National Policy on Information Security found inadequate to counter growing threats of cyber attacks
Despite the immense benefits of the development of information and communication technology, the scale and pace of information transfer and exchange pose unprecedented challenges to countries across the globe particularly with regard to cyber security threats.
Ethiopia’s 2011 national policy on Information Security has been found inadequate to address these growing challenges and complexity of the current level of cyber-attacks as a policy review analysis conducted by researchers from Technology and Innovation Institute highlighted.
A consultative forum was organized on August 12, 2021 at the Institute’s head office in Addis Ababa to deliberate on the findings of the policy review among key representative stakeholders to identify effective ways to deal with the growing number of cyber-attacks. This is part of the effort to augment the process of the national policy review process initiated by INSA by addressing its gaps in the current national strategy in place.
Amidst growing number of cyber-attacks across the world, it was reported that cyber-attack attempts directed at more than 37,000 computers were detected in Ethiopia recently. An earlier report from INSA indicated that the number of grand cyber-attacks in the country have increased from 479 and 576 to 791 annually during the past three successive years.
One of the gaps identified in the existing policy is that it generally highlights the potential security threats without proposing possible interventions. It does not also clearly identify the responsible body to oversee the effective implementation of the policy. The policy mainly focuses on public institutions paying little attention to the private sector as a potential targets for cyber security attacks.
The findings of the policy analysis identified three major factors that necessitated the revision of the national policy on information security. One reason is the latest introduction of the Digital Ethiopia 2025 national strategy that sets a target to transform at least 30 percent of the public institute in the country to provide their services via digital system. Such a move would increase the vulnerability of the country as a whole for increasing cyber-attacks in the coming years.
The latest pandemic of COVID-19 have a profound impact on the life style and interactions among people that increasingly relies on the application of digital systems. The third factor is related to the latest progress in terms of privatization of the telecom sector in the country that requires robust strategy to deal with growing cyber-attacks expected in the future.
The marked difference between the time when the strategy was first developed a decade ago and the current scale of technological application and digital development in the country necessitates the incorporation of additional elements in the cyber security policy of the nation.
The recent report entitled Ethiopia's Digital Economy (June 28, 2021) highlights the growing trends in the usage of ATM, POS, Internet banking that have been multiplied considerably—by a factor of 5 up to 15 times —in the last few years. The financial transactions in the banking sector have also grown reaching half a million transactions every day and a total of ETB 260 billion annually that is equivalent to about 8% the GDP. For the first time, CBE has seen 62% of its customer transactions taking place via digital channels instead of at bank counters.
These trends are expected to grow in a much faster rate that demand a robust national cyber security strategy in place to match the rapid expansion of digital transactions and the growing vulnerability to increasing cyber-attacks in the coming years.