Botswana urged to rethink cyber security threats
By John Churu, Gaborone, Botswana
While the date for the second cyber security conference are drawing closer, one of the speakers and conference organisers has urged a holistic approach by the powers that be on the issues of cyber security. Speaking during a media briefing to alert the ICT community and other cyber experts, Bezah Belayneh, founder of the African Cyber Risk Institute (ACRI), said now was the time for Botswana to create a national cyber risk agenda. “we cant keep our heads in the sand any more and think all is well,” he advised.
He told the journalists that “Botswana is in denial and everything looked rosy in as far as the cyber threats on our doorstep are concerned".
”ACRI say they have created over 36 programmes which have been accredited by the local accreditation body called the Botswana Qualifications Authority (BQA). However,” Belayneh lamented, “we dont get business locally. We need to get out of the veil of secrecy and fight cyber crime.”
What made dealing with the crime more complicated here is that according to ACRI, “there is no law that force local companies that have suffered hacking and data breach to tell their clients. There is no conceted effort to report, there should be a law that force companies that have been hacked to tell the regulator.”
On the upcoming cyber crime event, Belayneh said this year will be different from the inagural event in 2014 in that 2015 has assembled the greatest minds in the game. “The people that are coming to this event are pretty much IT gurus including the world’s finest hackers. These also include the minister Nonofo Molefhe who will give a keynote address. Negotiations are also going on with Google and as such, our voice is always respected.”
As a stop-gap measure, belayneh said ACRI was busy engaging the public on cyber crime awarteness. His organisation is also mooting thee introduction of cyber insurance in the country. “We are working with Cygeist to offer cyber insurance solutions and we are very much tied to the companies that are willing to take a trial and weill taylor-make the solutions.”
Presenters at previous cyber crime workshop organised by the American embassy here observed that up until as recently as April 2014, no legislative framework to facilitate and enable the provision of e-services existed in Botswana.
“Laws tended to prohibit, rather than promote the use of ICT to provide services. For example, the legislation did not provide for recognition of electronic signatures, authenticity of electronic documents and admissibility of electronic evidence, to name a few,” said Adv. Abraham M Keetshabe, General Counsel Office of the President.
These legal challenges are being addressed through the development of simple, consistent and technology-neutral legislation which recognizes all ICT processes and transactions - including recoagnition of electronic signatures as a valid authentication method for electronic transactions and give confidence to consumers, the business community and Government agencies participating in electronic transactions
A Synopsis of the Electronic Communications and Transactions Act, No. 14 of 2014 says that:
The Act facilitates the use of electronic means of communication so as to enable: Legal recognition and validity of electronic commercial transactions conducted internally and externally, recognition, promotion and implementation of information technologies which facilitate electronic commerce, Electronic transactions to be recognised in the same manner as paper based transactions, the promotion of a legal framework to support electronic commercial practices, including the formation and conclusion of legal contracts through electronic means; The promotion and adoption of information technologies in relation to electronic transactions;
The cost of cybercrime according to Dr E. U Okike Department of Computer Science University of Botswana; Business and government institutions can lose billions of dollars every year to computer criminals; Many computer crimes are probably committed by company insiders; To avoid embarrassment many companies cover up computer crime committed by their own employees: cashiers, clerks, programmers, managers The typical computer criminal could be a trusted employee or former employee. Dr. Okike added that Cybercrime covers all illegal activitiesvincluding: Data interception, Data Modification, Data theft, Network sabotage as well as Unauthorized access.
In order for cyber crime to be defeated, Okike suggests that the role of policy makers should be the loudest: “Given the report that Africa is becoming cybercrime safe harbour, the problem could hamper economic growth, foreign investment and security. Policy makers need a cogent response to cybercrime which is informed by a clear understanding of emerging treats and how other countries have formed strategies in response…countries on the continent should adopt a multi-layered approach.”