The State of Cybersecurity in Africa: The Chinese Effect

Introduction

In Africa, core services such as communications, electric grids, transport systems, health services, and smart cities, are increasingly dependent on cloud services. With an estimated 500 million Internet users, Africa has one the fastest growing telephone and Internet networks in the world.[1] It has resulted in an equally rapid expansion of cyber-crimes and the need to integrate cybersecurity into business strategy and policy considerations.

This also makes the region a priority hotspot for the expansion of foreign platforms looking to expand their user bases. The new African Continental Free Trade Agreement is set to create the largest free trade area in terms of the number of member nations – 54;^[2] connecting over 1.3 billion individuals, with a total gross domestic product (GDP) of USD 3.4 trillion;^[3] and possess a predicted total personal and commercial expenditure of USD 6.7 trillion.^[4]

Therefore, the increase in internet networks, together with the increase in free trade movement simultaneously positions the continent for accelerated growth over coming years and renders African cyberspace governance a core issue of international foreign policy and international law. As the authors further discuss below, and for purposes of the focus of this article, it invites China’s “Zou Chuqu” (going out) strategy – which consists of cultural and educational diplomacy.

Understanding African Cyber Policy

The AU’s Agenda 2063 and Africa’s Digital Development

The past decade has seen a dramatic increase in Africa’s internet penetration, mostly facilitated through the expansion of mobile phone infrastructure.[5] This rise in connectivity has marked Africa as an emerging market for all manner of ICT role players, including social media companies, cloud service providers, telecoms companies and hardware providers.

Prioritizing the continued development and deployment of ICT infrastructure is a clear priority for the continent. Among the several development initiatives, the African Union’s Agenda 2063 reflects this as a collective regional effort.[6] It is the continent’s common strategy structure for inclusive growth and sustainable development, which was developed independently by African countries. Its underlying thinking and specific planning are reflected in the Agenda 2063 Framework Document and its First Ten- Year Implementation Plan, which emphasize a guiding vision to build an integrated, world class communications and connectivity infrastructure – “driven and managed by its own citizens and representing a dynamic force in the international arena.”^[7]

At a national level, African countries have steadily been moving towards adopting dedicated cybercrime laws, most recently South Africa with the Cybercrimes Act of 2020, Ghana Cybersecurity Act of 2020 and Lesotho having recently approved the Cybercrime Bill.[8] However, the total number of African countries with a robust cybersecurity framework remains low. The ITU Global Cybersecurity Index assessed 54 African countries and found that 19 countries had active Computer Emergency Response Teams and 29 had legal frameworks for cybersecurity.^[9]

While these statistics paint the picture of a continent not ready for the myriad of threats posed by rising cybercrimes, the African Union itself has taken steps towards addressing these risks.  In 2019, the African Union Cybersecurity Expert Group held its inaugural meeting.[10] The group seeks to, amongst other things, address:

• Promoting the adoption of the African Union Convention on Cybercrime and Personal Data Protection;
• Sharing best practices on protection critical information infrastructure; and
• Encouraging collaboration between African countries.

As Internet penetration rises and systems become more connected, critical infrastructure across Africa will likely become even more vulnerable to costly, disruptive cyberattacks. The threat is two-fold. First, there is the direct threat of cyber-attack which will affect entity’s own data integrity and business functions. Second, there is the indirect threat arising from the disruption of logistics chains. As the recently published INTERPOL’s African Cyberthreat Assessment Report 2021 exposed:

• Cybercrime reduced GDP within Africa by more than 10%, at a cost of an estimated USD 4.12 billion in 2021,
• Africa has seen a sustained increase in the volume of cyberattacks, amounting to a total of 15, as well as a 238% rise in cyberattacks against online banking platforms since 2020,
• South Africa had 230 million threat detections in total, while Kenya had 72 million and Morocco 71 million.
• South Africa also had the highest targeted ransomware and Business Email Compromise (BEC) attempts and was identified as having the third highest number of cybercrime victims worldwide, at a cost of R2.2 billion (USD 136 890 842) a year.

There has never been a more crucial time to chart a way forward and ensure that efforts are focused on improving security and safety in cyberspace for all African countries. In recognition of this, China’s foreign policy strategy in Africa is geared towards establishing itself as the region’s ICT partner.

Sino-Africa Foreign Policy: Cyberspace

China’s Zou Chuqu strategy in Africa is often either applied bilaterally or through the Forum on China-Africa Cooperation (FOCAC). Since the setup of the FOCAC in 2000, cooperation for security has become an important theme of Sino-African cooperation. The forum’s goals include the socialization of political collaboration in development and governance, as well as fostering a favorable climate for Sino-African commerce and trade. China has also set out funds to help well-established Chinese businesses engage in Africa.^[11]

With China’s growing interest in Africa and the strengthening of the Sino-African partnership, more African governments are inviting China to assist them with their security challenges. Moreover, in the recent introduction of China’s International Strategy of Cooperation on Cyberspace (ISCC),^[12] the fields of cooperation have expanded to include online security. Consequently, Sino-African cybersecurity cooperation has emerged as a key component of China’s new strategic alliance with Africa.

This has had a significant impact on Africa’s political, economic, and societal affairs. The ISCC is China’s first international strategy focusing on cyber issues. In the African context, it is thus a strategic document of significance that is guiding Sino-African cooperation on cyberspace governance. As the article highlights, Africa is still in its infancy stage in terms of cybersecurity development – from both an infrastructural and regulatory standing. Viewed from the perspective of the continent’s rapidly growing number of Internet users, the current security governance structure creates a plethora of multitiered opportunities and challenges for both private sector and government alike, including:

• Control of critical internet resources;
• The establishment of the Internet standards for protocol numbers, web pages, communication, etc;
• Access to network and Internet coordination;
• Network security governance;
• Information intermediation related to privacy, data, speech, etc.; and
• Implementation of intellectual property based on network architecture.

To this end, the ISCC examines cyberspace prospects and problems, and proposes six strategic goals that are relevant to African concerns, including: safeguarding sovereignty and security, developing a system of international rules, promoting fair internet governance, protecting legitimate rights and interests of citizens, promoting cooperation on digital economy, and building platforms for cyber culture exchange.

China’s African Investment

Private Sector Investment

The question has been raised as to whether China seeks to export a distinct Chinese development model that can be copied in other nations, specifically those in Africa, as part of its efforts to fulfill these foreign policy goals. Many argue that this should be examined especially in connection to the African politicians who are often invited to China and courted by Chinese diplomats and corporations.^[13] Nonetheless, what is apparent and measurable is Chinese ascendency in Africa’s digital economy market in the lines of governance, cloud service provision and communications.

Chinese companies have been investing heavily into Africa, with tech giant Huawei spearheading most of the initiatives by China on the continent. Huawei has directly contributed to the building of ICT infrastructure in many African countries, such that it has developed 50% of Africa’s 3G networks and 70% of the continents 4G networks, making it a dominant player in the sector.^[14] These developments are often funded by the Export-Import Bank of China, including:

• Burkina Faso – an EUR 80 million project to build a 650-kilometer fiber-optic network that will connect all of the country’s major cities to a new Huawei-powered Smart City platform, commenced in July of 2021.^[15]
• Senegal – a national Huawei-built data center was opened, with the Senegalese government moving all government data and digital platforms from foreign servers to a new national data center, in June of 2021.^[16]
• Cameroon – the USD 15 million Zamengoe national data centre was built by a Chinese consortium, including Huawei.^[17]
• Zambia – the building of a USD 75 million national data center as part of the Smart Zambia 2030 project, with the prospect of an estimated USD 365 million to spend on a computer assembly plant at the same site.^[18]
• Cape Verde – a 720km submarine cable system, developed by HMN Technologies in January of 2022, with landfalls in Cape Verde and Senegal which, by way of a branching unit, can incorporate other countries in the Economic Community of West African States (ECOWAS).^[19]
• Multiple Countries – a 45,000 km ‘2Africa’ subsea cable developed by China Mobile and seven other partners has landings in 16 countries.^[20]

These investments are a direct development plan under the Digital Silk Road initiative, which itself is part Belt and Road Initiative (“BRI”). The Digital Silk Road seeks to connect BRI priority countries through cross border optical cables and communications networks. China has identified 39 African countries as part of its BRI initiative.[21]

This communications arc is an increasingly prominent component in China’s strategic approach to Africa, as it connects with emerging telecoms, data centres and by-product services of a connected continent.

Case Study: Kenya

Kenya and China’s relations have a long and fruitful history going back to 1963 and China being the fourth country to formally recognize Kenya following their independence. In 2017 China and Kenya entered into the Comprehensive Strategic Cooperative Partnership. This development has strengthened Sino-Kenyan relations considerably. Today, China is Kenya’s largest: trading partner; supplier of contract companies; and is Kenya’s largest lender.[22]

The Government of China funded large portions of the Kenyan Fiber Optic backbone, which was built by Huawei. The fiber optic backbone was implemented in two phases between 2009 and 2014.[23]

In March 2022 the Pakistan, East Africa, Connecting Europe (PEACE) undersea cable landed in Mombasa, Kenya. This USD 425 million project will see a significant increase in connectivity across East Africa with planned expansion to Southern Africa.[24] The project was funded in part by China as part of the Digital Silk Road Project.

In addition to the undersea cable network, Chinese tech giant Huawei, together with China Road Bridge Corporation pledged USD 577 million towards building a tier III data center and express-way as part of the Konza smart city, originally conceived by Huawei and Kenyan Ministry of Information and Communication Technology.[25]

In 2014 Kenya adopted their National Cybersecurity Policy followed by both the Computer Misuse and Cybercrimes Act of 2018 and the Data Protection Act of 2019. These two laws govern cybercrimes and personal data protection in Kenya.

Conclusion

The advent of the Internet has rendered the notion of absolute and exclusive sovereignty as obsolete; international collaboration has become a new core of the modern sovereignty principle. The ICT sector – as an interactive industry, requires an equally collaborative effort in governance and commerce. Further, in a largely untapped yet rapidly growing African market. Africa is fast becoming a priority region for investment by foreign companies looking to expand user bases or make use of large labour pools. China has taken notice and capitalised on existing partnership opportunities for robust ICT infrastructure and services.  For more information and to work with us on this critical area, please contact Ethan Mudavanhu or Daniel Batty.

_

[1] Statista (2022) Africa: number of internet users in 2022, available at https://www.statista.com/statistics/505883/number-of-internet-users-in-african-countries/

[2] World Bank (2020) The African Continental Free Trade Area: Economic and Distributional Effects, available at https://openknowledge.worldbank.org/bitstream/handle/10986/34139/9781464815591.pdf

[3] World Bank (2020) The African Continental Free Trade Area: Economic and Distributional Effects, available at https://openknowledge.worldbank.org/bitstream/handle/10986/34139/9781464815591.pdf

[4] OECD Development Matters (2018) How can the new African free trade agreement unlock Africa’s potential? Available at https://oecd-development-matters.org/2018/10/22/how-can-the-new-african-free-trade-agreement-unlock-africas-potential/

[5] Statista (2022) Share of internet users in Africa as of January 2022, by Country, available at https://www.statista.com/statistics/1124283/internet-penetration-in-africa-by-country/

[6] Goal 10 of the Agenda 2063 development goals, available at https://au.int/en/agenda2063/sdgs

[7] Goal 10

[8] Lesotho Times (2022), National Assembly approves cybercrime bill, available at National Assembly approves cyber-crime bill – Lesotho Times (lestimes.com).

[9] ITU (2021), Are African countries doing enough to ensure cybersecurity and internet safety, available at https://www.itu.int/hub/2021/09/are-african-countries-doing-enough-to-ensure-cybersecurity-and-internet-safety/.

[10] African Union (2019), African Union Cybersecurity Expert Group holds its first inaugural meeting, available at https://au.int/en/pressreleases/20191212/african-union-cybersecurity-expert-group-holds-its-first-inaugural-meeting.

[11] Forum on China-Africa Cooperation

[12] International Strategy of Cooperation on Cyberspace

[13]Hodzi, O and Åberg, John H S (2020) Introduction to the Special Issue: Strategic Deployment of the China Model in Africa, available at https://www.orfonline.org/research/china-in-africa/#_edn26

[14] Karasik, T (2022) Africa’s Digital Sovereignty Threatened by Big Power Rivalry, available at https://www.arabnews.com/node/2049021

[15] China Global South Project (2021) Burkina Faso Launches New Huawei-Powered Smart City Initiative Using Loan From the China Exim Bank, available at https://chinaglobalsouth.com/2021/07/15/burkina-faso-launches-new-huawei-powered-smart-city-initiative-using-loan-from-the-china-exim-bank/

[16] Van der Made, J (2021) Senegal to move all Government Data to Huawei-Run Data Center, available at https://www.rfi.fr/en/africa/20210625-senegal-to-move-all-government-data-to-huawei-run-data-center-china-africa-macky-sall-information-technology

[17] Alley, A (2020) Huawei Equips Cameroon Gov’t Data Center, Helps Rain’s South Africa 5G Project , available at https://www.datacenterdynamics.com/en/news/huawei-equips-cameroon-govt-data-center-helps-rains-south-africa-5g-project/

[18] Moss, S (2017) Huawei’s $75m Zambian Data Center Readies for Launch, available at https://www.datacenterdynamics.com/en/news/huaweis-75m-zambian-data-center-readies-for-launch/

[19] HMNTech (2022) HMN Tech Completes Marine Installation of SHARE Cable, available at https://www.hmntechnologies.com/enPressReleases/37922.jhtml

[20] 2Africa

[21] Council on Foreign Relations (2022), China’s Digital Silk Road and Africa’s Technological Future, available at https://www.cfr.org/blog/chinas-digital-silk-road-and-africas-technological-future.

[22] KenInvest (2017) China and Kenya, available at https://cn.invest.go.ke/kenya/china-and-kenya/.

[23] Telecompaper (2014), Kenyan government to start phase 2 of NOFBI project with Huawei, available at https://www.telecompaper.com/news/kenyan-govt-to-start-phase-2-of-nofbi-project-with-huawei–1021503.

[24] The East African (2022), Kenya unveils $399m internet cable hoped to unlock digital economy, available at https://www.theeastafrican.co.ke/tea/business/kenya-unveils-399m-internet-cable-hoped-unlock-digital-economy-3766578.

[25] Reuters (2019) Kenya secures $666 million from China for tech city, highway, available at https://www.reuters.com/article/us-kenya-china-idUSKCN1S21KG.