Critical National Infrastructure Threat Assessment and Protection – Defending Nigeria’s critical assets from cyber threats

Summary

This project is part of the United Kingdom Foreign, Commonwealth & Development Office (FCDO) commitment to build national cyber security capacity and resilience to cybersecurity threats in five middle-income countries. The UK Government’s Digital Access Programme provides support through: Government-to-Government technical assistance; cyber hygiene training; public awareness-raising; and research. It aims to reduce the impact of cyber harms on their governments, economies and citizens – particularly amongst groups vulnerable to online exploitation.

Details

Aim

To improve Nigeria’s Office of the National Security Adviser (ONSA) Critical National Infrastructure (CNI) regulation by developing a framework for identifying its CNI and protecting it from cyberattacks and to develop a new operating model. The beneficiaries of the project are predominantly the Office of the National Security Advisor (ONSA) and Nigerian CNI providers (Financial Services, Telecommunications and Defence).

Context

When a critical national infrastructure (CNI) asset fails, the impact of losing the service it provides, such as electricity or water, can be devastating, especially for vulnerable groups. Previously, Nigeria had no central regulator and so lacked a single consistent approach to regulating its CNI. The government’s understanding of what constituted its CNI was relatively under-developed, as was its appreciation of the cyber threats posed to those assets and how to mitigate them.

Outcomes

The Office of the National Security Advisor (ONSA) has increased their understanding of CNI regulation with a better understanding of the current position as well as knowledge of best practices. They are able to develop a new regulatory operating model.

Outputs

• A threat analysis report, examining sector specific threats to Nigeria;
• National cyber risk assessments for three sectors, piloting an approach that can be replicated across all Nigerian CNI providers;
• An assessment of current Nigerian CNI regulation, providing a review of how CNI is regulated;
• A cyber resilience exercise with leading CNI stakeholders;
• A report on international CNI regulation good practice;
• Functional requirements report for CNI regulation.

Activities

• Consolidated international regulation best practice and analysis of sector-specific threats to CNI providers,
• A simulation exercise with a CNI sector to understand its current procedures for coordinating its response to a cyber attack,
• Developed the functional requirements for the operation of Nigerian CNI and an implementation plan, designed to help ONSA achieve its CNI regulation objectives,
• The UK Home Office trained ONSA and providers from three CNI sectors in how to complete a national cyber risk assessment. (Building this capability will allow Nigeria to run its own future assessments of how CNI providers are managing cybersecurity risk and to identify where improvements could be made).