African governments must adopt cybersecurity strategies to enable collaboration and trust between the security, civilian and private sector stakeholders
- Only 17 countries in Africa have completed a national cybersecurity strategy
- An estimated 6.2 million IP internet addresses were stolen from the Mauritius-based African Network Information Centre (AFRINIC), Africa’s non-profit regional internet numbers registry
- The stolen IPv4 addresses value stood at US$150 million, representing 5 per cent of all the IPv4 addresses in Africa
Cyber insecurity in Africa is posing threats and challenges, from espionage, cyberbullying, data breaching, damage, stealing and manipulation, computer viruses and denial of service among others.
The lack of a functioning agency to act on creating something as fundamental as protecting Africa’s IP addresses is a direct threat to the continent’s internet access, freedom, and information sovereignty.
To address these misgivings in the internet-enabled cyber world, African governments must adopt cybersecurity strategies to enable collaboration and trust between the security, civilian, and private sector stakeholders. One scenario among many where cyber insecurity has threatened the continent is the IP Address heist in Mauritius.
IP Address Heist in Mauritius
An estimated 6.2 million IP internet addresses were stolen from the Mauritius-based African Network Information Centre (AFRINIC), Africa’s non-profit regional internet numbers registry. In a still ongoing case, the stolen IPv4 addresses value stood at US$150 million, representing 5 per cent of all the IPv4 addresses in Africa.
IPv4 addresses are the building block of Internet traffic today, corresponding to individual devices and allowing them to connect to the Internet.
The “African IP Address Heist” was facilitated by Ernest Byaruhanga, the co-founder of AFRINIC, collaborating with a Hong Kong-based billionaire.
The AFRINIC incident is one of several cyber insecurity events occurring in Africa, indicating a tendency of African governments to downplay cyber threats at the cost of the continent’s economic and national security.
The United Nations’ International Telecommunication Union (ITU) reports that only 17 countries in Africa have completed a national cybersecurity strategy. Governments are the most important actor to manage cyber threats in Africa.
African Strategies to enhance cyber security
1. The African Union (AU) is working towards creating and implementing a continental cybersecurity strategy through its recently established Cyber Security Experts Group. The AU has formed the Africa Cyber Experts (ACE) Community, where they are partnering with the Global Forum on Cyber Expertise (GFCE) to support cyber capacity building.
2. In 2019, the Economic Community of West African States (ECOWAS) Commission partnered with the European Union (EU) to initiate the West African Response on Cybersecurity and Fight against Cybercrime (OCWAR-C) and adopted a Regional Cybersecurity and Cybercrime Strategy in the region.
3. The African Union Mechanism for Police Cooperation (AFRIPOL) created a Cybercrime Strategy 2020-2024 that seeks to enhance coordination, develop specialized police capacities, and harmonize legal and regulatory frameworks.
4. The African Union-sponsored Convention on Cyber Security and Personal Data Protection (the Malabo Convention) has fallen short because of inadequate national-level support.
One of the most common problems with security-oriented strategies across Africa is that they are not sufficiently inclusive.
Google’s attempts to enhance cybersecurity
Google users in Africa are increasing exponentially. According to Statcounter, Google takes up 96.55 per cent of all the people using search engines in the continent.
To protect their users against cybercrime, Google has announced that it is buying the prominent cybersecurity firm, Mandiant in a deal that values the business at US$5.4 billion.
The deal is expected to complete late this year, and it comes at a time when the Russian-Ukrainian war has aroused a lot of concerns about the rising cyber threats. Google will acquire Mandiant at US$23 a share to represent a 57 per cent premium to the firm’s share price.
Google beat Microsoft to the deal as the latter was rumoured to be eyeing the business to strengthen their own security needs.
Mandiant, which was drawn out of cybersecurity company FireEye in 2013 and sold to private-equity investors for US$1.2 billion, has created a reputation for intelligent analysis of hacking activities, including those of groups from China and Russia. The firm has also played a prominent role in unmasking several high-profile cyberattacks, including one on SolarWinds in 2020.
The business, led by Chief Executive Kevin Mandia, is a highly respected security leader.
Mandiant has over 600 consultants who help firms deal with multiple crises every year. It also has over 300 analysts who track hackers’ activities and flag emerging risks. Mandiant has developed a software-as-a-service platform that will integrate with Google Cloud’s online offerings and which helped the security company grow revenue last year by 21%, to $483 million.
The acquisition of Mandiant will help Google deal with cyber threats more efficiently, consequently discouraging the trend of cyber insecurity in Africa that is fast rising.