybersecurity and Digital Rights Organisation, the Media Basis for West Africa, and Little one On-line Africa have organized occasions, raised consciousness, and straight knowledgeable the event and implementation of Ghana’s nationwide cybersecurity technique and coverage. Ghana’s Cyber Safety Authority works carefully with civil society and personal sector establishments on campaigns throughout Ghana’s annual Nationwide Cyber Consciousness Month every October.

Opening of the Climax Week of Ghana's National Cyber Security Awareness Month of Ghana in 2019

Formal opening of the Climax Week of Ghana’s Nationwide Cyber Safety Consciousness Month of Ghana in 2019.
(Picture: Nationwide Cyber Safety Centre)

Ongoing vigilance shall be required. A Cybersecurity Act, handed by the legislature in 2020, offers safety forces surveillance powers and authorized authorities that fear some rights advocates. Making certain these considerations are mitigated will depend upon Ghana’s unbiased judiciary, a well-organized civil society, constitutional rights to freedom of expression and entry to info, and powerful knowledge safety legal guidelines.


Ghana nonetheless faces vital cyber-related challenges. Its nationwide cybersecurity insurance policies could be overly bold at occasions and fail to mirror realities on the bottom. For instance, solely 35 p.c of Ghana’s banks have totally complied with the Financial institution of Ghana’s Cyber and Data Safety Directive (largely due to onerous calls for that try and deliver Ghana’s banking sector in keeping with worldwide cybersecurity requirements). Whilst cybersecurity within the conventional banking sector has improved, new vulnerabilities have arisen within the mobile-banking sector, the place Ghana is amongst Africa’s leaders and regulators are struggling to catch up.

“[The case of Ghana] reveals that efforts to enhance cybersecurity don’t have to return on the expense of democracy.”

Cybersecurity authorities in Ghana might additionally do extra to benefit from improvements akin to nameless risk reporting techniques, that would foster additional belief between private and non-private sector authorities by enabling non-public sector entities to reveal incidents with much less reputational danger. They usually may additionally take further steps to make sure that authorities and safety sector actors stay clear and accountable at the same time as they search to advertise on-line belief and security.

However, Ghana has put itself in a wonderful place to restrict the dangers and harness the advantages of digitization. Ghana showcases how an inclusive method to cybersecurity can result in the event of sturdy, multisectoral cybersecurity establishments. It reveals how these establishments are each knowledgeable by and in the end serve to strengthen the flexibility of all nations to observe, forestall, and reply to cyberattacks. Maybe most significantly, it reveals that efforts to enhance cybersecurity don’t have to return on the expense of democracy.

Whereas cyber threats proceed to pose vital challenges to nationwide safety, Ghana has proven how a society-wide response can successfully deal with them.

Kenneth Adu-Amanfoh is the Chairman of the Africa Cyber Safety and Digital Rights Group. He beforehand served as Director of ICT and Cybersecurity for the Nationwide Communications Authority of Ghana the place he established a Cybersecurity Division and facilitated the event of Ghana’s Nationwide Cybersecurity Coverage and Technique.

Nate D.F. Allen is an Affiliate Professor for Safety Research for the Africa Middle for Strategic Research.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *