Cybersecurity and e-Government systems in Africa: Growing number of cyberattacks

Challenge Description

As governments largely rely on e-governance platforms to deliver services to citizens as well as perform internal operations, they are becoming vulnerable to data leakages and disruption. In recent years, the number of cyberattacks on e-governance platforms has largely increased, which makes safeguarding the systems paramount in order to ensure the reliability and effectiveness of e-governance platforms.

The Grand Ethiopian Renaissance Dam (GERD) Incident

One of the most alarming cyber threats was directed at Ethiopia’s Grand Ethiopian Renaissance Dam (GERD). Malicious attempts to access the IT and OT systems of the dam, with the potential to disrupt its operations or even cause flooding by emptying reservoirs, have been reported. This poses not only a national security concern but also risks exacerbating international tensions surrounding the dam. Egypt-based hacking groups were suspected of orchestrating the first attack in June 2020, while the sponsor of the subsequent attack in May 2022 remains undisclosed.

Nigeria’s #EndSARS Cyberattacks

In the wake of the #EndSARS protests against police brutality and corruption in Nigeria, government websites and social media accounts were targeted by cyberattacks. Hackers left critical messages condemning the government’s governance and police brutality. The Nigeria Computer Society (NCS) warned that these cyberattacks posed a significant threat to Nigeria’s economy, highlighting the urgent need for government intervention to bolster cybersecurity measures.

South Africa’s Transnet SOC Ltd Cyberattack

South Africa experienced a crippling cyberattack on Transnet SOC Ltd, a major railway, port, and pipeline company. The attack disrupted port terminals nationwide, forcing manual recording of ship movements and causing the company’s website to go offline. This incident underscores the economic implications of cyberattacks and the need for robust cybersecurity infrastructure.

Widespread Cyberattacks Across the Continent

Cyberattacks targeting government structures are ubiquitous. In 2022-2023, the Bank of Zambia, certain Ugandese ministries, and government institutions in Ethiopia and Senegal fell victim to cybercriminals. Ethiopia reported a significant cyberattack on the African Union system, jeopardizing the annual summit of heads of state. Additionally, during Nigeria’s 2023 elections, nearly 12.9 million cyberattacks were recorded against governmental agencies, averaging close to 1.5 million daily.

International Organizations and Companies’ Involvement

The International Telecommunication Union (ITU) has been actively involved in enhancing cybersecurity across Africa. Through its Global Cybersecurity Index (GCI), ITU assesses the cybersecurity capabilities of countries worldwide. According to the ITU’s GCI 2020 report, several African countries, including Kenya, Nigeria, South Africa, and Ethiopia, have made progress in strengthening their cybersecurity frameworks. Kenya, for instance, ranked 39th globally in the GCI 2020, showcasing its commitment to cybersecurity improvement.

The African Union (AU)’s efforts to harmonize cybersecurity laws and regulations across Africa have gained momentum. As part of the AU’s initiatives, the African Union Commission, in collaboration with member states, has organized cybersecurity capacity-building workshops and training programs. These efforts aim to enhance regional cooperation and collaboration on cybersecurity issues.

Through its Microsoft 4Afrika Initiative, Microsoft has made significant strides in supporting cybersecurity capacity building in Africa. As of 2020, Microsoft’s partnership with the African Development Bank’s Coding for Employment program has trained over 50,000 youth in digital skills, including cybersecurity, across 25 African countries. Additionally, Microsoft’s collaborations with governments in Kenya, Nigeria, Ghana, and South Africa have focused on providing cybersecurity training and solutions to enhance digital resilience.

Cisco’s Networking Academy has been instrumental in providing cybersecurity training programs across Africa. Since its inception, Cisco’s Networking Academy has trained millions of students globally, with a significant number from African countries. As of 2020, the Networking Academy had over 600 active academies in Africa, offering courses in cybersecurity and networking. Cisco’s collaborations with countries like Morocco, Tanzania, Nigeria, and Uganda have empowered students and professionals with the skills needed to address cybersecurity challenges.

Solutions

Addressing the growing threat of cyberattacks on e-Government systems in Africa requires a multifaceted approach involving collaboration between governments, international organizations, and the private sector. Several initiatives and measures have been implemented to bolster cybersecurity across the continent.

• Capacity Building and Training

Enhancing cybersecurity capabilities through training programs and capacity-building initiatives is crucial. International organizations like the African Union (AU) and the International Telecommunication Union (ITU) have supported various training programs aimed at equipping African nations with the skills and knowledge to combat cyber threats effectively.

• Cybersecurity Policies and Regulations

Developing and implementing robust cybersecurity policies and regulations are essential steps towards improving cybersecurity posture. Many African countries are in the process of adopting comprehensive cybersecurity laws and regulations to create a legal framework that promotes cybersecurity awareness and compliance.

• Collaboration and Information Sharing

Promoting collaboration and information sharing among African countries can significantly improve cyber threat intelligence and response capabilities. Regional organizations, such as the Economic Community of West African States (ECOWAS) and the Southern African Development Community (SADC), play a vital role in facilitating cooperation and coordination on cybersecurity issues.

• Investment in Cybersecurity Infrastructure

Investing in cybersecurity infrastructure, including advanced technologies and tools, is crucial to detect, prevent, and mitigate cyber threats effectively. International companies specializing in cybersecurity solutions are increasingly partnering with African governments and organizations to deploy state-of-the-art cybersecurity technologies.

Russian experience

The initiatives of Kaspersky Lab, a Russian cybersecurity and anti-virus provider, in Africa are focused on deploying advanced cybersecurity technologies and solutions to protect critical infrastructure. In 2020, Kaspersky Lab reported detecting over 28 million cyber-attacks targeting African users, highlighting the increasing cyber threat landscape in the region. Kaspersky’s partnerships with South Africa, Nigeria, Kenya, and Egypt have aimed to bolster cybersecurity defenses and combat cyber threats effectively.