PROTECTING  CRITICAL NATIONAL INFRASTRUCTURE

The impact of executive order on protection of ICT equipment is yet to be felt, argues SONNY ARAGBA-AKPORE

  On June 24,2024,President Bola Ahmed Tinubu signed an Executive Order for the  protection of information and communications technology (ICT) equipment in order to build a robust economy.

Captioned DESIGNATION AND PROTECTION OF CRITICAL NATIONAL
INFORMATION INFRASTRUCTURE ORDER, (CNII)2024, the order derives its power from Cybercrime Act of 2015.
Specifically,this is In exercise of the powers conferred on the President by section 3 of the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (as amended), and all other powers enabling him in that behalf.

“The objectives of this Order are to designate certain Information and Communications Technology
systems (ICT), networks and infrastructure operating in Nigeria, as Critical
National Information Infrastructure (CNII) ,
develop cohesive measures and strategies for the security and
protection of CNII, and ensure their continued operation.
The order specifies adoption and proactive holistic approach in the identification, security
and protection of CNIl;
reduce to the barest minimum, incidences capable of damaging,
disrupting, or interfering with the operation, functionality, or integrity of
CNII .

The order is essentially to ensure the effective functioning of ICT systems, networks, and

infrastructure, which are critical to driving national imperatives, economic
development, national security and defense, public health and safety, and
government operations.
It lists Computer systems, networks, and communication infrastructure acquired, installed, deployed, and operated in sectors of the Nigerian economy as in the Schedule to this Order as critical and are hereby designated as CNII.
But beautiful as the document is,its impact is yet to be felt.

In spite of the good intentions thereto,

not much has been done or heard in this regard as it appears the document appears confined to government archive as one of those policies that have good intentions but remain slow in implementation.

Strangely,nobody is even talking about it and industry players are worried.
As for the Cybercrime Act from where this order was derived,very little has come from there too except pockets of arrests and prosecution especially of persons who may have alleged to have carried out cyberstalking and others.
The CNII order requires strong implementation especially if we intend to build a resilient and robust economy and sustain and protect  telecommunications infrastructure,grow the ICT sector to improve on the Gross Domestic Product (GDP) among others.
Not much has been heard or implemented since 2024 when the order was signed and it is worrisome that such a beautiful policy is allowed to rot away in the back waters of governance.

  CNII refers to interconnected systems; networks that are indispensable for the functioning of the nation’s economy, security, public health, and general safety. These information infrastructure ensures seamless communication, data storage, and operational continuity in both private and public sectors. 

Examples of CNII include telecommunications networks, financial systems, transportation management systems, national power grids, national identity management system among others.

Disruption to any of these systems could result in significant economic losses and distress.

Legal experts explain that Office of the National Security Adviser (ONSA )is tasked with leading efforts to protect CNII by collaborating with relevant stakeholders to establish a Trusted Information Sharing Network (TISN) that would encourage the exchange of information across various sectors of the Nigerian economy.   

  The Order also empowers the ONSA to conduct regular audits and inspections of CNII to ensure compliance with applicable laws, guidelines, and rules.

  Additionally, the ONSA in collaboration with relevant CNII stakeholders is required to develop and implement a Critical National Information Infrastructure Protection Plan (CNIIPP) and other measures to prevent unauthorized access, theft, vandalism, destruction, and unlawful interference with the operation of CNII.

 This is to minimize risks and reduce incidents that could disrupt or compromise the functionality of this CNII.

Pursuant to the Act, individuals who commit offences against CNII, specifically, unauthorized access, tampering, or interference with CNII, shall upon conviction be liable to imprisonment for up to 10 years. Where such acts result in grievous bodily harm to individuals, the imprisonment terms extend up to 15 years. In cases where such offences lead to the loss of life, offenders are liable to life imprisonment.

    The designation of telecom infrastructure as a critical national infrastructure may not address the challenges of vandalism except the government displays the political will to enforce the Order.

The immediate past government had  approved and also directed that necessary physical protective measures be put in place to safeguard telecommunications infrastructure deployed across the country.
The  presidential directive, mandated Office of the National Security Adviser (ONSA), Defence Headquarters (DHQ), Nigeria Police Force (NPF), Department of State Services (DSS), and the Nigeria Security and Civil Defence Corps (NSCDC),to ensure protection of the infrastructure and were  properly notified of the President’s directive and were expected to enforce same as directed.
But very little was done because this had  no impact as vandalism of the infrastructure remained a daily occurrence across the country to date.
That is why this government should sum up the political will to implement this Executive Order, safeguard the infrastructure and fuel the economy.

Aragba-Akpore is a member of THISDAY Editorial Board