On May 12, more than ever before, the world encountered the worst cyber-attack that hit 150 countries. This clearly shows how cyber-attack is increasingly becoming one of the most intractable challenges of the global economy.
It is a challenge that every nation faces irrespective of its development in terms of technology.
This latest worldwide cyber-attack affected some of the most developed countries, most notably the UK, Russia, France, Spain, Australia, Sweden, Norway to name but a few.
Shortly after the incident, the Microsoft, an American giant multinational tech company, cast the blame to governments for storing data on software vulnerabilities which could then be accessed by hackers.
Arguably, this cyber-attack (or computer viruses) exploited a flaw in a version of Microsoft Windows or vulnerability of computer system.
As a matter of perception, we often believe that the most developed countries have the strongest impenetrable cyber-security but the latest computer virus, known as ‘ransomware’, proves the contrary.
That said; no single country is immune to cyber-attack, no matter having the most sophisticated modern technologies.
Computer technologies are ubiquitous, so even the hackers are able to access the ICT to send ransomware to their targets. In this regard, it simply requires basic equipment to commit computer crimes.
In other words, committing an offence requires hardware, software and Internet access. With regard to hardware, the power of computers is growing continuously.
There are a number of initiatives that facilitate people, including cyber criminals, to use ICTs more widely. Criminals can commit serious computer crimes with only cheap or second-hand computer technology – knowledge counts for far more than equipment.
The data of the computer technology available has little influence on the use of that facility to commit cybercrimes. Committing cybercrime can be made easier through software tools. Offenders can download software tools designed to locate open ports or break password protection.
Having seen the above, a question is: what measures ought to be taken to prevent cyber-threats in Rwanda?
The latest cyber-attack came at the time when establishment of the National Cyber Security Authority (NCSA) is in its final stage. The worldwide cyber-attack calls for more action by all countries—acting both individually and collectively.
It is worth stressing that the National Cyber Security Authority will have a serious task ahead. It will have to secure private and government information and critical infrastructure against online crimes and cyber-attacks.
As noted previously in this column, the National Cyber Security Authority will have the core mandate of implementing the National Cyber Security Policy and strategies to ensure national cyber-safety.
Of course, bolstering cybersecurity must be at the heart of it. In other words, cybersecurity requires technological capabilities that permit not only robust defence but also offensive operations.
Enhancing stronger cybersecurity and legal measures to protect critical information infrastructure must be the starting point. Having these measures in place is indispensable because they’re helpful in identifying the cyber-risks the country might face.
As noted sometime back, cybersecurity is not merely technical measures but a collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training best practices, assurances and technologies that can be used to protect the cyber-environment and organization and user’s assets.
This means all the above measures must be checked and revisited constantly to ensure their effectiveness and efficiency. Moreover, the cyber-attackers often take advantage of weakness or vulnerability of computer systems and networks.
There’s a need to set out methods and strategies to strengthen and coordinate efforts to combat cybercrime and ensure cybersafety. In this perspective, the government must have a three-pronged strategy.
At the local level, there’s a need to develop awareness-raising, educational and specialized training courses targeting internet users and should be disseminated through all communication tools (media of all sorts and sizes).
Awareness-raising and training should include specialized training for IT personnel in public and private bodies, plus law enforcers (i.e. judges, prosecutors and police personnel).
Secondly, to strengthen cooperation between the public and private sectors to ensure cybersafety through information exchange, sharing financial burdens, practical cooperation, developing technical solutions and increasing investment.
Thirdly, deterring or mitigating cyber-threats can hardly be achieved without cooperation at regional and international level. It is quite important to stimulate dialogue between regional and international stakeholders.
This enables stakeholders to share their experiences and challenges and then decide how to fix them. More importantly, this approach bolsters information sharing among countries, without forgetting signing agreements for mutual legal assistance to deal with organised cyber-attackers.
Here, Rwanda needs to engage EAC partners. This is vital given the cross-border nature of cybercrime. This requires official and unofficial mechanisms for judicial cooperation in the EAC bloc under the principle of reciprocity to avoid violating national sovereignty.
Such regional cooperation will result in the exchange of information and lessons learned from experiences and best practices in other countries, which contributes to national cybersafefy.
Furthermore, collaboration with Internet service providers allows States to block illegal websites or prevent data transfer from suspicious electronic addresses. Equally, Web hosting companies can monitor services provided by websites they host and prohibit the unlawful use of these services.
The writer is an international law expert.