I call “bull.” African botnets are not WMD, and the solution to African botnets is not to prosecute the lucky few who have computers there. Franz-Stefan Gady is completely out of touch with the realities of IT in Africa. The last thing African governments need is shunt scarce resources into prosecuting cyber criminals, particularly within their own borders. Please do something more useful with whatever resources you have: support export industries, build infrastructure, build a call center or an export processing zone, make jobs, and provide education and health care.
Honestly. Beefed up law enforcement? Where does Gady think most infections in Africa originate? Why would he presume that the botnets are home-grown?
Governments should find ways to make legitimate software available at prices users can afford. That means not taxing software imports, encouraging the use of free and open source software, and ensuring broadband access. Yes, greater bandwidth, and not less bandwidth, is crucial to safer computing. Bandwidth will give end users access to security updates and current virus databases that are prohibitively difficult to download when connections are slow.
Improved cyber security will come from responsible use of computers, not prosecution of abusers. The problem for African governments is to protect their users from cyber crime. They cannot and should not expect to administer people’s computers for them. Who among us would trust the government to install our anti-virus software for us? Not I, thank you very much. The key is to create market conditions where everyone can afford safe software.
In many countries, cracked versions of name brand, expensive software are the norm. When you need a new copy of MS Office, or Adobe Illustrator, or SPSS, or FinalCutPro, you simply walk down to the local CD shop and pick up warez for pennies on the dollar. No one who has travelled widely will dispute that this is the reality–particularly in the segment of the market where infections are highest. Nobody knows what has been packaged with these cracked warez, and no one can be sure that security patches will be available to these users.
Moreover, most African countries (with some exceptions, such as Egypt and South Africa) lack the legal infrastructure they would need to prosecute, let alone stop, the rapid increase in cybercrime. Nor is there much coordination between countries on how to deal with cybersecurity, despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held in Tunis in 2009. Promises made to develop national cybersecurity strategies and better monitor the crime will likely fall flat on a lack of funding.
There are a few bright spots in this dismal picture. Some African countries really have made headway, at least on a national level. Tunisia, for example, drafted a national cybersecurity strategy and specific legislation for electronic identification, and has been able to create the first national security institute in Africa. Nigeria, home of the infamous “419″ scam, so named for the code of law that prohibits it, has developed a national cybersecurity initiative mostly aimed at raising awareness and battling online fraud.
Unfortunately, in cyberspace, the whole is only as strong as its weakest link — and the majority of African countries are downright frail. That fact won’t be lost on skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo. The biggest botnet the world has ever known could be lurking there.
I’m always happy to see cybersecurity in the news. Franz-Stephan Gady’s piece in Foreign Policy makes an important point: the distance between countries is lower online than it is offline. When broadband access comes to Africa, we will face greater exposure to a great number of botnets. But there’s no reason to pick on African botnets, especially given that at present, the connectivity of infected hosts in Africa is so much lower than those in Europe, the Americas, and Asia.