By Valarie Waswa
The East Africa Internet Governance Forum 2024 convened experts, policymakers, and stakeholders to tackle one of the most pressing issues of our time: cybersecurity and data governance.
I attended a session titled “Strengthening Cybersecurity and Data Governance” which provided a rich tapestry of discussions that highlighted the unique challenges and opportunities facing the region.
Securing the African Cyberspace
The session opened with a presentation titled “Securing the African Cyberspace.” Here, we dove headfirst into the realities of our digital age, where the 4th Industrial Revolution has unleashed a wave of cutting-edge technologies like AI, blockchain, and the Internet of Things.
But with great innovation comes great responsibility! Rapid digitalization has led to a surge in cyber threats, and here’s the stark reality: women comprise only 20% of the global cybersecurity workforce, and in Africa, that drops to a mere 9%. This statistic alone sends ripples of urgency through the room!
We explored the EAC Cybersecurity landscape, shining a light on the EAC Cybercrime Investigation Center of Excellence. It was eye-opening to learn that only one country in the East African Community has ratified the Malabo Convention so far.
Initiatives like the Digital Transformations Strategy for Africa and the D4D Hub (a project by GIZ and EU member states) offer hope for a more secure digital future.
_________________________
The Panel Discussion
African Solutions for African Challenges
As the panel discussion commenced, a pivotal question was posed to Mutheu Khimulu, a renowned Cybersecurity Expert from Kenya: What is the importance of having a pan-African cybersecurity approach? With conviction, she emphasized the need for African solutions to African problems, advocating for a robust cybersecurity framework tailored to our unique context.
“The African Continental Free Trade Area (AfCFTA) hinges on technology,” she reminded us, underscoring the necessity for secure tech infrastructure to drive its success.
The conversation flowed seamlessly to Lucrezia from GIZ Uganda, who spoke passionately about the intertwining of cybersecurity and data governance.
Drawing a comparison with the EU’s stringent GDPR, she illuminated the path many African nations are taking towards creating their data protection frameworks.
She also mentioned a concluded Regional Policy Dialogue organized and convened by GIZ, which brought together data protection authorities from EAC countries, and how it was vital in promoting knowledge sharing and best practices.
Insights from DRC: Bridging Data Sharing and E-Commerce
Olga, a representative from the Democratic Republic of Congo, brought a fresh perspective to the discussion. She highlighted the critical need for data sharing and interoperability to bolster e-commerce and trade across the region.
“It’s not just about protecting personal data; it’s about enhancing our economy,” she asserted. Olga emphasized the importance of collective strategies across various sectors, including health and security.
She urged that governments cannot shoulder the burden alone, advocating for Public-Private Partnerships to leverage the expertise of the private sector in cybersecurity.
“In DRC, we are increasingly turning to the private sector for their experience in these matters,” she explained, illustrating the collaborative spirit needed to tackle regional challenges.
The Reality Check: Progress and Challenges
As discussions turned towards South Sudan, the Director of ICT Policies addressed the challenges ahead. While South Sudan is laying the groundwork for cybersecurity, the ratification of the Malabo Convention remains a hurdle.
“We risk becoming the weakest link in the region if we don’t step up our game,” he cautioned.
From the perspective of tech giants, a representative from Meta shared insights into their robust measures for protecting user data. With investments in AI and partnerships for digital literacy programs, Meta is on the frontlines of promoting online safety.
“We’re not just talking about cybersecurity; we’re talking about empowering communities,” she noted, as the audience nodded in agreement.
Exploring the Future: Risks and Recommendations
A follow-up question to Meta delved into existing cybersecurity risks. The representative pointed out the limited infrastructure and expertise in the region, exemplified by a recent ransomware attack on Kenya’s e-government site.
“These attacks are often basic, which speaks volumes about our vulnerabilities,” she warned, emphasizing the rise of AI-related risks in the coming years.
Returning to Mutheu, a question about strengthening cybersecurity and data governance ignited another round of passionate discourse.
“We must embrace multistakeholderism,” she urged, highlighting the need for collaborations across sectors. The importance of grassroots education in cybersecurity cannot be overstated, and she championed the necessity of equipping marginalized communities with tools for cyber hygiene.
Lucrezia echoed this sentiment, advocating for gender mainstreaming in cybersecurity policies. “We need to meet women where they are,” she emphasized, championing efforts by GIZ to create local language models and promote inclusivity in tech discussions.
Budget Priorities and Funding for Cybersecurity
The conversation on budget priorities was particularly illuminating, with the Director of ICT Policies from South Sudan emphasizing the need for a paradigm shift in how cybersecurity is viewed within government budgets.
He stressed the importance of approaching legislators effectively to advocate for dedicated funding, framing cybersecurity not merely as an expense but as essential for ‘cyber safety,’ “Data is the new oil,” he declared, underscoring its value and the necessity for prioritization in national budgets to ensure the protection of personal data.
He also highlighted South Sudan’s over-reliance on development partners for funding. “We must align ourselves to attract investments and diversify funding sources,” he noted.
This sentiment was echoed by various panellists, who pointed out the need for a coordinated approach that harnesses both governmental and private sector resources.
Olga from the DRC contributed to this discussion by advocating for the establishment of an East Africa Data Strategy, suggesting that a regional framework could enhance resource sharing and collaboration among nations.
She pointed out that, given the limited resources of governments, Public-Private Partnerships could play a crucial role in bridging funding gaps, particularly in cybersecurity.
Building the Future Together
The discussion culminated with a collective call for action: the need for harmonized frameworks, regional cooperation, and a focus on implementation over mere strategy.
As the panellists’ parting shots echoed through the hall, phrases like “Pan-Africanism”, “Information Sharing”, and “Capacity Building” reverberated, leaving a lasting impact.
In conclusion, as we navigated the intricate landscape of cybersecurity and data governance, one truth emerged: Together, we are stronger. While challenges loom large, the commitment to fostering a secure digital future for East Africa shines brightly.
Ms Valarie Waswa, Legal Fellow – KICTANet