Memo to the Nigerian President on Rescoping Domestic Cybersecurity Programme.

A response from Mr. Akeem Ajijola, Chairman CS2 and Chairman AU Cybersecurity Expert Group.

“The article highlights key challenges Nigeria faces in its current cybersecurity strategy, as evidenced by its slipping rank in the ITU’s Global Cybersecurity Index 2024. The analysis underscores the country’s security-driven approach as inadequate, suggesting a shift toward a civilian-led, multistakeholder model that would foster innovation, international cooperation, and public trust.

While the article presents a strong and well-structured argument, there are a few areas that could warrant a slightly different set of perspectives:

1. SECURITY-CENTRIC VS. CIVILIAN-LED APPROACH: While the article argues for a complete shift to a civilian-led cybersecurity programme, it may underestimate the critical role that security agencies like the Office of the National Security Adviser (ONSA) must continue to play in protecting national infrastructure. While a civilian-led governance model can enhance innovation and trust, maintaining a strong collaboration between security agencies and civilian bodies is crucial. A balance between security and civilian oversight might be more effective than a full transition to civilian leadership alone. I suggest that like many other nations, our security agencies must be at the back-end and are integral members of any multistakeholder ecosystem.
2. INTERNATIONAL COOPERATION AND TRUST: The article claims that a security-centric approach hinders international cooperation, which has been a challenge of government interventions across our nation. Yet some countries with strong security-driven cybersecurity models, like Israel and the US, maintain robust international partnerships – what are they doing that we are missing? Arguably, the focus should be on transparency and legal frameworks rather than exclusively on governance structure. It may not be solely the security-centric approach but rather the lack of clear laws and trust-building measures and robust non-partisan institutions that is limiting international cooperation.
3. FUNDING AND SUSTAINABILITY: The recommendation for a self-sustaining civilian-led agency is sound, and I concur, but sadly may be overly optimistic in our currently developmental stage. Creating a new agency from scratch and ensuring it is well-funded without significant government backing or foreign assistance could be a challenge. A gradual transition with proper funding models in place, including public-private partnerships, would be more pragmatic.
4. CYBERSECURITY TALENT AND RETENTION: While the article acknowledges the risk of losing young cybersecurity talent to cybercrime, it doesn’t fully explore the role of incentives, such as competitive compensation or career development pathways, in retaining this talent. Addressing this issue could complement the broader reforms proposed. We must also appreciate the bigger picture of leveraging the cybersecurity ecosystem as a societal profit centre that generates, jobs, wealth, and taxes.

The emphasis on fostering collaboration between the government, private sector, and civil society is particularly actionable, as it aligns with global best practices. The call for immediate presidential intervention to restructure the current programme is both timely and urgent, given the rising cyber threats and Nigeria’s growing digital economy, upon which we are increasignyl dependent.

My take is that the article rightly identifies the need for reform, a more nuanced approach that integrates security agencies in a civilian-led framework and carefully balances immediate national security needs with long-term cybersecurity governance might be more effective.

That said, the Segun in his article provides a strong, well-reasoned argument for reform and offers concrete steps that, if implemented, could substantially improve Nigeria’s cybersecurity posture and economic development.”

About The Author