Blog
Global Voices: GCA Board Member Prof H Sama Nwana - “The security of the Internet is as strong as the weakest links in it.”
We spoke with new GCA Board Member Prof H Sama Nwana as part of our “Global Voices” series of interviews. Here, he discusses his perspectives on digitization across Africa, Asia, and the Caribbean, opportunities and challenges to cybersecurity he sees, how nonprofits like GCA can play a role, and more.
How is digitization evolving across Africa, Asia, and the Caribbean – where you have great expertise – and to what extent are adequate infrastructures being developed there?
Generalizing to developing economies, the figure below shows most/all economies are mainly in one of three stages of digitization:
- the Core: Digital (IT/ICT) Sector, which they have been doing since the early 2000s;
- a Narrow Scope: Digital Economy that has also evolved to the Digital Services Platform Economy (sharing and gig economies); and/or
- the Broad Scope: Digitalized Economy.
From Nwana (2024, forthcoming)
It is broadly fair to say that Africa (Sub-Saharan Africa), Southeast Asia (countries like PNG and PITA States), and most of the Caribbean are still very much engaged in their Core: Digital activities, i.e., the innermost circle of the diagram. Many are still struggling to get their core IT/ICT sectors right.
A few (e.g. Kenya, South Africa in Africa; Indonesia, Malaysia, India in Asia; Cayman, Trinidad & Tobago in the Caribbean) have moved or are moving into the Narrow Scope: Digital economy, i.e., started to do some 2nd concentric circle set of activities.
Very few – if any – have advanced to Broad Scope: Digitalized Economies, e.g. Singapore in Asia – but Singapore is hardly a developing economy!
What opportunities and challenges do you think this creates in terms of cybersecurity?
Whilst the Internet comes with positive externalities, it also comes with negative externalities, particularly cyber harms – pedophilia, child grooming, child sexual exploitation, spam emails, phishing, spyware, CNI threats, botnets, financial scams, mobile money scams, extremism, dark web activities, cybercrime, harmful content, misinformation, disinformation, hate speech – I could go on.
Without GCA’s Vision for the Internet being realized, inequity and division will be the norm on the Internet, and maybe the Internet will evolve into several sub-Internets if the Internet as we know it today is later deemed not to be “trustworthy.” What a terrible outcome this will be!
From your decades of expertise in telecom, media, and technology, what are the biggest challenges to network operators with regards to security and how could GCA’s work in the infrastructure space help mitigate against those challenges?
GCA’s Vision, Mission, and Value Proposition are the answers to many questions I have written about and that I see across emerging markets in Africa, Southeast Asia, and the Caribbean – we truly need “a secure, trustworthy Internet that enables social and economic progress for all.”
Here are the biggest challenges I perceive:
- Lack of Awareness/Sensitivity: By far the biggest challenge is taking the security of the Internet for granted – this undefined and invisible platform that is mostly just there. Most leaders of countries may understand security threats ‘academically,’ but it is only when they are hit that they feel it – e.g. ransomware, DNI taking a country offline, cybercrime, national security threats, etc.
- Lack of Ownership: the nebulous and undefined Internet is owned by no one. It was designed that way. This means no one takes responsibility for the Internet, as no one truly has authority over it.
- Risk of Doing Nothing: A key challenge is how we demonstrate the likely consequences of doing nothing about cybersecurity. To bolt them into action.
- Lack of Knowledge: Even when some countries are minded to act, I observe they tend to not quite know what they have to do. They have to start with (i) properly defining the cybersecurity challenges for their contexts (ii) putting together the laws to do something about them (iii) then build the cybersecurity processes, CERTs, NSOCs, Threats Assessments and Intelligence, etc. – these are non-trivial steps.
- Funding – thanks to problem #1, there are usually challenges to fund cybersecurity and, most important for me, I want general education to make cyber hygiene no different from our everyday personal hygiene.
- A Bifurcated Internet: Open Internet vs. a Surveilled Internet? This – in my view – is already emerging.
These challenges are quite profound to address in developing market countries.
In your opinion, what are the biggest barriers to funders investing in securing the Internet, and supporting the integrity of the internet? How can we help convince funders to invest in this space?
I noted earlier – Lack of Ownership. Indeed, who [with responsibility] truly cares about the “integrity of the Internet?” It reminds me of one of the key reasons statutory regulators are set up. Consumers acting individually will always result in a system with much coordination failure. So governments set up statutory regulators to largely address consumer coordination failure and fight for consumers. SMEs, corporations, and individuals are acting individually to address their cybersecurity needs today. Looking at the whole, there is coordination failure. Coordination failure defines a situation where activities which could have benefited two or more parties do not take place because they fail to coordinate their plans. This is the classic case with the security of the Internet.
The most able take care of their cybersecurity needs on the Internet individually, whilst the least able/knowledgeable have the Internet without much integrity.
The security (and integrity) of the Internet is axiomatically as strong as the weakest links (most vulnerable) in it. Any part of it which is weak makes the Internet as a whole demonstrate diminished integrity.
Investors should and would only invest with some ownership/responsibility model that addresses the coordination failure risk.
Convincing the right funders is key – funders who appreciate the evolution of the regulation of the security and trustworthiness of the Internet as a whole. I get the feeling we are still at the foothills of the “convincing” journey!
You were appointed a member of the Board of the Global Cyber Alliance at the end of last year. What role should nonprofits like GCA be looking to play in making the Internet more secure?
I was truly honored to have been introduced to GCA and even more honored to have been invited to join its Board.
I truly believe only nonprofits like GCA can develop and promote such concepts like Common Good Cyber.
Here is the score:
- Corporations are partial, conflicted, and will take care of their own backyards or interests.
- Governments always have too many other near-term pressing voter concerns to consider – and the trustworthiness and integrity of the Internet is nowhere near the top of their priorities. For the poorer governments, it truly does not rank at all until they suffer cyber breaches – like their electricity grids being taken offline, or a DNS attack taking their country offline. The vulnerability of poorer countries must be spelt out to them, using examples, case studies, etc – from other countries.
- Small and Medium Enterprises (SMEs), who employ the most people worldwide, and consumers would collectively suffer from massive coordination failure.
This leaves nonprofits to carry the burden of a trustworthy Internet – and one with integrity.
References
- Nwana, H. S. (2024), Demystifying Economic Regulation: A Practitioner’s Guide: Theory, Methods and Practice, Glasgow: Strathclyde Academic Media, 480 pages
- Nwana, H. S. (2022), The Internet Value Chain & the Digital Economy: Insight and Guidance on Digital Economy Policy and Regulation, London: Gigalen Press, 400 pages. You may want to check it out: The Internet Value Chain and The Digital Economy: Insight and Guidance on Digital Economy Policy and Regulation (Telecoms, Media & Technology – Digital Economy): Amazon.co.uk: Nwana, H Sama: 9798800751444: Books
- Nwana, H. S. (2014), Telecommunications, Media & Technology (TMT) for Developing Economies, London: Gigalen Press, 550 pages. You may want to check out: http://www.amazon.co.uk/Telecommunications-Media-Technology-Developing-Economies/dp/099282110X