The first ever Internet Infrastructure Security Guidelines for Africa (“the Guidelines”) was launched at the African Internet Summit (AIS2017) in Nairobi, Kenya on 30 May 2017. The Guidelines are developed by the Internet Society jointly with the African Union Commission (AUC) and advances four essential principles of Internet infrastructure security — Awareness, Responsibility, Cooperation, and adherence to Fundamental Rights and Internet Properties. It aims to help African Union States in approaching their cyber security preparedness and is a significant first step in producing a visible and positive change in the African Internet infrastructure security landscape.
Africa has achieved major strides in developing its Internet Infrastructure in the past decade. However, the Internet can’t improve Africans’ lives unless they can trust it. Unfortunately, Africa is not immune from cyber-attacks and other security threats and an increasing number of Africans are becoming fearful of the Internet. The Guidelines will help African countries implement the necessary measures to increase the security of their Internet infrastructure and can play a key role in helping Africa prepare for and respond to the kind of Internet attacks that have recently paralyzed critical public and government services such as hospitals and financial services.
The Guidelines recommend critical actions for stakeholders, which are tailored to the African environment’s unique features: a shortage of skilled human resources; limited resources (including financial) for governments and organizations to allocate for cyber security; limited levels of awareness of cyber security issues among stakeholders; and a general lack of awareness of the risks involved in the use of information and communication technologies (ICTs). They were created with contributions from regional and global Internet infrastructure security experts, government and CERT representatives, and network and ccTLD DNS operators, and in that spirit emphasize the importance of a collaborative security approach as well as the multistakeholder model at the regional, national, ISP/operator, and organizational level to respond to Internet attacks in protecting Internet infrastructure.
These recommendations can play a key role in helping Africa mitigate the increasing cyber security risks. In particular, it advises the first steps that all stakeholders can take to make the Internet more secure; we therefore encourage regional and sub-regional organisations, governments, network operators, universities and private and public organizations across Africa to take action to implement the Internet Infrastructure Security Guidelines.