Aug 18, 2021–Written by Divine Sufor Anye, Phd. The world has never been as connected or as digital as it is today. From personal devices to complicated industrial systems, digitization is now all around us. Wherever you look, the world seems to be taking on a digital dimension. But where does Africa stand in this rapidly digitizing world? Read this book to get the answer.
Get it on Amazon: https://www.amazon.com/Digital-Transformation-Innovation-Countries-Africa/dp/B099BV5ZBD
ANALYSIS featured on AllAfrica.com 3 June 2019
By Ambassador Omar Arouna
The digital divide in Africa is real: Three-quarters of the people on the continent do not have sufficient access to the internet – or have no access at all. This has an impact on everyone and in every component of society, from health to economic well-being to education. The priority solution requires a combination of continent-wide high-speed access combined with low prices, available through the surety of satellite connectivity.
On June 3 rd, 4 th and 5 th , 2019 the East African Communications Organizations* (EACO) is gathering in Dar Es Salaam. Regional experts, national ICT regulators, operators, services providers (in the telecommunication, broadcasting and postal sub-sectors) ICT training institutions, and other stakeholders in the communication sector from Burundi, Kenya, Rwanda, Tanzania and Uganda will iron out a common agenda in preparation of the 2019 World Radio Communication Conference. Necessary revisions to Radio Regulations, the international treaty governing the use of the radio-frequency spectrum and the geostationary-satellite and non-geostationary-satellite orbits, will be examined for the region. Basically, these experts are major players, and the regulations they promote will have a critical impact in bridging the digital divide on the Continent.
It is now well understood and accepted that bridging the digital divide in Africa is paramount to the continent’s development and it underpins many, if not all of the UN sustainable development goals. Speaking plainly, if we don’t overcome the challenges posed by restricted internet connectivity in Africa, we might never appropriately address the poverty, inequality, climate, environmental degradation, peace, and justice issues on the continent.
If African lawmakers and regulators are serious about tackling the issue of digital inclusion and effective promotion of digital equity on the continent; there must be an unprecedented push in the direction of affordable high-speed satellite broadband access everywhere on the continent. Because satellite broadband can connect anyone to everything — and do it anywhere — regional experts at the East Africa Communication Organization must address and protect use of satellite services to continue and expand using critical 28 GHz and its paired 18 GHz spectrum.
Affordable high-speed satellite broadband is the most transformative technology of our time, and it is not only an opportunity equalizer, but also an economic imperative.
According to leading global experts on the question, a single 28/18 GHz band satellite can serve 1/3 of the Earth. The wide coverage provides all communities within a satellite’s footprint access to service. Coupled with easy to deploy user terminals, this means that consumers and businesses have near-instant access to fast, affordable broadband anywhere. 28/18 GHz satellite-powered Wi-Fi can connect people living in urban and rural centers and villages all over Africa — 100% coverage.
What does that mean?
92% increase in the rate of GDP growth
44 million additional jobs
30% decrease in extreme poverty
Preserving the 28 GHz and 18 GHz spectrum bands for satellite connectivity has many beneficial implications across the continent:
Health: Millions of lives will be saved — and many more millions impacted positively — through improvements to general health through access to telehealth resources if there is available and affordable high-speed satellite broadband access. Satellite broadband is the most effective and efficient way to use connectivity to overcome rural health shortages — extending expertise to where it is most needed and delivering critical care wherever the doctor and patient are physically located.
Economic development: The unemployed can search for and apply for jobs once unknown to them. Workers can develop new skills for better paying jobs. Local shops can reach global markets. For every percent increase in the number of internet users in Africa, there is a boost in exports of 4.3 percentage points. The impact on sustainable agriculture is substantial — farmers can use satellite broadband access to plan for short-term weather and market changes, along with applying new techniques, helping boost yields by 67%.
Education: When satellite broadband connects underserved and rural communities in Africa, students can use the same educational resources as a child in the most affluent community. In total, 240 million more children can get access to resources through remote learning. 37 million young people require technical or vocational training – facilitated through broadband access – to find employment. E-learning will dramatically increase the availability of college-level courses beyond the 10% of students currently enrolled.
Financial inclusion: 57% of adult sub-Saharan Africans don’t have access to financial tools that allow for banking, small-business growth, investments and the ability to deal with unexpected emergencies. Local businesses can have more access to digital banking tools like the Mpesa and more.
This week, policymakers have to play their part in extending broadband access and take a decisive step forward in bridging the digital divide on the continent during the WRC-19 preparatory meeting. These leaders must support the continued deployment and development of satellite services in the 28 GHz and 18 GHz spectrum.
Satellites’ access to critical spectrum required to deliver on its enormous potential in Africa is in jeopardy, unless policymakers preserve the 28 GHz and 18 GHz spectrum used by satellite broadband to have its impact. The 5G industry has more than 33 GHz of other spectrum where it can operate, but the satellite industry can deliver its new affordable services only within 3.5GHz of spectrum comprised of the 28 GHz and 18 GHz spectrum. So, there is enough spectrum for both 5G and satellite to fulfill their different missions in separate and different spectrum.
The hope is that beyond the forum in Dar Es Salaam, the rest of Africa will equally see merit in the myriad of benefits that will eventually accrue from sustained satellite connectivity in the 28 GHz and 18 GHz spectrum.
Omar Arouna is the former Ambassador of the Republic of Benin to the United States of America and the Managing Partner of the US-Africa Cybersecurity Group, an effective Catalyst for the harmonization of cybersecurity policies and the implementation of practical solutions in Africa. Technologist, Diplomat and International Relations Expert Ambassador Arouna earned an MBA from the George Washington University of Washington DC. A strong advocate for Africa’s digitalization, Ambassador Arouna is a recognized expert on private sector investment in Africa, government relations, and U.S. Africa relations. He served in the Washington, D.C., Mayor’s Commission on African Affairs. Ambassador Arouna speaks and lectures regularly on African development, corporate investment, and U.S.- Africa relations and has appeared as an expert source in top media outlets, He has worked in and traveled throughout Africa and has served on the board and advisory committees of several national and international organizations.
Source: https://allafrica.com/stories/201906030963.html
May 29, 2018, Washington, DC–Ambassador Omar Arouna, Managing Partner of US-Africa Cybersecurity Group, has appointed Priscilla Mutembwa as Vice President, Cybersecurity Policy and Development.
Further to the appointment, Ambassador Arouna commented: “I’m delighted that Priscilla Mutembwa is joining the Group. Over the past years she has done an outstanding job in various capacity on the African continent. Her work as a member of the ITU Focus Group on Digital Financial Services for Financial Inclusion and her keen interest in the security issues surrounding mobile money in Africa will be essential to our growth.”
Priscilla Mutembwa holds a Master of Business Administration from University of the Witwatersrand Johannesburg. She is currently enrolled in a Master in Cybersecurity, Management and Policy from University of Maryland University College. Before joining US-Africa Cybersecurity Group, she has held various management and financial roles at Unicef, British American Tobacco, Zimbabwe Allied Banking Group and Cargill. In 2006 she was appointed CEO at Cargill in Zimbabwe for seven years. Priscilla Mutembwa was named the 2011 CIMA Businesswoman of the Year.
In 2015 she joined the Corporate Council on Africa as Director ICT. She was responsible for the development and implementation of the ICT program of the association and was a member of the ITU Focus Group on Digital Financial Services for Financial Inclusion and developed interest in the security issues surrounding mobile money in Africa. She currently is a Commissioner on the Judicial Services Commission of Zimbabwe.
Her career has spanned 33 years, across 3 continents and now seeking to develop and implement cybersecurity policies and procedures in Africa.
May 15, 2018–NATO Communications and Information Agency Agency Announces Winners of Third Annual Defence Innovation Challenge.
US-Africa Cybersecurity Group strategic partner “CybExer Technologies has been awarded this highly coveted award in recognition of its revolutionary data visualisation tool only two years after the company’s inception. Additionally, CybExer Technologies was the only company in all of Northern and Eastern Europe to win in any category; other winning companies were based in the United States, Canada, the United Kingdom, Germany, Italy, and the Netherlands. In total, NATO recognized ten companies whose state-of-the-art technologies are deemed to be a significant contribution to the Alliance’s trainings, operations, and communications and network solutions.
NATO’s Communication and Information Agency awarded CybExer Technologies for its ISA (Integrated Scoring and Awareness for Cyber Ranges) solution which grants unprecedented visualisation, documentation, and monitoring capabilities.”
“CybExer solution fulfils the three most important requirements – instant, detailed, and comprehensible. With this approach, we can render all different factors in these complex exercises – team strategies, defence and attack, failure and success – instantaneously comprehensible, traceable and easy to judge. That way, the progress and organisation of exercises can be made significantly more dynamic and operational than what we’re used to. CybExer solution is scalable and thus perfectly suited for large-scale exercises, irrespective of the number of participants, regardless of their location across the world. For the first time, we can create one shared environment consisting of different global exercises that all happen simultaneously. Most importantly: ISA makes these seemingly complex cyber exercises understandable to top business executives and other laymen whose ability to quickly judge situations and make quick, meaningful decisions has become increasingly crucial in today’s environment where cyberattacks happen on a daily basis.”
Full Article from NCI: https://www.ncia.nato.int/NewsRoom/Pages/180430_NCI-Agency-Announces-Winners-of-Third-Annual-Defence-Innovation-Challenge.aspx
CybExer Technologies: https://cybexer.com/
Apr 3, 2018, Washington, DC–Frank Welffens, Managing Partner at USAFCG, joined the Washington Forum at Voice of America in Washington, DC, and participated in the discussion on information security and Facebook in light of Cambridge Analytica’s scandal.
Source: https://www.voaafrique.com/a/4323744.html
Discussion Topic: Panic winds at Facebook, following the revelations of data use of millions of users by the company Cambridge Analytica to influence the last US presidential election. And in Africa, how can Facebook influence political processes?
Washington Forum: 30 minutes of African, American and international news. Economy, politics, health, religion, sports, science, multimedia: our experts answer your questions live, via Live Remote, Skype, and telephone from Dakar to Johannesburg, via Cairo, New York, Paris and London . This broadcast is broadcast live by satellite for TV stations and radio partners of the VOA in French-speaking Africa.
Washington, DC, 30 March 2018: Voice of America Washington Forum’s host Raissa Girondin discusses Facebook and Cambridge Analytica’s scandal and the potential impact on social media use in Africa with Frank Welffens, Managing Partner, USAFCG.
Jan 31, 2018 by Ambassador Omar Arouna–Cyber hygiene is the establishment and maintenance of an individual’s daily routines, occasional checks and general behaviors required to maintain a user’s online “health” (security).
Cyber hygiene is linked to cyber security. Poor cyber hygiene will adversely affect an organization’s cyber security and, conversely, strong (or weak) cyber security policies and procedures may improve (or lower) an individual’s cyber hygiene.
A cyber resilient organization is one that has robust cyber security policies and systems, and whose members have good cyber hygiene. The absence of either (low organizational cyber security or poor personal cyber hygiene) will adversely affect an organization’s cyber resilience.
The US-Africa Cybersecurity Group LLC has partnered with a world class leader in cyber hygiene to offer Cyber Hygiene e-Learning Course to Africa-based corporations, organizations and governments.
Our concept is based on the notion that human risk behavior management in cyberspace is a continuous process in which trainees and instructors alike need to learn and adapt.
Our Cyber Hygiene e-Learning Course is an interactive, engaging and effective tool consisting of a training module and two separate test modules to address human risk behavior in cyberspace. Our Cyber Hygiene e-Learning Course targets three categories of staff members (managers, regular users and specialists) and addresses specific concerns and threats associated with each of these groups.
Our course can also serve as an effective risk-mapping tool because it collects feedback from the participants as they react to the issues they face. Based on these reactions, the tool is highlighting the risk areas of each participant.
The results can be further aggregated to teams and whole organizations. The goal of such analysis is to facilitate the implementation of security policies, decision-making and effective risk mitigation.
Jan 22, 2018, by Ambassador Omar Arouna–When Estonia started building its information society about two decades ago, there was no digital data being collected about its citizens. The general population did not have the internet or even devices with which to use it. Sound familiar?
It took great courage to invest in IT solutions and take the information technology route. WHAT ARE WE DOING IN AFRICA to learn about the best e-solutions that have led to Estonia becoming one of the world’s most developed digital societies.
Our visit to President Kersti Kaljulaid of Estonia in January 2018 and the briefing at the NATO Cooperative Cyber Defense Centre of Excellence was an eye opener and Africa needs to take note from that playbook to meet the new challenges of the digital world.
USAFCG Managing Partner, Ambassador Omar Arouna in Estonia in January 2018.
Financial Sector
Private sector businesses and organizations including their consumer base have become extremely vulnerable online. Digital economies are taking off throughout all the regions of Africa. Cybercrime has emerged and already taken advantage of mobile banking, online banking and financial services delivered regionally. Local support for cybersecurity across the region needs to be strengthened, and financial institutions in the region are demanding training, servicing, and consulting services in cybersecurity.
Public and Private Sectors
Government institutions and agencies in Africa have adopted more technology into their operations and services. The lack of adequate knowledge and expertise to deal with security threats is apparent. Both government and private sectors need to invest in sustained training and education informing and providing tools to consumer base and the population at large of the potential threats to their use of the internet and cyber space.
They also need to build frameworks and guidance on how to reach these goals. The private sector seems to take the lead in tackling and preparing to respond to cyber security threats, but much focused and coordinated action with governments and regulatory bodies remains to be taken to the next levels. Both public and private sectors in Africa are still reactionary for the majority of cases, mainly investing in after falling victim to cyber-crimes.
Energy Sector
The energy sector is increasingly becoming a target for cyber threats, and therefore vulnerable to potential cyber attacks. Risks in Africa are growing due to an ever increasing in populations and demand for access and connections to power grids and utilities. Foreign direct investment in Africa requires stability and security in power supply and infrastructure, which needs to be upgraded with new technologies.
Cyber attacks compromise strategic targets in the power and energy sectors. These threats and attacks have the ability to cause significant disruption to power and utility supplies, which are connected to vulnerable networks. It is important for energy companies to assess and participate in cybersecurity training and information sharing, both among private sector entities and between the private sector and the government.
Governments in Africa are in the process of developing national cybersecurity legislation establishing standards and requirements to enhance the security of critical power and energy infrastructure. It is essential that organisations operating critical power and energy infrastructure integrate cybersecurity training in their operations, technology, business process and human resources.
Jan 10, 2018–As companies embrace technologies such as the Internet of Things, big data, cloud, and mobility, security must be more than an afterthought. But in the digital era, the focus needs to shift from securing network perimeters to safeguarding data spread across systems, devices, and the cloud.
by MIT Technology Review Custom
January 23, 2017
Technologies such as big data analytics, the Internet of Things (IoT), blockchain, and mobile computing are reinventing the way companies handle everything from decision making to customer service. The automation of virtually all business processes and the increasing digital connectedness of the entire value chain create agility, but they also significantly raise cybersecurity risks and threat levels.
The key to addressing those risks and threats is building security into applications, as well as into interconnected devices, right from the start.
Running IT systems in the cloud supports organizational flexibility. To that end, companies are increasingly moving both data and business functions (e.g., human resources and procurement) between the cloud and on-premises legacy systems.
But as companies embark on their journeys of digital transformation, they must make cybersecurity a top priority, says Michael Golz, CIO, SAP Americas. “We have to maintain confidentiality, integrity, and availability of data in all these contexts: on premises, in the cloud, and in hybrid environments,” Golz says.
Both the value and the volume of data have never been higher, and end points are more vulnerable than ever. That’s especially the case with the IoT, which is still in its infancy. As the IoT is extended to everything from industrial equipment to consumer devices, attacks are growing not just in number, but also in sophistication. Next-generation devices are now deployed in potentially vulnerable environments such as vehicles, hospitals, and energy plants, vastly increasing the risks to human welfare. Concerns about such devices being hacked, turned into botnets, and used to attack targeted computers and organizations are growing as well.
“Any vulnerabilities in the supply chain now have a wildfire effect that results in millions of dollars being lost and trust being destroyed on impact,” says Justin Somaini, global CSO, SAP. “It used to take a while to exploit these weaknesses. Nowadays, it’s very fast and the damage is immediate.”
With the stakes so high, senior IT leaders, including both CIOs and CSOs, need to adopt a more proactive approach to securing critical data. Forensic analysis of what went wrong after a breach won’t be enough to save lives—or C-level careers.
Focusing on Both Applications and Data
Cybersecurity professionals are accustomed to securing access to their networks and applications. But digital transformation leads to an explosion of connected environments where perimeter protection is no longer enough. Attackers and other malicious individuals will continue to compromise weak links, resulting in deep access to companies’ networks, systems, and data.
In a digital world, the classic, contained enterprise network no longer exists. For that reason, security must be embedded into all applications as the first line of defense, Somaini says. To achieve that level of security, SAP favors the “security by default” approach, in which an application’s embedded security controls are, by default, set at the highest levels of protection. “The idea is to build in security, rather than asking users to opt in,” he says. That’s one of the hallmarks of being more proactive in securing data: protection is the default posture.
So-called “self-defending apps” are another example of proactive security. This active-protection technique provides applications with advanced access-control capabilities, allowing them to react to malicious source-code modifications and debugging at runtime. Encryption of all data in transit is another core tenet of preemptive cybersecurity, according to Somaini. SAP HANA, for example, features encryption services for data both at rest and in flight.
Among the most important factors for heading off insider threats are two-factor authentication (which verifies a user’s identity via two different methods) and role-based access controls (which limit the user’s access to data by job role), Golz says. “The insider threat is very real. There are a lot of data breaches today by people who have a legitimate authorization that is too broad. They get to see more than they are entitled to. Two-factor authentication dramatically increases the security of the communications.”
Bringing Two Worlds Together
The cybersecurity issues raised by digital transformation are driving the need for a better understanding between the organization’s cybersecurity professionals and those who provide application security. “Traditionally, those groups don’t speak the same language and don’t understand what the other side is doing,” Golz says.
Today, responsibility for cybersecurity is generally shared by the application team, which tends to focus on hardening and securing enterprise applications, and the cybersecurity professionals, who handle aspects such as access controls and firewalls. “Those are different roles, and they use different technologies and terms,” Golz says. Going forward, with the focus shifting from traditional network-perimeter security to securing application data, those two worlds need to join forces to prevent issues from falling through the cracks, he adds.
Digital transformation makes it essential that the cybersecurity and IT teams find a common understanding, a shared terminology, and a unified approach to securing applications and data. “Systems are being opened in ways that they weren’t before,” Golz explains. “There is more direct connectivity with suppliers, partners, customers, and consumers. There are tighter connections between a company’s Web presence and back-end systems. The seamless process flows mean more things can go wrong.”
When it comes to digitally transforming a company’s business, cybersecurity must be part of that conversation from the start. As a case in point, many companies now sell software along with their products. For example, a large industrial vendor such as GE today provides not just the equipment used in production environments but also subscription-based monitoring and maintenance services to ensure that equipment does not experience an unexpected outage. “That means all the challenges and requirements a software company faces now apply to you. The way you protect the data is paramount. It’s a whole set of new challenges,” Golz says.
As one of the top providers of business-critical applications, SAP will continue to build security into the heart of its applications and to secure cloud operations to protect content and transactions, Golz says. “We are working to help customers define, plan, and execute measures for their secure digital transformation.”
Source: MIT Technology Review Custom https://www.technologyreview.com/s/603426/cybersecurity-in-the-age-of-digital-transformation/
Oct 30, 2017–Half a billion US dollars – that’s how much cyber-related incidents now cost organizations in Nigeria each year. The figures for many other African countries are similarly high, estimated at $50 million for Uganda and $250 million in Kenya. But even these figures are likely to understate the problem; most African countries don’t record such losses in a formalized, mandatory manner and most organizations don’t report any potential or actual losses to authorities.
Regulation and legislation related to information security and data protection also continue to lag behind other parts of the world. As such, while cyber security is considered an emerging threat in Africa, a lot more work is required in understanding the threat to organizations in specific countries and sectors.
In Control Risks’ conversations with clients, senior executives acknowledge that cyber risk is at the top of their agenda. However, according to African respondents in Control Risks’ latest ‘Cyber Security Landscape’ report, 62% do not have any cyber crisis management plan in place to help them respond to a breach (compared with 40% in Europe & Middle East and 31% in Asia).
This suggests that the threat of a breach remains abstract for many senior executives who have not yet worked out in detail how their organization would deal with one. Additionally, for most organizations in Africa, cyber risk is still primarily the responsibility of IT staff, who struggle to get buy-in from senior management for investment in cyber crisis planning.
Our survey also found that 62% of African respondents say their plans do not cover what their third parties need to do if they suffer a cyber breach. This is despite the fact that most organizations depend on third parties (such as web hosting and IT service providers, as well as clients) to operate their businesses and are connected to them in many ways – offering cyber threat actors potential points of entry to their own systems.
We spoke to a number of organizations in Africa who indicated that the third party risk is largely covered by their contracts with those third parties. A few organizations indicated that they also carry out independent reviews of third parties, which we encourage all organizations to do on a regular basis. One organization also indicated that they require their third party partners to obtain cyber insurance before they allow them to access the organization’s network. As the recent WannaCry ransomware attacks proved, cyber breaches are global in nature; Africa isn’t immune, with reports of attempted and successful attacks in more than 10 African countries. These types of attacks should also lead organizations to treat cyber threats as a matter for the whole business, rather than just the IT department. This means the board should set the right information security culture and risk appetite for the organization, which should then translate into actionable plans for senior management, led by the CEO.
Planning for a cyber crisis should also be the responsibility of senior management rather than just IT. Such planning should involve the whole organization and start with understanding the key threats an organization faces, and the key assets needed to continue operations in the event of a breach.
Source: Control Risks. We are an independent, global risk consultancy specializing in helping organizations manage political, integrity and security risks in complex and hostile environments. We provide strategic consultancy, expert analysis and in-depth investigations, handling sensitive political issues and providing practical on-the-ground protection and support. Visit us at www.controlrisks.com or follow us on Twitter @Control_Risks.
Patrick Matu is an Associate Director for East Africa at Control Risks, the leading international risk consultancy. He is based in the Nairobi office.
The statements made and views expressed are solely the responsibility of the author.
Jul 20, 2017–The Global Cybersecurity Index (GCI) is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness.
The second edition of the Global Cybersecurity Index 2017, released by the International Telecommunications Union (ITU), an agency of the United Nations, measured the commitment of ITU Member States to cybersecurity and highlighted a number of illustrative practices from around the world.
The GCI revolves around the ITU Global Cybersecurity Agenda (GCA) and its five pillars (legal, technical, organizational, capacity building and cooperation).
The data collected shows that developing countries lack well-trained cybersecurity experts as well as a thorough appreciation and the necessary education on cybersecurity issues for law enforcement, and continued challenges in the judiciary and legislative branches.
According to the report, the 2017 publication of the GCI continues to show the commitment to cybersecurity of countries around the world. The overall picture shows improvement and strengthening of all five elements of the cybersecurity agenda in various countries in all regions. However, there is space for further improvement in cooperation at all levels, capacity building and organizational measures. As well, the gap in the level of cybersecurity engagement between different regions is still present and visible. The level of development of the different pillars varies from country to country in the regions, and while commitment in Europe remains very high in the legal and technical fields in particular, the challenging situation in the Africa and Americas regions shows the need for continued engagement and support.
In addition to providing the GCI score, this report also provides a set of illustrative practices that give insight into the achievements of certain countries.
Source: http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx
