What is the National Cybersecurity Strategy (NCSS)?
National Cybersecurity Strategy (NCSS) is the nation’s readiness strategy to provide cohesive measures and strategic actions towards assuring security and protection of the country’s presence in the cyberspace, safeguarding critical information infrastructure, building and nurturing trusted cyber-community.
The NCSS comprises short, medium, and long-term mitigation strategies covering all national priorities, addressing the nation’s cyber risk exposure.
Specific key cyber threats worldwide are inimical to National interest are identified such as; Cybercrime, Cyber-terrorism, Cyberconflict, Cyber espionage, Child online abuse and exploitation. These threats have significant capability to damage the integrity of the nation, disruption of critical information infrastructure operations, undermine government operations and national security.
What is the Aim of the National Cybersecurity Strategy?
The aim of the NCSS is to provide a cohesive roadmap, initiatives, and implementation mechanism for achieving the national vision on cybersecurity.
What is the Nigerian Cybersecurity Vision?
Its vision is a safe, secure, vibrant, resilient and trusted community that provide opportunities for its citizenry, safeguard national assets and interests, promote peaceful interactions and proactive engagement in cyberspace for national prosperity – National Cybersecurity Policy 2014
But how can the goal and objectives of the National Cyber Security Strategy be achieved when most of the professionals have no idea about what the strategy entails?
How can we follow up on the implementation of the strategy when we don’t even know what the content looks like.?
In the course of my writing, I will be dissecting and reviewing the content of the National Cyber Security Strategy (NCSS), with the aim of knowing which of the objectives of the strategy has been achieved, those that are still pending, and those that are ongoing.
This will point us in the direction of asking the right questions from agencies (both public and private) that are responsible for ensuring the implementation of the strategy on a national ground. This will also help the public understand the roles of every stakeholder involved in the implementation.
About the Nigeria Cybersecurity Strategy
The NCSS was formed in 2014, and if we notice,a couple of improvements have happened to our national cybersecurity posture five years down the line due to implementation of some of the concerns of the NCSS such as:
- The development and implementation of an appropriate legal framework, The Cybercrime Act 2015.
- Establishment of National Computer Emergency Response Team (CERT) and introduction of a roadmap for implementing Detective, Preventive and Response capabilities to deal with cybercrime activities.
- Protection of Privacy through The Nigeria Data Protection Regulations
- The Strategy on Public-Private Partnership highlights the need for inter-agency collaboration with the private sector. It engages the framework for a public and private partnership in developing a cohesive response to mitigating cyber-risk.
- National awareness programmes through multi-stakeholder engagement, and international cooperation in the countermeasures giving birth to National Cybersecurity Awareness Month, Child Online Safety, and many more.
There are other objectives of the NCSS that are ongoing.These include;
- Protecting Critical information Infrastructures which includes shared responsibility between government, owners and operators of critical infrastructure. Government approach to Critical Information Infrastructure Protection and Resilience (CIIPR).
- National Cybersecurity Skills and Manpower Development is another area that we’ve had a lot of improvement in the last five years as many universities and other private training centers are now out there to develop cybersecurity skills and many are upcoming.
From here, we still have a long way to go to fully implement all of the concerns of the NCSS. The following areas needed to be address;
- Building of a National Incident Management Strategy that will help the country to have a central pool of cybersecurity incidents, track them, and learn from how those incidents were resolved.
- The continuous monitoring and review (i.e. assessment and evaluation) of the implementation and management of the National Cybersecurity Program, and the surrounding context that it operates within which is critical to providing assurance to various stakeholders that the National Cybersecurity program is able to safeguard our critical national infrastructure.
- National Readiness strategy which addresses the willingness to empower the nation in building a comprehensive, coherent, structural and procedural capability at strategic and tactical levels in mitigating cyber risks.
The question is how can we rate ourselves after five years comparing what we have achieved so far. Maybe or maybe not we need to do a revision of the National Cyber Security Strategy (NCSS) to add up a new trend of concerns in the national context. We also have to answer the question of how well those implemented objectives have gone over the years.
Summary of the National Cybersecurity Strategy
The NCSS examines the strategic imperative of national cybersecurity. It highlights various strategies that will be used to implement the measures outlined in the new National Cybersecurity Policy.
These include the following:
- The development and implementation of an appropriate legal framework, with initiatives that will allow for the identification and prosecution of cyber crimes that impact Nigeria regardless of whether they originate within Nigeria or are launched from outside of the country. It encompasses training the judiciary, security and law enforcement agencies, seeking international co-operation, public and private sector co-operation and public awareness programmes. It also introduces a special focus on data protection, privacy and lawful interception.
- Establishment of a National Incidents Management Strategy which outlines the commissioning of a National Computer Emergency Response Team (CERT) and introduces the roadmap for implementing Detective, Preventive and Response capabilities to deal with cybercrime activities.
- The strategy for Protecting Critical information Infrastructures including shared responsibility between government and owner-operators of critical infrastructure. It also highlights the ways in which early warning, detection, reaction and crisis management will be assessed, developed and implemented to provide a proactive readiness to react to and deal with threats towards Nigeria’s Critical Infrastructures.
- The strategy seeks to ensure the development of information security assurance and monitoring plan. It includes a new national mechanism on cybersecurity assurance, adoption of fit for purpose standards for Governance, Risk and Control, Core Assurance Capabilities, National Enterprise Architecture Framework. It also endorses the adoption of application security testing as well as the adoption of a Balanced Scorecard Framework for cybersecurity.
- The introduction of a sustainable strategy to develop, maintain and ensure Nigerians are informed and equipped to deal with cybersecurity events by establishing a mechanism for Cybersecurity Skill and Manpower Development initiatives. These initiatives will be driven through a public-private partnership. It introduces a model for certification of individuals to ensure the quality of competence in the field of cybersecurity relevant to the nation.
- The strategy for protecting Nigerian Children from Online Child Exploitation and Sexual Abuse includes initiatives, such as the national awareness programmes through multi-stakeholder engagement, and international cooperation in the countermeasures.
- The Strategy on Public-Private Partnership highlights the need for inter agency collaboration with the private sector. It engages the framework for a public and private partnership in developing a cohesive response to mitigating cyber-risk.
In conclusion, The National Internet Safety initiative is aimed at providing general public awareness, education, and advocacy through multi-stakeholders’ engagement, development of local tools, training software and applications in Internet safety and security readiness. It provides a mechanism for gauging the nation’s cybersecurity posture.
You can download the document here
The NCSS was accompanied by an action plan document for its implementation spreading out the responsibilities and roles of all stakeholders involved for its success.