The continuous evolution of cybercrime and the myriad of destruction it does to an economy (that is, to individuals, organizations, institutions, businesses, and governments) has generated the need to curb the practice by way of protecting cyberspace and any other medium through which the cybercriminals operate. The Ghanaian perspective on cyber security has been the institutionalization of policies and strategies aimed at educating and creating awareness of the cyber threat, arresting cybercriminals, and recovering the proceeds of cybercrime. Also preventing data theft, attacks on computer systems, software, and network devices, and retrieving data. Again, making the business of cybercrime distasteful, unpleasant, and unattractive to the general population by the police service to make the digitalization drive seemingly smooth. This is evident in the various approaches that have been employed to tackle cybercrime in the country. The story of cyber security in Ghana has been policy upon policy, act upon act, and strategies upon strategies, a reflection of how relentlessly various institutions, especially the Police Service, are working to meet prevailing conditions in the fight against cybercrime. The Cyber security policy of Ghana seeks to address the major cyber risks facing Ghana from attacks on the national information infrastructure and again address the lack of awareness of the risks users and businesses face doing business in cyberspace. The policy also addresses the need to develop a technology framework for combating cyberattacks and capacity building for cyber security experts to make Ghana self-sufficient in the fight against cybercrime, and in the near future, create a culture of cyber security in Ghana. A journey to the specific interventions adopted and implemented in the quest to secure cyberspace in Ghana includes:
The Ghana Police Service, as a crime detection and prevention institution, has a Cyber Crime Unit that is primarily responsible for detecting and investigating crimes whereby digital devices, networks, and other telecommunication devices or the internet space are the target or the means to perpetrate the crime. Over the years, the Cyber Crime Unit has been investigating and prosecuting cybercriminals; collecting data and undertaking forensic analysis; conducting cyber intelligence collection, analysis, and dissemination; assessing and analyzing cybercrime phenomena; and surveilling and monitoring the cyberspace, which to a greater extent appeared to be yielding results in the area of the amount of money lost on cybercrime since 2018, as seen in figure 2. The Police Service, as part of their intervention to secure cyberspace, has arrested and prosecuted some people who are perpetrators of this crime, Notable among them are Rosemond Brown (Akwapem Poloo) for child pornography, Patricia Oduro Koranteng (Nana Agradaa) for a charlatanic advertisement, Patrick Asiedu (the alleged doctor) for spreading fake news, Solomonn Doga (a phone repairer) for sextortion, and a host of other cases of arrest and prosecution.
The INTERPOL Unit of the Ghana Police Service also serves as the medium of information sharing among its 195 member countries, which includes the latest or emerging forms of crimes or tactics used by cybercriminals (Modus Operandi). This information is shared among the various institutions fighting cybercrime. The Unit also receives reports or complaints from its counterparts around the world and forwards them to the Cybercrime Unit for investigations or collaborates with various institutions to investigate and prosecute offenders. Likewise, the INTERPOL Unit receives reports from victims in Ghana and forwards them to their counterparts in the respective countries involved, where the perpetrators are believed to be located. About 19 police databases are managed by INTERPOL, which provides member nations with real-time access to information on crimes and offenders, including cybercrime.
Fighting cybercrime with the law in Ghana dates back to 2008, when the Electronic Transaction Act (ETA 2008) was passed by parliament. The Act specifies legislation on cybercrime and prescribes punishment for cybercrime perpetrators. The Act outlined cyber offenses, which include but are not limited to: stealing, charlatanic advertisement, attempt to commit crimes, aiding and abetting, a duty to prevent a felony, conspiracy, forgery, intent and criminal negligence, access to a protected computer, obtaining electronic payment mediums falsely, electronic trafficking, and possession of electronic counterfeit-making equipment, etc. The Act addresses issues in the fight against cybercrime as well.
The Data Protection Commission was established as an independent statutory body under the Data Protection Act, 2012 (Act, 843) to protect the privacy of individuals and personal data by regulating the processing of personal information. The commission was mandated to provide for the process to obtain, hold, use, or disclose personal information and for other related issues bordering on the protection of personal data. To undertake regular vulnerability and system audits to ensure the robustness of IT systems that store, process, or transmit personal data. The Data Protection Act ensures the protection of private data of the government, citizens, and businesses in Ghana. The Data Protection Commission has recently been particularly proactive in its enforcement proceedings, which has prompted numerous data controllers to register and adhere to the Data Protection Act’s obligations (The Media Foundation for West Africa, 2017).
Again, the National Computer Emergency Response Team (CERT) was established and inaugurated in 2014 by the Ministry of Communications to coordinate cyber incidents and assist in resolving future incidents within the government network. The establishment of CERT-GH is a critical component of the cyber security emergency readiness of the National Cyber Security Policy and Strategy (Media Foundation for West Africa, 2017). On the business side, the presence of the e-Crime Bureau in Ghana has greatly helped the course of cyber security in the country. Organizations can investigate cybercrime thoroughly, which has largely improved the protection of cyberspace.
The Subscriber Identity Module (SIM) registration by the National Communication Authority is another initiative to mitigate cybercrimes committed using mobile phones. There is currently another directive by the Ministry of Communication for the telecommunication companies in Ghana to reregister SIM cards with only Ghanaian cards as the accepted identity card for registration. This exercise is purposely designed to fight cybercrimes that are perpetrated using SIM cards by making it easier for the Ghana Police Service, through the Cybercrime Unit, to trace and arrest such criminals and aid in alleviating cybercrimes and other related crimes. Government programs aimed at reducing crime in general and computer crime, in particular, include the Economic and Organized Crime Office (EOCO) under the Attorney General’s Department and the Financial Intelligence Center for the banking industry.
The National Cyber Security Policy and Strategy, after five years of development, were adopted and approved by Cabinet in 2016. This is considered a milestone in the fight against cybercrime. The policy document addresses issues relative to the legislative and regulatory framework, cyber security technology framework, culture of security and capacity building, research and development towards self-reliance, compliance and enforcement, child online protection, cyber security emergency readiness, and international cooperation. The national strategy identifies key stakeholders within the cyberspace ecosystem for the implementation of various policy initiatives. For instance, the National Cyber Security Center (NCSC) was established in 2018 under the Ministry of Communications to undertake Ghana’s cyber security development and implement Ghana’s National Cyber Security Policy and Strategy. The National Cyber Security Center in collaboration with the National Cyber Security Technical Working Group is responsible for Awareness Creation & Capacity Building, Cyber Security Incident Coordination & Response, Critical National Information Infrastructure Protection, Child Online Protection, and International Cooperation among others as well as the development and implementation of Ghana’s National Cyber Security Policy & Strategy.
Image Source: www.cybersecurity.gov.gh/report
The losses incurred by banks in Ghana due to cybercrime activities and the threat it poses to the banking sector motivated the Bank of Ghana to issue a Cyber and Information Security Directive in 2018 to protect the banking sector and financial institutions under its supervision from cybercrime and its related challenges. The directive obligated the various institutions it regulates to
- Place special emphasis on cyber and information security and take all the necessary steps to protect and manage their systems and data effectively.
2. Expand and enhance their cyber and information security capabilities.
3. Enhance the institution’s resilience to cyber and information security risks, reducing business continuity impact, and minimizing damage to ICT assets and customers.
4. Determine the extent of the implementation process by financial institutions while seeking to maintain, at the same time, a degree of flexibility as required by the unique nature of this Directive(s).
5. Institutions must manage cyber and information security risks systemically, following Ghanaian law and Directives on risk, operational risk, business continuity, and ICT management.
6. In managing its operational risks, the institution shall address and document the cyber and information risks relevant to its operations as well as the measures taken to mitigate them.
7. Address cyber and information security scenarios that may affect its activities and those of customers, suppliers, and service providers.
8. Understand the scope of cyber and information security threats and the required security capabilities for meeting this challenge.
9. All institutions supervised by the Bank of Ghana shall be International Organization for Standardization (ISO) 27001 certified and should adopt ISO 27032.
10. Institutions that handle, process, store, or transmit debit cards, credit cards, prepaid cards, e-purse, ATM cards, and/or POS) and related information shall be certified.
11. The methodology for managing and handling cyber and information security events shall comply with international standards such as those of the National Institute of Standards and Technology (NIST) and ISO 27001
Ghana’s cyber security activities have not gone unnoticed, as according to the Acting Director-General of the Cyber Security Authority, Dr. Albert Antwi-Boasiako, commendations have come in from the World Bank, World Economic Forum, UNICEF, and the ECOWAS Commission, among others, with the ECOWAS Commission requesting Ghana to lead cyber security efforts in the African sub-region. He issued a caveat that, there is still work to be done, to firmly secure cyberspace, irrespective of the recognition so far (Gyesi, 2020). On the 2020 Global Cybersecurity Index (GCI) of the International Telecommunication Union (ITU), Ghana received an overall score of 86.69%, placing third in Africa (Boakye, 2021).
Without cyber security, Ghana’s digitalization initiatives would be useless because criminals would take over unprotected cyberspace, making the digitalization of the economy more vulnerable. Without the efforts of many organizations, such as the Police Service, to make cyber security a top priority, the multiple initiatives to digitize the Ghanaian economy would not have seen the success and recognition it have. When cyberspace is secure, businesses will adopt new technologies for innovation, investors will also be enticed to invest in businesses, digitalization will be smoothly implemented, and its concomitant benefits will be highly maximized. These factors all contribute to economic growth and national development.
Author’s Profile: Abdul-Salam Shaibu is an Investigator and Cybersecurity Practitioner. He had his professional training at the Detective Training Academy, Ghana Police Service, as well as a Professional Diploma in Database Management from IPMC. He holds a Bachelor of Science Degree in Computer Engineering from Ghana Communication Technology University and a Master of Science in Digital Forensics and Cybersecurity from the Ghana Institute of Management and Public Administration (GIMPA). A certificate in Cybersecurity Investigations and Digital Forensics at the e-Crime Bureau, among other numerous courses and certifications. He is a student at the GIMPA Faculty of Law pursuing a Bachelor of Laws (LLB) Degree. He is a Businessman and an Entrepreneur. The author’s research interests are in IT, Cybersecurity, Law, Risk Management, Security, and Criminal Psychology.
Recommended Citation: Abdul-Salam, S. (2023). Ghana’s Cybersecurity in Perspective
Please address all correspondence to: Abdul-Salam Shaibu by Phone: at (+233) 026 530 8783 and by email on shaibubaba80@gmail.com