Continued from here
LEGAL FRAMEWORK FOR TACKLING CYBER-TERRORISM IN NIGERIA
In a civilised society, actions must be based on the rule of law. A lack of well-thought legislative and policy direction can as well make us kiss goodbye to any dream of winning the war against cyber-terrorism.
The Terrorism (Prevention) Act, 2011 expressly prohibits acts of terrorism. An “act of terrorism” means an act which is deliberately done with malice, aforethought which may seriously harm or damage a country or an international organization; intended or can reasonably be regarded as having been intended to— unduly compel a government or international organization to perform or abstain from performing any act; seriously intimidate a population; seriously destabilize or destroy the fundamental political, constitutional, economic or social structures of a country or an international organization; or otherwise influence such government or international organization by intimidation or coercion; and involves or causes, as the case may be- an attack upon a person’s life which may cause serious bodily harm or death; kidnapping of a person; destruction to a Government or public facility, a transport system, an infrastructure facility, including an information system, a fixed platform located on the continental shelf, a public place or private property, likely to endanger human life or result in major economic loss; the seizure of an aircraft, ship or other means of public or goods transport and diversion or the use of such means of transportation for any of the purpose of causing terror; the manufacture, possession, acquisition, transport, supply or use of weapons, explosives or of nuclear, biological or chemical weapons, as well as research into, and development of biological and chemical weapons without lawful authority etc.
The Act does not distinguish between traditional and cyber-terrorism because, terrorism can be carried out by whatever means, the end result is the same- sorrows, tears and blood.
The Act further empowers security agents and bank officials to report, seize and arrest persons connected with transfer or receipt of money suspected to be meant for terrorism. It also provides for how to deal with terrorist properties. Procedure and other relevant provisions are also made to adequately address terrorism in Nigeria.
Section 15 of the Money Laundering Act 2011 prohibits the laundering of money for the purpose of terrorism or terrorist financing. Convicted persons are liable to 5 to 10 years imprisonment without option of fine.
Section 18 of the Cybercrimes Act 2015 is most apt to our discussion here; it is rendered as follows-
- (1) Any person that accesses or causes to be accessed any computer or computer system or network for purposes of terrorism, commits an offence and is liable on conviction to life imprisonment.
(2) For the purpose of this section, “terrorism” shall have the same meaning under the Terrorism (Prevention) Act, 2011, as amended.
Only the Cybercrimes Act recognises the power of the computer in furthering terrorist activities, also, only the Act allows a sentence of life imprisonment for a convict. The practical implication of this is that terrorists could be charged under both the Terrorism Prevention Act and Cybercrimes Act if there is evidence of the use of any computer or cyber infrastructure. While the TPA gives more legroom for the prosecutor, the Cybercrime Act gives an appropriate sentence for terrorism.
The recent hoopla over the fine imposed on MTN Nigeria for not complying with Nigerian Communications Commission (NCC) regulation on the Registration of Telecoms Subscribers is worth mentioning here. Section 71 of the Nigerian Communications Act which established the NCC empowers it to make regulations for the effective administration of the communications sector. It was in furtherance of this provision that the above mentioned regulation was made. The Nigerian authorities argued that the insipidity of MTN in complying with this directive fuelled the Boko Haram carnage in North East Nigeria. This author’s take-away from the fiasco is that Compliance officers and advisers to companies must understand the prime place of technology regulation and use in modern business. If not properly handled, MTN’s multi-trillion naira investment in Nigeria may go down the drain.
SUGGESTED POLICY OPTIONS
In view of the foregoing, certain policy options must be considered in foiling a cyber-terror attack or mitigating the effects. They include-
- Immediate convening of a national stakeholders conference by Office of the National Security Adviser on designation of critical national information infrastructure pursuant to section 3 of the Cybercrimes Act 2015. The list in Paragraph 7.5 of the National Cybersecurity Policy is sectorial; this does not meet the requirements of the Act.
- A national action plan coordinated by NITDA that critical national data should be stored in Nigeria and regulated by Nigerian law to reduce possibility of foreigners access and security compromise.
- The Nigerian Army, State Security Service, Police and other security agencies should be trained on cyber-security management.
- A scheme can be devised to employ technology savvy youths who can act as the nation’s ‘cyber-army’. This falls in line with NITDA’s strategy on Digital Jobs Creation.
- The National Cyber security Policy and Strategy implementation should be expedited and well-funded to achieve the desired objectives.
- NITDA should work with public and private stakeholders to set a National Information Technology Infrastructure (NITI) Guideline.
- Staff of NITDA, IT staff of MDAs and security agencies must be properly debriefed of all codes and access rights to the computer and automated systems of the employer in compliance with Section 31 of the Cybercrimes Act.
- Our tertiary institutions should be funded to establish cyber-security research centres to train manpower, monitor cyber-security developments, detect cyber-terror attack, advise stakeholders and activate cyber-security actions when necessary.
Nigeria as a heterogeneous conglomeration of diverse interests has long lived in the shadow of internal combustion. As long as the unresolved issues fester, cyber-guerrilla tactics cannot be ruled out in the present and the future. There needs to be a coordinated national response to the gorgon of cyber-terrorism, no single agency has all the solutions all hands must be on deck and in sync to avert, contain and control future attacks.
Paper download here