Accra, March 24, GNA – Dr Albert Antwi-Boasiako, the Director-General of Cyber Security Authority, says the Authority has activated the process of licensing and accreditating corporate entities and personnel effective March 1 till September 30, 2023 for existing institutions and professionals.
He said after expiration of the September 30 deadline, it will be illegal to offer Cybersecurity Services in Ghana without a licence, in pursuant of Section 49 (1) of Act 1038.
Dr Antwi-Boasiako noted that the accreditation of Cybersecurity Professionals will further guide development of the cybersecurity profession in the country, and make it possible to create the necessary incentives to develop the profession.
Dr. Antwi-Boasiako said this in Accra when he delivered the keynote address at the 2023 Chief Information Security Officers Summit.
He explained that the Authority would soon create a Registry of accredited Cybersecurity Professionals (CPs) and that the database of those professionals would be accessible to the public via its website as part of the accreditation process.
“This will provide visibility and direct credibility to accredited Cybersecurity Professionals,” he added.
Dr Antwi-Boasiako indicated that accredited CPs could also be selected by the Authority as Independent Assessors to be part of its team to conduct regulatory assessments and audits.
“We do hope that with the accreditation, we can provide regulatory guidelines on fees and charges by CPs, similar to what the Ghana Bar Association does to guide charges by lawyers,” he explained.
He believed that the accreditation of CPs would also contribute to the establishment and the operations of the Industry Forum, which is to be established under Section 81 of Act 1038.
In that regard, he said, the Authority would engage further with the industry to identify and promote relevant practices, which would inure to the benefit of accredited CPs.
Dr. Antwi-Boasiako applauded industry bodies like ISACA and ISC and urged them to continue to play a significant role in promoting cybersecurity skills development and standardisation.
He, however, stated that the cybersecurity industry, like any serious profession, needed to be regulated to prevent infiltration of fake ones.
“There is the need at the national level to regulate individuals, irrespective of which industry body they belong to, therefore, we entreat all, including Chief Information Security Officers to go through the accreditation process,” he advised.
“The licensing of Cybersecurity Service Providers (CSPs), and accreditation of Cybersecurity Establishments and Cybersecurity Professionals is another regulatory focus of the Cyber Security Authority,” Dr Antwi-Boasiako stressed.
He emphasised the need to develop the industry through the adoption of best practices and standards, hence national security considerations were driving such regulatory activities.
“It is the expectation of the Authority that only persons and institutions which are demonstrably qualified and are in good standing will undertake critical services.
“Beyond the technical and professional competency, the fit-for-purpose tests in cybersecurity also include professional integrity and positive background information,” he said.
He said once the accreditation timeframe elapsed, institutions and individuals without accreditation would not be able to offer their services.
The Authority, he said, was currently implementing a number of regulatory activities including the Protection of Critical Information Infrastructures, Accreditation of Sectoral Computer Emergency Response Teams (CERTs), Licensing of Cybersecurity Service Providers, Accreditation of Cybersecurity Establishments, and Accreditation of Cybersecurity Professionals.
For instance, he said, the Cybercrime/Cybersecurity Incident Reporting Points of Contact (PoC) which was launched in October 2019 by the Authority to provide public with multiple avenues and channels for reporting cyber-related incidents, has so far received 37,468 contacts from October 2020 till date, with about 33,841 contacts being Direct Advisories, given to the public.
In accordance with Section 44 of the Cybersecurity Act 2020 (Act 1038), Sectoral Computer Emergency Response Teams (CERTs) are being established to facilitate effective cybersecurity incident coordination and response in all the critical sectors of Ghana’s economy.
“Currently, most companies do not report such incidents. As a result, it’s almost impossible to know how many cyberattacks there are, and what form they take,” he said.
” It is unacceptable for a country like Ghana to allow such practices to go on. If we can’t detect and measure what we are faced with on daily basis, then we certainly cannot manage it,” he stressed.
The Authority, therefore, as part of its mandate is going to enforce Section 47 of Act 1038 as part of the Computer Emergency Response Teams regulations.
The CISO summit was a platform to have a mutually beneficial conversation to significantly contribute to improving cybersecurity development in Ghana.
It brought together Senior Managers, IT experts, and Information Security Officers to discuss the current developments in the industry and how they impact on the profession.
GNA