4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, 14-15 March 2016) ICT as critical infrastructure: What's Next For Ghana? Samuel Acquah-Bartels, Regulatory and Government Affairs Specialist, Vodafone Email: Samuel.acquahbartels@Vodafone.com Main crux of Presentation • ICT infrastructure has attained Critical National Infrastructure status • That technological changes make security and trust mandatory • In designing policy Government must emphasise security, trust and privacy • Cooperation and not ‘command and control’ is the way forward in building trust in ICT infrastructure The Challenge of the new age • Value of information and information systems to economies is at an unprecedented high and will continue to be so for a long time. • Information networks/infrastructure have become the drivers and foundations of economies • Trade rules have changed and Economic power has shifted • Jurisdictions are being re-defined by the Cyberspace • In the Communications sector businesses, governments, and individuals’ activities to IP-based systems and networks • The sense of threat and vulnerability is mounting • Pressure is mounting on public and private sectors to assure people about cyber security Critical National Infrastructure • “Those critical elements of infrastructure, the loss or compromise of which could result in: a) major detrimental impact on the availability, integrity or delivery of essential services – including those services, whose integrity, if compromised, could result in significant loss of life or casualties – taking into account significant economic or social impacts; and/or b) b) significant impact on national security, national defence, or the functioning of the state” – UK government Definition • An asset or system which is essential for the maintenance of vital societal functions. - EU Directive on European Critical Infrastructure Why ICT is Critical National Infrastructure • It meets general CNI criteria • All other essential services such as water, gas, electricity, communications and banking –are ICT-dependent. • With this dependency can come vulnerability to system failures, aggressors, criminals etc. Implications • Partnerships between the public and private sectors are essential to maintaining critical infrastructure security and resilience • It is the reason that Telecommunication Companies have raised red flags about the attempt to implement an Interconnect Clearing House (ICH) in Ghana. • Efficient network design will seek to avoid connectivity that creates a single point of failure. • The introduction of the mandatory CLH will expose the entire telecommunications networks to the risk of a single point of failure. • In the unfortunate event of a terrorist attack or any other unforeseen cyber attack affecting the ICH all subscribers including emergency services will be unable to initiate interconnect calls. Trustworthy ICTs and Perception • • • • • • • Perception matters for trust in systems and information trustworthy ICTs must respect citizens' rights and protect their privacy and personal data Privacy and Data protection require that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data Admittedly not all information channelled through our ICT infrastructure is Personal Data but is still Private Trust is contingent on the extent to which subscribers’ Constitutional Human Rights and Statutory rights to be left alone are being upheld The stakes are higher because of the value of personal information--- a whole treasure throve for legitimate and non-legitimate purposes Privacy breaches and system failure will only cause a sense of mistrust and insecurity Six OECD priorities areas: • • • • • • Information Security: Privacy Online: Cross-border fraud: SPAM: Broadband: Digital content: Going forward • ‘Command and control’ or Cooperation between the Private sector and the public sector? • Is there enough Trust in the evolving Mobile financial services and E-commerce? • How much trust will there be in a Ghanaian owned and operated Cloud Computing infrastructure • Have we demonstrated enough resilience for the Internet of Things? • How do we secure Big data against breaches? Trust, but verify! --- Ronald Reagan Thank You!