NCC Moves to Develop Cybersecurity Regulatory Framework for Telecoms Sector

Emma Okonji

The Nigerian Communications Commission (NCC), yesterday, in Lagos, organised a stakeholders’ forum to get industry input on its planned cybersecurity regulatory framework for telecoms sector that would promote trust and resilience in addressing the rising cases of cyber threats.

In his keynote address, the Executive Vice Chairman of NCC, Dr. Aminu Maida, gave an overview of the cyber threats and incidents like data breaches affecting the telecoms sector, and the need to address such rising threats through a regulatory framework.

Maida, who was represented by the Executive Commissioner, Technical Services at NCC, Abraham Oshadami, said, “Supported by the World Bank Group, today’s gathering marks a significant milestone in our collective journey to strengthen the cyber-security posture of Nigeria’s communications sector.

“Over the past two decades, Nigeria’s telecommunications industry has witnessed remarkable growth and conservation. From 2.5 million connected lines in 2001, the sector has grown to 172,948,309 active subscribers, of which 141,985,207 are active internet subscribers as of April 2025.

“This exponential growth underscores the sector’s role as a critical enabler for economic development, social innovation, and national transformation. As we continue to expand digital access and deliver connectivity to our commercial communities, we must also be proactive in securing the digital infrastructure and systems that support this purpose.”

According to Maida, while the need for cyber-security was growing, the increasing complexity of the digital ecosystem came with heightened vulnerability.

“Cyber-threats such as malware, ransomware, phishing, distributed denial of service (DDS) and insider threats are all evolving rapidly. The communications infrastructure, which forms the core of Nigeria’s critical national information infrastructure, remains the high-value target for cybercriminals and hostile partners,” he said.

He, therefore, said it was against this background that the NCC initiated the development of a comprehensive cyber-security framework for the communications sector.

Maida listed the primary objectives of the framework to include promoting a unified and resilient cyber-security protocol across the communications industry, enhancing the protection of telecom infrastructure from cyber-attacks, and securing consumer data, privacy, and trust in digital services, among others.

Chairman, Cybersecurity Framework Development Committee, BabaganaDigima, gave insight into the development of the communication sector cybersecurity framework and its implementation, with a promise that the framework would be shared among industry stakeholders in few months time.

In a lead paper presentation on the overview of the proposed cybersecurity framework for the telecoms sector, the CEO, Cybernova and Consultant to NCC, Dr. KazeemDurodoye, said the cybersecurity framework, which would be developed for the telecoms operators with supervisory and compliance monitoring responsibilities by NCC would help to systematise information about the telecoms sector in a structured way, which could facilitate a better understanding of common challenges, needs, and priorities of the sector.

According to him, the framework would also examine the communications sub-sector of the economy, and looks at the sector as a system and emphasises internal and external interdependencies, relations, and interactions.

Durodoye said the framework would identify and analyse current gaps in cybersecurity practices, capabilities, and resources, and develop an actionable and feasible roadmap that prioritises improvements to enhance the sector’s resilience and capacity.

He spoke about the framework objectives, standards and guidelines, using simple templates, and highlighted key outcomes of the framework.

This, he said,  included Improvements to cybersecurity governance, regulatory framework, institutional capacity, and cyber risk management, practical measures to boost operational and technical capabilities and cyber capacity,strengthen stakeholders’ cooperation and  information sharing, prioritise actions with greatest potential impact on the cybersecurity maturity of the sector, among other outcomes.