KEY NOTE ADDRESS FOR STAKEHOLDERS FORUM ON IDENTIFICATION OF CRITICAL NATIONAL INFORMATION INFRASTRUCTURE
By the National Security Adviser, General Babagana Munguno (Rtd) on 24 November 2016
Distinguished representatives of Ministries, Departments and Agencies, private sector stakeholders, our consulting partners, ladies and gentlemen,
Good Morning and thank you for honouring our invitation.
I am highly honoured for the privilege to deliver this Keynote address on the occasion of “Stakeholders Forum on Identification of Critical National Information Infrastructure”. This is a subject matter with major significance to our national security, economic prosperity and social wellbeing. That is why it is a thematic area in the Cybercrime (Prohibition, Prevention, etc) Act, 2015 and the National Cybersecurity Policy and Strategy. I believe every opportunity we have to discuss cybersecurity, particularly how to improve the resilience of our critical information infrastructure presents opportunities to synergise towards effectively managing the evolving threats, and unlimited potentials that abound in the cyberspace.
1. In today’s hyper-connected world, it is abundantly clear that we are increasingly becoming dependent on the Internet, its associated information networks and operating space, commonly referred to as the cyberspace. Currently, more than 45% of the world population are connected to the cyberspace, and this number is growing across the globe. In Nigeria, the number of Internet users has grown from less than a million in 2003 to over 80 million in 2016.
2. The growth in Internet utilisation brings with it ubiquitous relevance to our daily lives, and this extrapolate to all sectors of the nation’s economy. The Internet has not only revolutionised modern approach to governance but also transformed the way essential services are provided. As private and public organisations continuously migrate their operations and services online, modern industrial facilities and production systems are becoming increasingly connected to computer networks for their control and security. Therefore, the nation’s cyberspace has become a driving force for productivity and development.
3. Globally, there is a consensus that most of the critical infrastructure had common component; that is, they are dependent to a greater or lesser degree on information and computer networks. This dependency gave birth to the specialization of Critical Information Infrastructure Protection, leading to a broader concept of cybersecurity. The protection of Critical National Information Infrastructure is a national responsibility that is largely managed as a national security issue. Accordingly, the responsibility for identification, gazette, protection and audit, as well as developing policies and guidelines for managing Nigerian Critical Information Infrastructure has been assigned to ONSA. This provision is contained in Section 3 of the Cybercrime (Prohibition, Prevention, etc) Act, 2015.
4. The Act defined Critical National Information Infrastructure as “certain computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data and/or traffic data vital to this country that the incapacity or destruction of or interference with such system and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters”.
5. In other words, Critical National Information Infrastructure are those equipment essential for a nation to function, which may directly or indirectly be connected to computer networks. These includes computer networks controlling telecommunications, power generation and transmission, finance, oil and gas, water supply, transport, health, security and defence infrastructure. Revolution in ICT now translates to computerisation of these infrastructure using remote communication controls that are somehow connected to the Internet. Therefore, to ensure security of these vital assets, there is a global convergence of protection of critical infrastructure and protection of critical information infrastructure. Such convergence explains why we have representations from disparate sectors here today.
6. The pervasive application of the cyberspace means, in the future, nations would rely on computer networks to deliver some essential services. As the number of our critical infrastructure connected to these networks increases, so also the number of attack vectors proliferates. This situation has increased the vulnerability of our critical information infrastructure to attacks by criminals, non-state and state actors. Such attacks on a nation have the potential to ground economic, social and security activities. Recent trend include the use of malware to compromise the industrial control mechanism of supervisory control and data acquisition (SCADA) systems and targeted hacking of official computer networks for espionage. In other climes where these trends have manifested, the consequences are quite significant. This trend has become a growing source of concern for government and private sectors.
7. The inherently open architecture of the Internet and its associated information networks means that no single sector or agency can collect and analyse all threats to its cyberspace at all times. Therefore, the government as well as the public and private sectors and civil society must cooperate and collaborate. Collaboration requires all stakeholders to come together towards a detail identification of Nigerian critical information infrastructures; a requirement for recommending for a presidential order to gazette these national assets. Furthermore, all stakeholders are required to join hands in the follow on actions of classification and developing protection plan for these infrastructures. This will serve as foundation for integrating resilience and protection into a comprehensive risk management strategy.
8. Instructively, protection of these critical assets from emerging cyber threats requires a national effort aimed at strengthening our cybersecurity capabilities. Consequently, the present administration of President Muhammdu Buhari is determined on a comprehensive risk management strategy approach to protection of our critical national assets. This has been demonstrated in various steps taken by government. Amongst these steps include the Inauguration of the Cybercrime Advisory Council in April 2016 and the on-going implementation of the national cybersecurity policy and strategy. The reason we gather here today to initiate the process of identification of Critical National Information Infrastructure, is one of the series of government effort to ensure the security of Nigerian cyberspace. These efforts are not only vital for ensuring continuity and reliability of business operations, but also crucial to effective public service delivery and national security.
9. Ladies and gentlemen, in conclusion, as our critical information infrastructure continue to increasingly connect to computer networks; in the nearest future, nations would rely on these networks for essential service delivery. Thus, the protection of Nigerian Critical Information Infrastructure is a national security responsibility requiring government, public and private sector to collaborate. This is the essence of today’s Stakeholders Forum on the Identification of Critical National Information.
10. Looking forward, to make this national assignment a success, I urge you to approach the identification process with open mind as I wish you successful deliberations. Please permit me to reiterate the commitment of ONSA in cooperating with all stakeholders in ensuring cybersecurity in Nigeria. This area is very important to national security, particularly the fight against cybercrimes and terrorism, which are important in making the Nigerian cyberspace and indeed the global cyberspace a safe and secure place to operate. Thank you and God bless!
The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. This act also ensures the protection of critical national information infrastructure, and promotes cybersecurity and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights. Download PDFNational Cybersecurity Strategy
Nigerian's Cybersecurity Strategy Download PDFNational Cybersecurity Policy
Nigeria National Cybersecurity Policy Download PDF