The AU Draft Convention on Cybersecurity and related activities

Commonwealth Telecommunication Organisation, 

Cybersecurity Forum 2013 

Yaoundé, Cameroon, 22-26 May 2013 

African Union Perspectives on Cybersecurity and 

Cybercrime Issues: 

<strong>The</strong> <strong>AU</strong> <strong>Draft</strong> <strong>Convention</strong> on Cybersecurity and related 

activities 

Auguste YANKEY (Mr.) 

<strong>AU</strong> Commission 

Email: yankeyka@africa-union.org 

Website: www.<strong>AU</strong>.int

OUTLINE 

• Cybersecurity and Cybercrime issues: 

Introduction and overview 

• Cybersecurity and Cybercrime in the <strong>AU</strong>C 

• <strong>AU</strong> Perspectives on Cybersecurity and Cybercrime 

Issues 

2

FACTS AND FIGURES 

• Almost two thirds of all adult web users globally have fallen victim to some 

sort of cybercrime, from spam email scams to having their credit card details 

stolen. (the 2011 Norton Cybercrime Report: <strong>The</strong> Human Impact study) 

• <strong>The</strong> study, of over 7,000 Internet users found that 80% of people believed the 

perpetrators would never be brought to justice. Fewer than half ever bother to 

report the crime to police. 

• Africa: the fastest development of mobile banking and money. 

Ex: Kenya with M-Pesa: 70% of adult transfer money each other by mobile 

means USD 320 million, almost a quarter of Kenya’s GNP. 

• Africa is currently the social network’s fastest growing continent. <strong>The</strong>re are 

also local success stories such as South African social network, MXit which 

currently has more than two times the number of Facebook users in South 

Africa. 

3

FACTS AND FIGURES 

• <strong>The</strong> growth rate of cyberspace has been enormous, roughly doubling every 100 

days. 

• Cybercrime in Africa is growing faster than any other continent. 

• Out of the top ten countries in the world with a high level of cybercrime 

prevalence, Africa is host to four of these countries (Nigeria, Cameroon, Ghana 

and South Africa). 

• Africa = 2% of world trade but 10% of Cybercrime attacks (ITU) 

4

Internet Development 

5

<strong>The</strong> term 

“cybercrime” is 

usually referred to as 

any criminal offense 

committed against or 

with the use of 

a computer or 

computer network 

A set of activities and 

other measures, 

technical and nontechnical 

intended to 

protect data, 

information and 

information systems 

from unauthorized 

access, use, disclosure, 

disruption, 

modification and 

destruction. 

What does Cyber…refer to ? 

Virtual world of 

information 

networks. <strong>The</strong> 

global 

information 

space. <strong>The</strong> 

digital era. 

is a term used 

to describe the 

legal issues 

related to use 

of ICTs, 

particularly 

cyberspace 

6

• Core function: 

Cybersecurity and Cybercrime issues in the <strong>AU</strong>C 

“<strong>The</strong> Information Society Division” 

– Enhancing the development of African ICT Networks between and among 

regions and at the international level (Pan-African e-Network +VSAT 

projects). 

– Establish effective institutional linkages and essential mechanisms for 

cooperation and coordination in ICT fields. 

– Provide <strong>AU</strong> Member States with the necessary capacity and tools for 

harnessing the Information Society for continental integration & 

development. 

– Promotion, coordination and harmonization of telecommunication, ICT and 

Post Policies and Regulation for an inclusive African information society . 

7

<strong>AU</strong> Challenges face to Cyber security/crime 

Low capacity systems that increases the vulnerability; 

Low technical capacity and human capacity building IT skills. 

Systems poorly made and poorly managed. 

Relay for attacks (bandwidth consumption, server downtime ...) 

Proliferation of cyber centres without legal framework 

against users' perpetration and the protection of the others 

Fear of e-commerce and its impact on the development 

lack of protection mechanisms at local and regional level 

Unemployment of young graduates 

8

<strong>AU</strong> response to Cybersecurity and Cybercrime 

Many regional conferences, forums and workshop ( i.e. 

the 1st African regional forum on cybersecurity, Yamoussoukro, 

11/2008, 1 st African Internet Governance Forum, Cairo, 10/2012) 

<strong>Draft</strong>ing of an African Union <strong>Convention</strong> on the 

confidence and security in Cyberspace. 

9

Legal framework-1 

<strong>AU</strong> <strong>Convention</strong> on the Confidence 

and security in Cyberspace 

<strong>The</strong> Oliver Tambo Declaration (Ext/CITMC/Min/Decl.(I) Johannesburg, South-Africa, 

5 Nov. 2009) 

Adoption of the resolution 

<strong>The</strong> 14th <strong>AU</strong> Summit of Head of State and government Declaration 

on “Information and Communication Technologies in Africa: Challenges and Prospects for 

Development” ([Assembly/<strong>AU</strong>/11(XIV)], Addis Ababa, Ethiopia, 31 January - 2 February 2010) 

Endorsement of this resolution 

<strong>The</strong> Abuja Declaration, CITMC-3 ([<strong>AU</strong>/CITMC/MIN/Decl.(III)], Abuja (Nigeria), 03-07 

August 2010. 

Confirmation of this resolution 

We, African Ministers in charge of CIT, request the <strong>AU</strong> Commission to “Jointly finalize with the 

United Nations Economic Commission for Africa, within the framework of the African Information 

Society Initiative (AISI), the <strong>Draft</strong> <strong>Convention</strong> on Cyber Legislation and support its implementation 

in Member States by 2012”; 

10

Legal framework -2 



<strong>The</strong> Khartoum Declaration (<strong>AU</strong>/CITMC-4/MIN/Decl.(IV)Khartoum, <strong>The</strong> Sudan, 

2-6 September 2012 

Endorsement of the <strong>AU</strong> Final <strong>Draft</strong> <strong>Convention</strong> on Cyberlegislation 

by the 4 th Ministerial Conference of the African Union Ministers in charge 

of Communication and Information Technologies (CITMC-4) 

11

Objective and goal 



Its objective is to harmonize e-legislation related to e-transactions 

development, personal data protection, cyber security promotion and fight 

against cybercrime. Particularly: 

Define key cyber terminologies in legislation 

Develop general principles and specific provisions related to cyber legislation 

Outline cyber legislative measures required at Member State level 

Develop general principles and specific provision on international cooperation 

as related to cyber legislation 

Its ultimate goal is eminently protective given that it is geared to protecting: 

Institutions against the threats and attacks capable of endangering their 

survival and efficacy; 

<strong>The</strong> rights of persons during data gathering and processing against the threats 

and attacks capable of compromising such rights. 

12

Strategic Orientations 



<strong>The</strong> <strong>Convention</strong> defines a legal mechanism based on the following five strategic 

orientations: 

1. It spells out the options for an African Union wide cyber security policy; 

2. It lays the foundations for an African Union wide cyber ethics and enunciates 

fundamental principles in the key areas of cyber security; 

3. It organizes electronic commerce, electronic signature and electronic publicity; 

4. It organizes the legal and institutional framework for protection of personal data; 

5. It lays the foundation for a penal cyber law and a penal procedure for the 

treatment of cyber crime. 

13

Expected results 



Definitions on key cyber terminologies in legislation 

Harmonised cyber legislation and provisions for the African Union 

14



<strong>The</strong> <strong>Convention</strong> main parts 

PART I: ORGANIZATION OF ELECTRONIC COMMERCE 

PART II: PROTECTION OF PERSONNAL DATA 

PART III: COMBATING CYBER CRIME 

PART IV: COMMON AND FINAL PROVISIONS 

webpage for the <strong>Draft</strong> <strong>Convention</strong>: 

www.au.int/cyberlegislation 

15

PART III: COMBATING CYBER CRIME 

Section 1: Terminology 

Electronic communication, Computerized data, Racism and xenophobia in information 

and telecommunication technologies, Minor, Child pornography, Computer system, 

Exceeds authorized access, Damage 

Chapter 1: National cyber security framework 

• National policy 

• National strategy 

Chapter 2: Legislative measures 



• Legislations against cybercrime 

• National Regulatory authorities 

• Rights of citizens 

• Protection of critical information infrastructure 


16

PART III: COMBATING CYBER CRIME (Cont’d) 

Chapter IV: National cyber security monitoring structures 

• Cyber security governance 

• Institutional framework 

Chapter V: International cooperation 

• Harmonization 




17

PART III: COMBATING CYBER CRIME (Cont’d) 

Section II: Material penal law 

Chapter I: Offenses specific to ICTs 



• Attack on computer systems 

• Attack on computerized data 

• Content related offenses 

• Offenses relating to electronic message security measures 

Chapter II: Adapting certain ICTs offenses 

• Violation of property 

• Criminal liability for corporate persons 

Chapter III: Adapting certain sanctions to the ICTs 

• Penal sanctions 

• Other penal sanctions 

• Procedural law 

• Offenses specific to Information and Communication Technologies 

18

<strong>AU</strong> Perspectives on Cybersecurity 

and Cybercrime Issues. 

I. Policy, Legal, and Regulatory Enabling Framework. 

II. Awareness and Capacity Building. 

III. Response and Recovery Mechanisms. 

19

I. Policy, Legal, and Regulatory Enabling 

Framework 

1. Development of National Cyber-Security Legislation; 

2. Implementation of <strong>AU</strong> Cybersecurity <strong>Convention</strong> 

Implementation status 

1. A draft <strong>Convention</strong> on Cyber Security has been developed (2010-11) 

2. Regional Workshops have been organized on Cyber Legislation and on the <strong>AU</strong> <strong>Draft</strong> 

<strong>Convention</strong> on CyberSecurity: 

a. ECCAS: Libreville, Gabon, November 2011 

b. ECOWAS: Abidjan, Côte d’Ivoire, February 2012 

c. Tripartite [COMESA, SADC, CEAC] + UMA (Northern Africa): Addis-Ababa, 

ETHIOPIA, June 2012 

3. Final Expert Group meeting to finalize the <strong>Draft</strong> <strong>Convention</strong> before the CITMC-4 

Addis-Ababa, Ethiopia, August 2012 

4. Endorsement by the Conference of African Ministers in Charge of Communication 

and Information Technologies (CITMC-4) in Khartoum, the Sudan, September 2012 

20

VALIDATION 

TRANSLATION 

VALIDATION 

ENDORSEMENT 

LEGAL 

VALIDATION 

VALIDATIO VALIDATION 

ADOPTION 


Framework 

Adoption process of the <strong>Convention</strong> by the <strong>AU</strong> HoSG 

• Validation Workshops (RECs, national 

experts, independent resource persons) 

• Translation into <strong>AU</strong> 4 languages 

• By the Telecom/ICT experts meeting and 

endorsed by the CITMC 

•By the <strong>AU</strong> legal experts meeting and endorsed by 

the Conference of <strong>AU</strong> Ministers in charge of Justice 

• Submission to the Executive Council for transmission to the <strong>AU</strong> 

Assembly of Heads of State and Government for adoption. 

21


Framework 

<strong>AU</strong> draft <strong>Convention</strong> 

22

II. Awareness and Capacity Building 

1. Development and distribution of toolkits to 

facilitate the ratification of the <strong>AU</strong> <strong>Convention</strong> on 

Cybersecurity 

2. Organize and/or participate in workshops for 

capacity building and Heightened awareness and 

capacity to facilitate the development of national 

cyber security legislation and in each <strong>AU</strong> MS; 

With UNCTAD 

With US DoJ, CoE, UNODC 

23

III. Response and Recovery Mechanisms 

• Facilitate the setting up of National CERTs to contribute to 

the continental and global cooperation and fight against 

cybercrime 

1. National CERTs 

2. Regional CSIRTs (in collaboration with RECs) 

3. Cybersecurity Unit within the <strong>AU</strong>C 

24

THANK YOU FOR 

YOUR ATTENTION 

*** 

Auguste YANKEY (Mr.) 

<strong>AU</strong> Commission 

Email: yankeyka@africa-union.org 

Website: www.<strong>AU</strong>.int/infosoc 

25

The AU Draft Convention on Cybersecurity and related activities

Create successful ePaper yourself

Delete template?

Save as template?