I would like to thank the Commandant of the National Defence College for inviting me to this very important workshop on a contemporary subject matter, “Cyber Crime: ‘Threats and Counter Measures’”.
Invariably, we are talking about crime on the Internet and how to mitigate against it. Since the conception of the Internet in the 1960s and up to its commercialization in 1990s, it has become a veritable instrument of societal good for effective military defence and the promotion of economic opportunities for citizens.
Being a network of independent networks and as probably the greatest invention of mankind, Internet has enhanced communication, governance, banking, finance, agriculture, health care, commerce among many other sectors. As at today, more than 3.7billion people (54%) are connected globally with Internet economy value in excess of $4.3trillion. In Nigeria with more than 90m people (50%) connected (which is the highest number of people connected to the Internet in Africa), Internet engenders economic value of more than $40billion.
With the advent of Internet of Things, many more things are expected to be connected and the reality of the real world scenarios faces us more glaringly with respect to crime and how to combat it. As we all know crime has been on since the advent of man and addressing it effectively has been a challenge for authorities till date. Gladly, the UN Human Rights Council in its resolution of July 5, 2012 indicated that whatever rights apply offline, apply on-line, so, treatment of crimes online requires equal, if not more aggressive counter measures as we see offline.
Some crimes being committed on line include: theft of classified information, identity theft, child pornography, distributed denial of service (DDOS) attack, destruction of communication and military infrastructure through methods such as phishing, spoofing, man-in-the-middle attack, pharming, Advanced Persistent Threat (APT) utilizing malwares, trojans, botnets, social engineering and weak organisational awareness and cybersecurity governance framework. Many countries, organizations and individuals around the world are victims of cyber attacks including the US, Estonia, Nigeria, Sony, Yahoo, US National Democratic Congress etc. We experience cyber attacks every day on our Datacentre servers but we have been able to successfully repel those attacks for the past four (4) years.
As I said earlier, just as crime is in our real world, so is it prevalent in the cyber world. As we continue to address it daily in our communities, so must we address same online. As there is no 100% crime free society, so is it that the Internet cannot be 100% free of crime but we can do a good job countering the threat it poses to our networks and by extension our security and lives.
My advice with respect to counter measures is to ensure that each organisation has a cybersecurity strategy and policy that determines what it should do in the event of any emergency. Staff should be fully aware of the wimps of social engineering and phishing attacks that make highly respected organisations loose reputation. Passwords policy should be strong and subject to change regularly. Servers should be hardened with firewalls and configured to provide maximum safeguard against rogue Internet Protocol (IP) identifiers. Systems should be updated regularly with the latest Internet security firewalls. And very importantly, systems should be audited periodically to ensure that controls are in place and that they are working as expected.
The Office of the Auditor-General for the Federation takes the issue of IT Audit seriously hence the creation of a new department, the Emerging Issue Audit Department in the Office to address this. In that direction, we carried out a few pilot IT Audit of certain Agencies of government and the result of the exercise was that Ministries, Departments and Agencies (MDAs) (especially security agencies) need to do more to secure their systems and mitigate the threats of cyber crimes. We believe effective local and foreign partnership is very important in combating cyber crime, hence my recommendation for the Law enforcement and defence Agencies to be active in governance of the Domain Name System (DNS) in the Internet Corporation for Assigned Names and Numbers (ICANN) and in the United Nations Commission on Science and Technology for Development looking at how government can evolve collaborative policy frameworks that would mitigate cyber crime.
I’ve no doubt that this 2-day workshop will provoke thoughts and provide practical ideas on how to effectively address the threat posed by cyber crime to our people, infrastructure, critical assets and to our economy.
I wish you successful deliberations.