International cooperation efforts have increasingly focused on cybersecurity in Africa. Despite the diversity of these initiatives, Africa has yet to prioritise cybersecurity. Without coordination and accountability, divergent cybersecurity visions and models may instead derail Africa’s cybersecurity development.
Africa, cooperation and cybersecurity
In March 2022, the First African Cybersecurity Summit was held in Lomé, Togo. A core purpose of the Summit was to dialogue on effective and efficient measures to prioritise cybersecurity in the African region. At the Summit, heads and representatives of African governments, in cooperation with the United Nations Economic Commission for Africa (UNECA), signed the Lomé Declaration on Cybersecurity and Fight Against Cybercrime. The Declaration voices a commitment by African governments to establish a framework to efficiently fight against cybercrime and promote a cybersecurity culture. The Summit seemed like it would serve as a source of much-needed political momentum to advance the prioritisation of cybersecurity. Still, not much has changed.
International cooperation plays a strategic role in defining a trusted and secure cyberspace. In examining the existing strategies for promoting cybersecurity in Africa, it is important to consider how political strategies such as cooperation have been leveraged to strengthen cybersecurity in the region. It is equally important to examine how international cooperation is shaping the African cybersecurity agenda. There are contexts to the nature and challenges of cybersecurity in Africa and to the political, social and cultural shaping of cybersecurity approaches. However, international agreements and political forums on cybersecurity rarely appreciate or provide adequate attention to these contexts.
The recently concluded third session of the United Nations Ad Hoc Committee (AHC) to Elaborate a Global Convention on Cybercrime makes it even more important to examine international cooperation approaches to cybersecurity. The third session was focused on three important issues, including international cooperation, and three debates obviously stood out for Africa:
- The principles that should be used to guide cooperation efforts
- The specific needs of developing countries
- How the methods and means of cooperation should be covered by the convention
While the nature and form which international cooperation will take in terms of the convention is not yet defined, various African countries at the session emphasised the importance of international cooperation for ensuring cybersecurity in Africa.
Existing cybersecurity cooperation efforts
The European Union
The European Union has continued to approach cooperation with Africa through various bilateral and multilateral agreements. In February 2022, the African Union (AU) and the European Union (EU) met for the sixth European Union – African Union summit and set a cooperation agenda, the Joint Vision for 2030, that unequivocally identifies intensifying cooperation on cybersecurity as a crucial area of focus.
The EU currently collaborates with Africa through a variety of projects, including the Africa-EU Partnership on ‘Policy and Regulation Initiative for Digital Africa’ (PRIDA). Through the GLACY (Global Action on Cybercrime) and the GLACY+ projects, the EU and the Council of Europe have partnered with the African Union Commission (AUC) to explore ways to ensure that African countries build political and legislative capacity necessary to enhance cybersecurity. However, African countries remain reluctant to ratify the Budapest Convention. Since 2019, the EU has also partnered with the Economic Community of West African States (ECOWAS) Commission on the West African Response on Cybersecurity and Fight against Cybercrime (OCWAR-C) project and adopted a regional cybersecurity and cybercrime strategy.
GFCE, INTERPOL and AFRIPOL
The Global Forum on Cyber Expertise (GFCE) has been driving various cybersecurity cooperation efforts with the African Union in an effort to promote cybersecurity and recently introduced the Africa Cyber Experts (ACE) Community project, in cooperation with AUC and African states, to promote cybersecurity capacity building. INTERPOL’s Support Programme for the African Union also includes cybercrime as one of its core areas. The African Union Mechanism for Police Cooperation (AFRIPOL) has also created a Cybercrime Strategy 2020-2024 which aims to enhance coordination, develop specialised police capacities, and harmonise legal and regulatory frameworks.
The UK and France
At the beginning of April 2022, the United Kingdom, in partnership with Morocco, launched a Cyber Security Centre of Excellence for Africa, established to serve as a regional cybersecurity hub. The UK further pledged to support ‘vulnerable’ African countries in improving their cybersecurity capacity. Through its Foreign Commonwealth Development Office (FCDO), the UK has continued to promote the visions of the Commonwealth Cyber Declaration, which is based on three pillars, including promoting stability in cyberspace through international cooperation. France also established a ‘regionally-oriented’ national school for cybersecurity in Senegal to train African officials on cybersecurity issues and create a cybersecurity best practice hub in Africa. A key objective for establishing the academy is to ‘enhance a Franco-African cooperation’ on cybersecurity.
China and Russia
It is not news that China and Russia are key cooperation players in Africa and that many African states see them as key partners states for enhancing cybersecurity. China has been a key player in the provision of ICT infrastructure for African states, and China’s interest in Africa’s cybersecurity landscape must be considered in light of the reality that China designs and produces digital products and services that are mostly used in Africa. It is also believed that in recent years, Russia’s influence on governance in Africa has exceeded that of any other external actor thanks to Russia’s pursuit of cooperation paths such as extending military and security influence, including cyber influence. Russia seems poised to create its own sovereign internet, and as cooperation approaches tend to mirror domestic governance approaches, it is logical to argue that the Russian and Chinese approaches to cybersecurity are having profound effects on the cybersecurity agenda in many African countries, shaping, for example, cyber sovereignty ideologies.
Reality on the ground
Due to the nature of cyberspace, multilateralism is crucial. Despite these diverse cooperation initiatives by international partners to promote cybersecurity in Africa, the region has failed to prioritise cybersecurity. There have been calls for Africa to develop its own cybersecurity agenda, including some which have opined that international cooperation strategies in the region focused on a digital agenda should be adapted to African contexts and directed by an African agenda. Apart from the fact that the regional cybersecurity convention has yet to enter into force, Africa has no regional cybersecurity strategy. In the International Telecommunications Union (ITU) repository, only about a third of African countries have a national cybersecurity strategy, and research has shown that only about three of those African countries possess the minimum essential criteria for an appropriate cybersecurity strategy.
Africa began pursuing continental digital transformation in 2020 through the Digital Transformation Strategy (DTS) for Africa (2020-2030), which was adopted by the African Union Commission (AUC) in February 2020. However, cybersecurity has yet to be mainstreamed into Africa’s digital transformation agenda. Cybersecurity is not stated as a foundation pillar of the DTS, and the AUC has not included cybersecurity among its policy priorities in Africa.
If the cooperation agenda has so far failed to enhance cybersecurity in Africa, the continued pursuit of cooperation by international partners might be interpreted as a disguised quest for digital dominance. Another concern is that the fragmented and divergent cybersecurity cooperation models and visions introduced by various partners may rather diminish appropriate cybersecurity standards and stunt Africa’s cybersecurity development.
Leveraging international cooperation for cybersecurity in Africa
Cooperation for cybersecurity should mean more than the exchange of discourses for implementing legal frameworks or acceding to conventions. African governments have been encouraged ‘to ensure that policies and strategies are not indiscriminately copied from other contexts’ and that ‘national and regional policymakers should exercise creativity and judgement that reflect the specificities of African contexts in formulating their digital policies.’
In the context of a borderless cyberspace, collaborative approaches engender shared responsibility amongst states, however, cooperation must be married to a clear strategy and a commitment to achieve objectives, and this requires accountability. Understanding the particular capacity needs of African states has been a challenge for international cooperation on cybersecurity. Although Africa needs to build capacity on many digital aspects, international partners must consider capacity building in the context of Africa and also allow African partners to elaborate what their cybersecurity capacity needs are. There are national, regional and international contexts to cybersecurity capacity maturity and the cybersecurity capacity needs of Africa may differ from those of other regions. Africa continues to be the least digitalised region in the world with inequitable access and divisions in cybersecurity infrastructure, services and capacities. Without appropriate digital capacity, Africa will continue to find it challenging to shape an efficient cybersecurity agenda. The inadequate digital capacity will continue to trivialise the many capacity building efforts that aim to engage stakeholders in training sessions without first ensuring the existence of adequate digital infrastructure to tackle cybersecurity. Digital equality must be an agenda for cybersecurity cooperation. If capacities are not equal or almost equal, the prevalent digital cooperation agenda in Africa may lead instead to digital dependence.
International cooperation efforts must focus on practical-operational cooperation. For example, effective methods for sharing and analysing law enforcement data are crucial for cybersecurity cooperation, and this implies a capacity to implement streamlined processes. This cannot happen without functioning 24/7 cybersecurity points of contact, which are still absent in many African countries. It is important for African states to provide valuable and functional platforms for cooperation and for international partners to encourage African states to do so. At the commencement of cooperation efforts, clear lines of engagement must be stipulated, such as a demand for African states to shape a cybersecurity culture and to pursue practical cybersecurity approaches, such as the formation of computer emergency response teams.
International cooperation efforts can also be a tool to ensure accountability for cybersecurity. Examining the extant approaches towards accountability for the rule of law in Africa will show a similar situation with cyber governance. There are diverse challenges that confront African states with respect to the rule of law, a fact which has rippled into cybersecurity governance. It is important to involve diverse stakeholders in the cybersecurity cooperation agenda in Africa, as is done in places like Europe, hence, international cooperation must include sharing of best practices. A huge gap in the cybersecurity approach in Africa is the multi-stakeholder approach. Efforts to realise cybersecurity visions in Africa have been generally centered on the traditional security sector, thereby hindering transparency and accountability in cybersecurity efforts. A multi-stakeholder approach to cybersecurity in Africa should be further encouraged because, until Africa’s cybersecurity approaches are called into question on the basis of accountability, the complacency towards the prioritisation of cybersecurity may not change.
It has been argued that countries that are able to develop their own digital agenda will be better placed for cyber resilience. Sometimes, it is obvious that at a political level, there may be a lack of full understanding and appreciation of the importance of investing resources towards cybersecurity, due to a need to balance different security priorities in Africa. However, regional organisations have a key role to play in formulating policies and delivering outcomes for cybersecurity, and AUC must consciously create dialogues to further effective cybersecurity cooperation approaches and visions in the region. As the AUC continues to advance on regional flagship initiatives to achieve its Agenda 2063 aspirations and pursue the Digital Transformation Strategy (DTS) for Africa, it must be with the understanding that cybersecurity is crucial for achieving digital transformation. Perhaps African states’ continued participation in the multilateral process for elaborating a global cybercrime convention might finally be the motivation Africa needs to take advantage of international cooperation for the right reasons.
About the Author
Dr. Nnenna Ifeanyi-Ajufo is a lawyer and a Senior Lecturer of Law and Technology at the School of Law, Swansea University. She is also the Vice-Chairperson of the African Union Cyber Security Experts Group (AUSCEG), a Senior Research Fellow at the African Centre for International Criminal Justice and a member of the Cyber Threats Research Centre (CYTREC) Team at Swansea University. Nnenna holds an LLM in International Information Technology Law, MA in African Studies and LLD in International Law.