Unlicensed cyber security providers can’t operate from Jan. 2023
Effective January 2023, cyber security service providers, cyber security establishments and cyber security professionals who fail to register and obtain licences from the Cyber Security Authority (CSA) cannot provide services for any entity or individual.
This follows the strict enforcement of a mandatory licensing regime for cyber security professionals by January next year as part of measures to sanitise Ghana's cyberspace.
Firms and individuals who fail to comply with the directive will attract both criminal and administrative sanctions.
This came to light in a speech read on behalf of the Director-General of the CSA, Albert Antwi-Boasiako, by the Deputy Manager in charge of International Cooperation at the authority, Emmanuella Darkwah, at the opening of a national roundtable on addressing Ghana's cyber security capacity needs
The event, held yesterday, was organised by the Media Foundation for West Africa (MFWA), with support from the Global Partners Digital.
It brought together civil society organisations (CSOs) in the cyber security space, representatives of the CSA, the Ghana Armed Forces, the e-Crime Bureau, the Ghana Telecom University College, Plan International Ghana, Child on-line Africa and media practitioners.
The participants deliberated on the state of Ghana's cyber security arrangements and the steps needed to be taken to bridge any gaps.
The CSA, according to Mr Antwi-Boasiako, was committed to "licensing cyber security service providers and accrediting cyber security professionals in January 2023 in order to attain a higher level of compliance and ensure industry standards, in line with international best practices".
He said Ghana was undertaking key cyber security initiatives and regulatory interventions to ensure a safe cyber security space for all.
"The CSA will continue to work with the private and the public sectors and continuously put in place measures needed to safeguard Ghana's digital journey and ensure people's cyber experiences are safe," he said
Mr Antwi-Boasiako indicated that the cyber security incident reporting point of contact platform had, from the beginning of this year to date, received 13,037 reports.
Out of the total number of reports received, only 559 were related to cyber security issues, with the rest being prank or related to other issues, he said.
The platform, he said, which was created in 2019, allowed the people to reach a response team of the authority to report cyber crime incidents.
"This platform has been helpful so far. It has bridged the gap between the authority and the citizenry. Ghana is one of the few countries with such a platform," he said.
Cyber security, he said, had become an important component of security in the wake of the increasing reliance on information technology and digitalisation.
He further indicated that the authority continued to build capacity and raise awareness of cyber security-related issues on children, businesses and government institutions.
The Executive Director of the MFWA, Sulemana Braimah, said Ghana, in recognition of the threat cyber security posed, had passed the Cyber Security Act, 2020 (Act 1038) to help in cyber security development and in response to cyber security challenges.
The law, he said, was also to safeguard the citizenry and properties within the cyber security ecosystem.
He said it was important to educate the public to ensure they understood the provisions of the law, their rights under the law and how they could protect themselves as they engaged within the digital and cyber spaces.
He said the MFWA continued to collaborate with organisations such as the National Security and the Data Protection Agency on awareness creation on cyber security issues among the citizenry.
"We collaborate to bring issues relating to cyber security to the doorstep of the people and empower them to understand the issues," he said.
Such education, he said, created awareness of the "steps that people must take to protect themselves and the steps they must avoid in order not to render themselves vulnerable to the issues of cyber security".
The CSA was established in 2020, following the passage of the Cyber Security Act, 2020 (Act 1028)
The act received Presidential assent on December 29, 2020.
Among other responsibilities, the authority has the mandate to regulate cyber security activities in the country, promote the development of cyber security in the country and provide for related matters.
The CSA also has the authority to accredit cyber security professionals and practitioners, provide certification for cyber security products, technology solutions, as well as set the framework for cyber,security standards, enforcement and education.
Also, it is the authority’s responsibility to organise cyber security public awareness, and it has the power to revoke the licences of accreditation and certification.