Technology, process and people are the three pillars of cyber-security. Without strong connection between these pillars, it is difficult to secure the cyber space and to provide secure services. Cyber-security is becoming a serious national and every single institution’s agenda in today’s world. Thousands of new cyber-attacks occur every day globally that threatens thousands of documents of governmental and non-governmental institutions.
In the current world, businesses, service providing institutions, trade transaction, and financial transactions are dependent to the cyber technology. The cyber world, as mentioned above, is vulnerable to hackers. Cyber-crime is a serious global threat for all countries of the world and every institutions, private and governmental, is prone to cyber-attacks. To minimize the risks and threats of cyber-attack, institutional awareness in general and recruiting cyber talented experts to secure the infrastructure of the institution is becoming part of the business activities.
Considering the destructive impact of hacking and cyber-crimes, countries set cyber governance systems and establish institutions to administer the overall activities and to secure the cyber infrastructure. The Information Network Security Administration (INSA) is the responsible institution in Ethiopia to administer and govern the cyber infrastructure and related activities.
Recently, INSA released its 2022/23 budget year activities. According to the federal institution, INSA, over 6,659 cyber-attack attempts were registered during the budget year, from internal and external sources. By responding to over 96.3% of the attack attempts, INSA saved over 23 billion from governmental and private institutions.
According to INSA Director-General, Solomon Soka, to know the risks and vulnerability of institutions, INSA is conducting cyber threat assessments in critical governmental and private institutions. During the concluded budget year, INSA conducted cyber threat assessment on 123 government and private institutions. By assessing 64 governmental and 59 private institutions of 204 technologies within these institutions, INSA identified 652 cyber security gaps.
INSA takes immediate measures to solve the security gaps within the institutions. Considering the increasing of cyber related crimes and the growing of the use of cyber technology in every sector, INSA gives due to empower institutions to enhance their cyber resilience. Securing the ICT infrastructure and the process needs capable professionals of cyber security. In addition to trained experts in the sector, it is critical that everyone within an institutions to know the impacts of cyber-attack. To develop institutional awareness on cyber security, the role of leaders of institutions is inevitable. These days, a leader of an institution should have at least the awareness of cyber-security and its impacts on institutions.
Last week, INSA organized a national and cross-sectoral awareness creation event, entitled “Leadership during cyber era”. Leaders and senior officials of different institutions, from the finance sector, government organizations service sector, NGOs and civil society organizations attended the cyber-security awareness creation event. Speaking at the opening ceremony of the awareness creation forum, INSA Director-General, Solomon Soka stated that leadership during the cyber era is different from traditional leadership.
Solomon stated that to lead an institution properly, to provide consistent services and to make businesses profitable, leaders of the cyber era should have clear awareness about cyber security. “Without vibrant leaders with cyber security awareness, it is tough to protect the institution from cyber crisis,” he underlined. It is the responsibility of the cyber experts to manage the system, to defend attack attempts and to assess vulnerability of the infrastructure in every institution. But, as to him, to follow the developments properly, to allocate adequate finance to the cyber department and to apply proper institutional cyber governance, institutional leadership cyber awareness is critical.
“Technology creates institutional connections. Financial institutions, banks and service providing institutions are interconnected through the cyber technology. To manage all these activities properly, every leader should have a full knowledge about the technology, its consequences and the solutions for the cyber related crimes,” the Director General stated. As to him, leadership of the cyber era has to go parallel with the development of technologies.
“To develop institutional cyber resilience and national cyber security resilience at national level at large, cyber-aware leadership plays the leading role,” Solomon stated adding that the event organized by INSA focused on institutional leadership cyber awareness creation is the first of its type. For him, the leadership cyber awareness event is part of INSA’s capacity building of institutions, in addition to the formal capacity building trainings for professionals in the sector.
Approached by The Ethiopian Herald, Vice Director-General of INSA, Tigist Hamid on her part said that “human link is the weakest link in cyber security.” She added that most of the cyber-attacks are outcomes of lack of proper knowledge on how to use the technology and how to defend attack attempts. As to her, cyber-attacks are unpredictable and all institutions are prone to cyber-attacks.
“Cyber-attacks are growing and becoming more complex. As all institutions are dependent to ICT to provide services, the leadership should have at least full awareness about the cyber technology to lead the institution properly,” Tigist reiterated. “Leaders are institutional decision makers, they have the capacity to secure or insecure the institution. They have the power to make or break the institution. They have to know their role in securing their respective institutions from cyber-attacks,” she added.
In addition to that, she said, if we want to strengthen the national resilience, it needs strong linkage of institutions in cyber sector. “Technology, process and people are the critical pillars of cyber-security” Tigist noted adding that the leaders’ awareness creation program aims at building the cyber capacity of people. The awareness of leaders of every institution is vital for successful implementation of cyber-security governance at institutional level. In additions to that, she said, as services are interconnected through technologies, institution should work collaboratively in cyber-security.
As services are growingly interconnected, cross sectorial cooperation in combating cyber-attacks and building resilient infrastructure is a timely agenda. Cross-sectoral cyber-security cooperation is unthinkable without the engagement of the leadership. Hence, the leadership during the cyber era has to develop the awareness of the technology to make their businesses profitable and for service sustainability.
“INSA is conducting risk assessments on critical institutions to check the functioning of the cyber security pillars. Though institutions own technologies, there is a gap in process, trained experts and even in attention for the sector. INSA is working to fill the gap. But, to build strong resilience, the national effort should be duplicated in every institution. Empower institutions helps to strengthen the cyber resilience initiatives,” Tigist underlined. In this regard, the leadership’s role is crucial.
According to Tigist, at national level, Ethiopia has Cyber Emergency Response Team (Ethio-CERT) under INSA which is alerted 24 hours. It analysis the cyber-security situation and responds to attacks so as to secure Ethiopia’s cyber space. “We have strong defense capacity at national level.” To strengthen the national cyber resilience, she said, every institution and offices have to build strong cyber security culture and the leadership should take the responsibility in building institutional cyber security culture.
INSA is providing trainings to experts in the cyber sector by preparing customized training modules. In addition, to cultivate cyber talented youths, it started Summer Cyber Talent Camp, which aims at providing training for cyber talented youths. Similarly, INSA is working with higher education institutions to train cyber professionals. “We are working jointly with Addis Ababa University and launched MA and PHD programs in Cyber-security,” Tigist said adding that currently 60 students, both second degree and PhD, are attending their education.
“Almost all cyber experts in the field are trained abroad,” Tigist said. But now, cyber security is being provided in Ethiopia up to PhD level. “We are working on industry-university linkage,” she added.
Every institution is vulnerable to cyber-attacks. Institutions have to always be alert to secure their infrastructure by building their resilience. The cooperation of experts and leaders within an institution, strong cyber governance policy within institutions and strong cross-sectoral collaboration are critical in combating cyber-crimes. To build strong cyber resilience within institutions, the leadership should give serious attention for the sector.
BY DARGIE KAHSAY
THE ETHIOPIAN HERALD FRIDAY 11 AUGUST 2023
