ITU Council 2008: High Level Segment (HLS) - Statement by H.E. Dr. Benjamin Aggrey Ntim, Minister of Communications, Ghana

High-Level Segment (HLS) of Council 2008

Geneva, 12-13 November 2008

Statement by H.E. Dr. Benjamin Aggrey Ntim, Minister of Communications, Ghana

Session 2: Managing cyberthreats through harmonized policies and organizational structures

Mr. Chairman,
Secretary General of ITU, Dr. Hamadoun Touré,
Colleague Ministers of ICT,
Members of Council,
Officials of the ITU,
Distinguished Ladies and Gentlemen,

I wish to congratulate you, Mr. Chairman, on your election to chair this session of ITU Council and also to wish you every success in the performance of this onerous duty which is very crucial to the overall effectiveness of the ITU.

I am grateful for the invitation to address the High-Level Segment and I wish to thank through you Mr. Chairman, the Secretary General and the dedicated team at the ITU for the elaborate arrangements and cordial reception extended to me and my delegation since our arrival in Geneva.

The leadership of the ITU has performed magnificently to spread the benefits of the Information Age to all nations of the world. This leadership role in promoting global ICT for development is evident in all spheres of human endeavour and we encourage the Secretary General and the Directors of the various Bureaus to continue with the good work and help make the world a peaceful place of happiness for humanity.

For us in the developing world, the ITU’s objective to help bridge the Digital Divide between our countries and the developed world; as well as, within our countries, provides a shining light that continues to guide us, as policy-makers and regulatory authorities, in our daily responsibility to the good citizens of our countries. Together and with the support of the ITU, we are confident to meet and surpass all the targets we have set for the realisatiion of the Information Society in our countries.

Mr. Chairman, we are particularly impressed that the present focus of the ITU is on building information and communication infrastructure, promoting capacity building and developing confidence in the use of cyberspace through enhanced security of the Internet.

This has also engaged the imagination of all the stakeholders of the Information Society and has generated valuable partnerships that are committed to the protection of ICT usage and thereby reinforcing confidence in its use for socio-economic development.

It is in this regard, that we welcome the opportunity of the High-Level discussion to address the management of cyber threats through harmonized policies and organization structures.

I will therefore share with you, the efforts that we in Ghana are pursuing to build confidence in the use of ICT and also protect it from the growing incidences of abuse, which also threaten the security of our country.

What we have learnt so far is that, the level, scale and speed of adoption of ICT for our economic development cannot take place without the necessary modern communications infrastructure and the implementation of a suitable legal and regulatory framework and environment.

Even with our modest improvements in our ICT infrastructure development, we are already encountering threats to the security of the networks undermining the necessary confidence that is required for ICT applications in all spheres of development: in commerce, governance, education, health, agri-business, national security.

Right now in Ghana, we report on the average, the incidence of 82 cases of cyber crimes per month, nearly one thousand cases in a year. The problem is so alarming that if we do not hasten with our deterrent measures, then the entire communications system would be undermined.

Your Excellencies, Distinguished delegates, conscious of the imminent threats to the security of networks and communications because these support numerous services and also carry data and valuable information for Government, businesses and individuals, the Ghana ICT for Accelerated Development Policy addresses issues relating to privacy, data and consumer protection as well as those relating to the security of computer networks and information systems and data contents.

The major components of Ghana’s e-Security programme looks at firstly, the availability of suitably qualified people, then the magnitude of change to existing business processes, and thirdly, the choice of appropriate technology and the need for adoption of specific standards and monitoring them to ensure a balance between opportunity and cost.

Accordingly therefore, the focus of Ghana e-Security policy addresses in turns elements relating to:

Acceptability Use Policy that deals with physical security ensuring that key systems can only be accessed by authorized personnel.
Disaster recovery and incident response that ensures that in the event of a disaster, minimal time will be lost and key data will be retrieved and the system will be up and running.
Critical information infrastructure protection.
Remote Access Policy and also, Ethics Policy defining a culture of openness, trust and integrity in business practice.
Electronic transactions legislation that provides for recognition and admissibility of electronic records and electronic signatures, the recognition of electronic certificates, certification services and automated transactions.
Public service provided by electronic means by a Public body.
Consumer protection containing obligations of suppliers offering goods or services for sale, hire or exchange to consumers on electronic platform.
Provisions on Domain Name registry governed by a Board for the administration and management of the “dot gh” (.gh) domain name space.
Establishment of an Information Communication Technology Tribunal to consider appeals against decisions of the National Information Technology Agency that has just recently been established by law.

Mr. Chairman, Your Excellencies, Distinguished Members of Council, these elements have all been captured in the Ghana Electronic Transactions Bill. Other related Bills that have been reviewed to support the cyber-security initiatives include:

The electronic Communications Bill 2008
National Communications Authority Bill 2008, and
National Information Technology Agency Bill 2008.

These Bills received their first and second Readings in Parliament in October 2008 and passed into law on 11th November 2008.

The formal promulgation of the laws will empower the security and the judicial authorities to enforce punitive measures for crimes perpetrated through our networks. These crimes include stealing, appropriation, charlatanic advertisement and dishonest receiving of electronic data. Further, gaining access to protected computers, obtaining electronic payment medium falsely, electronic trafficking, possession of electronic counterfeit-making equipment are offences. Fraudulent electronic fund transfer, unauthorized access or interception, unauthorized access to devices are also offences. The publication of child pornography by electronic means is also criminalized. Conviction for these offences attracts heavy fines and long terms of imprisonment.

Inasmuch as the Bills were developed through consultation with all stakeholders in the country, there have been some challenges. The major one has been the limited time and resources to be assigned to the cyber-security initiatives.

We appreciate that not all aspects of the policy can be fleshed out within the time frame and concessions will be necessary, and gaps will remain.

Another challenge has been one of resistance to the policy which seeks to constrain users’ activities and behavior. A particular case in point is the response to Government’s call on Telecommunications Service Providers to introduce equipment identity registration and also for them to maintain up-to-date database of subscribers.

Whereas the companies agree in principle the need for the exercise, their cooperation in its implementation is being hampered by their individual suspicions and perception of anti-competition behaviour.

In today's interconnected world of networks, threats can now originate anywhere

Since in today's interconnected world of networks threats can originate anywhere, it has been accepted by the West African Telecommunications Regulators Association (WATRA) to institute this registration exercise to combat phone thefts as well as their use to perpetrate crime.

With the Ministry’s continual consultation with the service providers and the creation of awareness and sensitization to elicit user support and participation, I am happy to announce that the resistance is gradually being overcome.

Mr. Chairman,

With the passage by Parliament of the enabling laws, Government will now proceed to establish complementary institutions and Critical Emergency Response Teams to assist in the implementation aspects of the cybersecurity initiative.

The Ghana Internet Registry will also be formalized with the grant of appropriate Charter with requisite authority to reflect multi-stakeholder involvement in its management.

In conclusion, Distinguished Ladies and Gentlemen, I wish to take the opportunity to convey Ghana’s appreciation for ITU’s past assistance in the development of our policies and regulatory activities.

Considering the enormity of the challenges before us, Ghana looks forward to further assistance from the ITU to support the structures to be established to administer the cyber security programmes.

Thank you.