Cyber Authority introduces licensing regime

BY: Maclean Kwofi
Cybersecurity
Mrs Ursula Owusu-Ekuful (right), Communications and Digitalisation Minister, exchanging pleasantries with some of the dignitaries at the workshop.

THE Ghana Cybersecurity Authority (GCA) has initiated a process to sanitise the cybersecurity space with the introduction of a mandatory licensing of cybersecurity service providers.

With the new regime, an institution or individual must apply for a practising licence from the GCA and be granted after meeting the necessary requirements in order to be recognised as a cybersecurity service provider.

The mandatory licensing, which is backed by the Cybersecurity Act, 2020 (Act 1038), will ensure that there is sanity within the industry in terms of capabilities and acceptable ways of conducting sensitive services in the country.

The Minister of Communications and Digitalisation, Mrs Ursula Owusu-Ekuful, who made this known at a workshop on Cybersecurity Act in Accra on October 11, 2021, observed that the Section 49 of the Act introduced the mandatory licensing for cybersecurity service providers.

The workshop meant for cybersecurity service providers and professionals created a platform that would periodically bring stakeholders from the industry together to discuss matters of common interest to the industry.

“This means to be recognised as a cybersecurity service provider, an institution or individual must apply for a practising licence, be granted that licence if the Cybersecurity Authority is satisfied that they meet the necessary requirements and renew their license after the licence validity period.

“This and other related provisions on the licensing of cybersecurity service providers are detailed in sections 49 to 56 of the Cybersecurity Act, 2020,” she said.

Read: Stakeholders commit to new banking code

Key problem

The minister stated that one key problem that had been prevalent prior to the introduction of Act 1038 was the absence of a standardisation for cybersecurity products and solutions.

She said, “the Act, per section 59, provides that the GCA develops, establishes, and adopts standards necessary for the overall development of cybersecurity in the country.”

“This section further enjoins the authority to enforce the adopted cybersecurity standards and monitor compliance of public and private entities.

“This will ensure that there is a minimum standard which all cybersecurity activities are to conform to in order to prevent the introduction and use of untested solutions which will in turn strengthen our cybersecurity resilience across all sectors,” he said.

Read: Adopt ILO declaration on decent work

Africa’s best

The acting Director General of GCA, Dr Albert Antwi-Boasiako, stated that while the new Act might not address every single cybersecurity problem facing the country, it remained Africa’s best and among the top globally.

He said the provisions on the protection of critical information infrastructure, incident reporting and response, licensing and accreditation, the recognition of industry as a critical component of Ghana’s cybersecurity architecture, as well as regulations on lawful access to data for law enforcement purposes, were some of the areas of which the Act draws its strength.

He observed that cybersecurity regulations had the benefit of protecting the country’s critical systems and its digital infrastructure.

He said provisions in the Act were to support systematic development of the cybersecurity sub-sector of the emerging digital economy.

“Cybersecurity regulations which Ghana has adopted through the passage of Act 1038 are to protect you as practitioners and the industry as a whole,” he said.

Read: Ghana School Feeding Programme hailed as trailblazer in Africa

Critical role

The DG stated that service providers and professionals had a critical role to play in ensuring that the provisions and regulations set in the Act were implemented as effectively as possible through collaborative efforts.

“To paraphrase the President, we should be active participants rather than spectators regarding the implementation of the Act. Indeed, many of you have reached out to us to offer support even without monetary expectations,” he said.

He explained that Section 81 of the Cybersecurity Act establishes an industry forum which provides a platform that brings the industry together to discuss matters of interest.

“In order words, the Act makes provision for cybersecurity professionals to be active participants in our cybersecurity development activities.

“The GCA is committed to engaging with industry through the forum to dialogue, discuss ideas and support Ghana’s quest to secure our digital transformation,” he said.