Cybersecurity Challenges Facing Sub Saharan Africa: Botswana Context
AbstractThe Global Cybersecurity Index (GCI) of Botswana dropped from position 23 in 2014 to position 69 in 2017 with GCI scores of .176 and .430 respectively. The mediocre GCI performance of Botswana resulted in modest GCI scores across all GCI competitive measures namely: legal, technical, and organizational structure, capacity building, and international cooperation. Generally, cybercrime exploits critical infrastructure systems, thereby placing the nation’s security, economy, public safety and health at risk. The absence of a national cybersecurity policy framework that describes the current security posture, identifies and prioritizes opportunities for improvement, and communicates to stakeholders about cybersecurity risk, may exacerbate the delay in the execution of Botswana National Cybersecurity Strategy, which has been under development for more than 3 years. The purpose of this qualitative multiple case study was to explore policy frameworks developing countries use to guide the development of cybersecurity policy and strategies organizations use to safeguard and combat cybercrime. Fifteen senior managers from the University of Botswana, Ministry of Transport and Communication, Botswana Police Service, Attorney General’s Chambers, and representatives from the private sector participated in a focus group interview during the 3rd International Conference on Internet, Cybercrime, and Information Systems hosted by University of Botswana on 1st to 2nd November 2018. Themes that emerged included awareness and training, fast tracking the approval of the National Cybersecurity policy, protecting government ICT infrastructure from incidents of cybercrime, building national computer emergency response teams and national security operations centers with appropriate governance structure, and the development of National Cybersecurity Policy to improve Botswana’s security posture and GCI performance.
. Akuta, E, A-M, Ong’oa, I. M., Jones, C. (2011, March). “Combating cybercrime in Sub Saharan Arica: A discourse on Law, Policy, and Practice”. Journal of Peace, Gender, and Development Studies, 1(4), p. 129-137. Available: http://www.interesjournals.org/JPGDS [October 5, 2018].
. Aycock, J. (2006). Computer Viruses and Malware. Springer Sciences and Business Media, LLC. New York. Available: https://link.springer.com/content/pdf/bfm%3A978-0-387-34188-0%2F1.pdf [February 10, 2019].
. Botswana Communications Regulatory Authority (2013). “Botswana National Broadband Strategy”. Available: http://www.bocra.org.bw/ [October 13, 2018].
. Brewer, R. (2016). “Ransomware attacks: Detection, prevention, and cure”. Network Security Journal, 9, p. 5-6. doi.10.1016/S1353-4858 (16) 30086-1 [November 2018].
. Cassim, F. (2011, January). “Addressing the growing spectre of cybercrime in Africa: Evaluating measures adopted by South Africa and other regional role players”. First International Conference of the South Asian Society of Criminology and Victimology (SASCV) at Jaipur, India from 15–17 January 2011. Available: https://core.ac.uk/ [October 21, 2018].
. Crisanto, C., and Prenio, J. (2017). “Financial stability institute insights on policy implementation No. 2: Regulatory approaches to enhance banks’ cybersecurity frameworks”. Available: https://www.bis.org/ [November 12, 2018].
. De Bruijn, H., & Janssen, M. (2017). “Building cybersecurity awareness: The need for evidence-based framing strategies”. Government Information Quarterly, 34, p. 1-7. doi.10.1016/j.giq.2017.02.007 [October 25, 2018].
. Ekoa, R. & Mungwe, M. (2018, May). “A review of cybercrime in Sub Saharan Africa: A study of Cameroon and Nigeria”. International Journal of Scientific & Engineering Research, 9(5), p. 211- 228. Available: https://www.ijser.org/researchpaper [October 26, 2018].
. Government Gazette No. 39475 (December 4, 2015). “The National Cybersecurity Policy Framework: State Security Agency”. Retrieved from https://www.gov.za/ [October 18, 2018].
. Grabosky, P. N., Smith, R. G., & Wright5, P. (1996). “Crime and Telecommunications No. 59 Australian Institute of Criminology: Trends and Issues in Crime and Criminal Justice”. Available: https://aic.gov.au/publications/tandi/tandi59 [October 1, 2019].
. Hohmann, M., Pinrang, A., Benner, T. (2017). “Advancing cybersecurity: Implementing a principles-based approach”. Available: http://www.gppi.net/publications/data-technology politics/article/advancing-cybersecurity-capacity-building-implementing-a-principle-based-approach [December 13, 2018].
. Homeland Security (2017). “Cybersecurity training and exercises”. Available: https://niccs.us-cert.gov/ [November 23, 2018].
. International Telecommunication Union – Development Sector (2009). “Understanding cybercrime: A guide for developing countries”. Available: https://www.itu.int/ITU-D/cyb/cybersecurity [January, 16, 2019].
. International Telecommunication Union – Development Sector (2017). “Global Cybercrime Index, 2017”. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf [January, 18, 2019].
. International Telecommunication Union – Development Sector (2013). “Cyberwellness profile: Botswana”. Available: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Botswana.pdf [January, 18, 2019].
. International Telecommunication Union – Development Sector (2014). Global cybersecurity index and cyber wellness profiles. Available: https://s3.amazonaws.com/academia.edu [January, 16, 2019].
. International Telecommunication Union – Development Sector (2015). “Global cybersecurity index and cyber wellness profiles”. Available: https://s3.amazonaws.com/academia.edu [December 18, 2018]
. International Telecommunication Union – Development Sector (2017). Global Cybercrime Index, 2017. Retrieved from https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf
. International Telecommunication Union – Development Sector (2018). “Guide to developing national cybersecurity strategy: Strategic engagement in cybersecurity”. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-CYB_GUIDE.01-2018-PDF-E.pdf [January, 18, 2019].
. International Telecommunication Union (2018). ITU/BDT Security Programme: Global Cybersecurity Index Reference Model Ver. 1. Available: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/GCIv3 [March 28, 2019].
. Kaspersky Laboratories (2018). “What is a Spayware?” Available: https://usa.kaspersky.com/resource-center/threats/spyware [January 2019].
. Kaspersky Laboratories (2018). “What is a Trojan Virus?” Available: https://www.kaspersky.com/resource-center/threats/trojans [January 15, 2019].
. Kosseff, J. (2018). “Defining cybersecurity law”. Available: https://ilr.law.uiowa.edu [October 12, 2018].
. Lin, L.S.F. (2018). “An emerging global security threat: Internet and telecommunication fraud crime Available: https://www.diplomaticourier.com/an-emerging-global-security-threat-internet-and-telecommunication-fraud-crime-and-taiwans-response [October 26, 2018].
. Ministry of Transport and Communications (2016, September). “Draft Broadband Strategy”. Available: http://www.uasf.org.bw/wp-content/uploads/2016/10/Draft-National-Broadband-Strategy.pdf [March 28, 2019].
. Morgan, S. (2016). “Cybercrime Costs Projected to Reach $2 Trillion by 2019” Available: https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#4b5c74163a91 [October 25, 2018].
. Muhammad, S. I., & Kiru, M. U. (2017) “A situational analysis on cybercrime and it economic impact in Nigeria”. International Journal of Computer Applications 169(7), p. 19-29. doi: 10.5120/ijca2017914788. [March 5, 2019].
. Mungwe, R. E. M. (2018). “A review of cybercrime in Sub Saharan Africa: A study of Cameroon and Nigeria”. International Journal of Scientific & Engineering Research, 9(5), p. 211-228. Available: https://www.ijser.org/researchpaper [January 17, 2019].
. National Institute of Standards and Technology (April 16, 2018). “Framework for Improving Critical Infrastructure Cybersecurity” [January 2017]. doi:10.6028/NIST.CSWP.0416218 [December 14, 2018].
. Newell, B. (2017). “Cybercrime and digital law enforcement”. Available: https://ci.uky.edu [February 5, 2019].
. Nikolova, I. (2017). “Best practice for cybersecurity capacity building in Bulgaria’s public sector”. Information & Security, 38, p. 79-92. doi:10.11610/isij.3806 [February 26, 2019].
. Osho, O., & Onoja, A. G. (2015). “National cybersecurity policy and strategy of Nigeria: A qualitative analysis”. International Journal of Cyber criminology, 9, p. 120-143. doi: 10.5281/zenodo.22390 [November 21, 2018].
. Perche, P. (2017). “Cybersecurity needs to be seen as strategic issue, not just an IT investment. Fortinet”. Available: https://www.fortinet.com/blog/business-and-technology/report-cybersecurity-needs-to-be-seen-as-a-strategic-issue-not-just-an-it-investment.html [October 23, 2018].
. Rabogadi, T. A. (2017). “Strategies information and communication technology managers use to build employee competencies”. Doctoral dissertation, Walden University, 2017, United States of America. Available: https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=5067&context=dissertations [September 5, 2018].
. Schjolberg, S. (2004). “Computer-related offences”. Available: http://cybercrimelaw.net [ November 22, 2018].
. Semboja, H. H., Silla, B. S., & Musuguri, J. N. (2017). “Cybersecurity institutional framework in Tanzania: A policy Analysis”. Global Scientific Journal, 5(6), 13-28. Available: www.globalscientificjournal.com [November, 17, 2018].
. Shiloh, J., & Fassassi, A. “Cybercrime in Africa: Facts and figures, July 7, 2016. Available: https://www.scidev.net/sub-saharan-africa/icts/feature/cybercrime-africa-facts-figures.html [January 10, 2019].
. Sutherland, E. (2018). “Digital privacy in Africa: Cybersecurity, Data Protection, and Surveillance”. Available: https://ssrn.com/abstract=3201310
. Tafazzoli, T. (2018). Cybercrime legislation. Available: https://www.itu.int/en/ITU-D/Regional-Presence/AsiaPacific/SiteAssets/Pages/Events/2018/ [November 10, 2019].
. Tariq, M., A., Brynielsson, J., & Artman, H. (2012). Framing the attacker in organised cybercrime. 2012 European Intelligence and Security Informatics Conference, 30-37. doi: 10.1109/EISIC.2012.48
. Upadhyaya, R., & Jain, A. (2016). “Cyber ethics and cybercrime: A deep delved study into legality, ransomware, underground web and bitcoin wallet”. 2016 International Conference on Computing Communication and Automation (ICCA). doi:10.1109/CCAA.2016.7813706 [February 17, 2019].
. Yokohama, S. (2016). “Cybersecurity for business experts: An NTT publication for top management”. Available: https:/Cybersecurity_for_Business_Executives2.pdf [September 23, 2018].
. Zou, Y., Zhu, J., Wang, X., & Hanzo, L. (2016). “A survey on wireless security: Technical challenges, recent advances, and future trends”. Proceedings of IEEE, 104, p. 1727-1765. doi:10.1109/JPROC.2016.2558521 [November 20, 2018].
Authors who submit papers with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- By submitting the processing fee, it is understood that the author has agreed to our terms and conditions which may change from time to time without any notice.
- It should be clear for authors that the Editor In Chief is responsible for the final decision about the submitted papers; have the right to accept\reject any paper. The Editor In Chief will choose any option from the following to review the submitted papers:A. send the paper to two reviewers, if the results were negative by one reviewer and positive by the other one; then the editor may send the paper for third reviewer or he take immediately the final decision by accepting\rejecting the paper. The Editor In Chief will ask the selected reviewers to present the results within 7 working days, if they were unable to complete the review within the agreed period then the editor have the right to resend the papers for new reviewers using the same procedure. If the Editor In Chief was not able to find suitable reviewers for certain papers then he have the right to accept\reject the paper.B. sends the paper to a selected editorial board member(s). C. the Editor In Chief himself evaluates the paper.
- Author will take the responsibility what so ever if any copyright infringement or any other violation of any law is done by publishing the research work by the author
- Before publishing, author must check whether this journal is accepted by his employer, or any authority he intends to submit his research work. we will not be responsible in this matter.
- If at any time, due to any legal reason, if the journal stops accepting manuscripts or could not publish already accepted manuscripts, we will have the right to cancel all or any one of the manuscripts without any compensation or returning back any kind of processing cost.
- The cost covered in the publication fees is only for online publication of a single manuscript.