Author: Adam Motiwala
Affiliated organization: The Kofi Annan International Peacekeeping Training Centre (KAIPTC)
Type of publication: Brief policy
Date of publication: February 2017
The Issues
The threats of cyber crime and cyber terrorism are no longer the exclusive concern of developed countries. In fact, the United Nations has noted that developing countries are at a higher risk than developed countries of being the target of coordinated cyber attacks.5 Historically, cyber crimes in Ghana have taken a rudimentary form of internet fraud targeting gullible foreigners, known locally as sakawa or “419”.
These crimes traditionally involved credit card and advanced fee fraud, and capitalized on the vulnerabilities and gullibility of internet users. More recently however, cyber crimes have evolved into considerably more complex and sophisticated enterprises, targeting wealthier and more valuable victims inside and outside of Ghana.
Ghana has had prolonged experiences with the effects of cyber crimes. A 2013 report by the US Federal Bureau of Investigation (FBI) ranked Ghana as the second largest source of cyber fraud and financial scams in Africa. As early as 2010, Ghanaian small and medium-size enterprises reportedly suffered frequent cyber attacks and Ghanaian banks have more recently become the target of hacking. More frighteningly, many cyber attacks go undisclosed, as companies fear that revealing such vulnerabilities would cripple their popular image and undermine profits.
These cyber crimes – both originating from and targeting Ghanaian netizens – have serious implications for the Ghanaian economy. A report by CyberSource Corp, a US payment processor, found that in 2008 over half of US merchants who accepted international orders refused to process purchases from Ghana, citing fraud concerns. Continued perceptions of the insecurity of Ghanaian transactions will hinder key aspects of economic activity, particularly the growth of local credit and payment systems.
The financial burden of a large cyber attack could also have a crippling impact on the public sector. A cyber attack targeting Ghanaian oil production, for example, could compromise the existing infrastructure and undo a $600 million investment made with IMF loan money.
Moreover, cyber attacks present a threat not only to the economy, but also to fundamental national security. Recent years have seen the increasing sophistication of cyber criminals, shifting focus from the theft of financial information towards business espionage and accessing government information. Insurgent groups are also starting to develop the capacity for sophisticated cyber attacks.
For example, Boko Haram recently made clear its cyber expertise when it hacked into the Nigerian government’s secret service database. Similarly, Western intelligence agencies are increasingly expressing fear of a sophisticated cyber attack by the Islamic State. For Ghana, these are not simply theoretical concerns. In January 2015, the main government website was taken over by a rogue group of Turkish hackers that blocked access to official information, underscoring in dramatic fashion the need for a more modern approach to cyber security. A future cyber attack could bring the Ghanaian military to its knees.
The Role of Law and the Current State in Ghana
A thorough and strongly enforced legal framework is critical for combating cyber crime. Given the transnational nature of these crimes, however, national laws that fail to consider international standards tend to prove myopic and thoroughly inadequate. Moreover, the reality is that many legal systems have not yet developed a modern approach for dealing with cyber crime.
Instead, they rely on traditional common law offenses to prosecute the cyber offense counterpart. This poses considerable problems as 19th century laws were focused more on physical objects and did not address intangibles, such as data or information.
More importantly, the government has made little headway in articulating a coherent strategy for dealing with most cyber crimes or future threats. The government has not developed an official cyber security strategy and has yet to create a framework for meeting international standards on cyber security. Indeed, not a single government agency has been certified under international standards. Furthermore, there are no recognized partnership agreements for sharing cyber security assets either between government agencies, or between the public and private sector.
Subscribe to the Budapest Convention on Cybercrime and begin the process of harmonizing laws with the rest of the international community. The Convention on Cybercrime is, to date, the most comprehensive and effective global treaty on cyber crime. Working with treaty members to harmonize laws—that is, promulgating similar though not necessarily identical laws—is necessary in order to remove Ghana from the potential or actual group of criminal safe havens and facilitate global evidence collection efforts
Nevertheless, some progress has been made through regional institutions in passing legal frameworks for dealing with cyber crime. ECOWAS passed a Draft Directive on Fighting Cybercrime in 2009 while the African Union adopted its own convention in 2014. Yet, to date, no African nation has ratified the AU convention and neither framework goes far enough or includes the requisite mechanisms for addressing the challenges faced by Ghana.
Recommendations
Ghana can take several measures to better equip itself to deal with cyber crime:
- Subscribe to the Budapest Convention on Cybercrime and begin the process of harmonizing laws with the rest of the international community. The Convention on Cybercrime is, to date, the most comprehensive and effective global treaty on cyber crime. Working with treaty members to harmonize laws—that is, promulgating similar though not necessarily identical laws—is necessary in order to remove Ghana from the potential or actual group of criminal safe havens and facilitate global evidence collection efforts.
Moreover, the institutional knowledge provided by the convention could prove useful as Ghana embarks on large-scale reforms. However, avoid the Additional Protocols on Xenophobia as they create unnecessary and problematic issues with free speech and human rights, and have been challenged by several of the treaty’s members.
- Establish a central agency devoted to researching, articulating and coordinating cyber security policies. The new agency should develop a framework for implementing internationally recognized cyber security standards, conduct frequent benchmarking of the development of cyber security measures and consider establishing an accreditation process for certifying the preparedness of public and private organizations. Furthermore, there should be more efforts to coordinate and share cyber security assets between government agencies.
- Work with regional and international actors, including the US Department of State and Department of Justice, and the New Partnership for African Development, in capacity building to allow Ghana to bolster its cyber security capabilities. These institutions have been specifically tasked with helping countries close capacity gaps and meet international standards.29 While the Ghanaian Police Service has been working closely with domestic consultants in improving its infrastructure, more can be done by the Ghanaian government with international collaboration to minimize vulnerabilities.
- Create best practices guidelines in cooperation with the private sector to help Ghanaian industry deal with future criminal activities. This should include a streamlined, fully confidential pipeline of communication between government and business that allows the latter to report suspected criminal attacks without compromising the corporation’s reputation, media image or financial interests.
The priority should be on complete discretion and minimizing disruptions, so that private actors do not have a strong disincentive to report potential cyber attacks. The Ghanaian government can look to similar guidelines published by foreign law enforcements agencies, such as the US Department of Justice.
Conclusion
The meteoric rise of information technologies in Ghana is contributing to economic growth and modernization. These changing conditions, however, necessitate a comprehensive reassessment of existing threats and technological vulnerabilities. Developing a thorough framework for dealing with current and future cyber security issues is integral to the economic vitality and national security of Ghana. While progress towards this objective has been made both domestically and regionally, current efforts have proven woefully inadequate. If Ghana is to realize its potential as the “Black Star of Africa,” it must swiftly adapt to a changing world.
Les Wathinotes sont des extraits de publications choisies par WATHI et conformes aux documents originaux. Les rapports utilisés pour l’élaboration des Wathinotes sont sélectionnés par WATHI compte tenu de leur pertinence par rapport au contexte du pays. Toutes les Wathinotes renvoient aux publications originales et intégrales qui ne sont pas hébergées par le site de WATHI, et sont destinées à promouvoir la lecture de ces documents, fruit du travail de recherche d’universitaires et d’experts.