Rwanda’s expected Cyber Security Agency may have extra powers to launch cyber attacks both within and outside the country in case national security is at risk.
A newly proposed ‘National Cyber Security bill’ gives more powers to the responsible agency to investigate any threats in private and public institutions and defend the country from any attacks.
Jean Philbert Nsengimana, the Minister of Youth and ICT told parliament on Monday that in the previous bill, the role and responsibilities of the agency were not clear. It had to be made very clear- to protect, attack and prevent any potential attacks.
“The agency will have powers to conduct investigations on any cyber threats in public and private organs. This will be aimed at assessing threat levels and in the interest of national and citizen’s security,” Nsengimana said.
In December 2016, parliament had passed this bill setting up a National Cyber Security Agency with powers to handle cyber crimes and threats but has been pending the signature of the president to be passed this year.
However, the bill was ‘bounced’ back to parliament on grounds that its scope was limited and the president’s office recommended that the agency should have more powers to handle national cyber and internet related security issues.
After amendments made by the Minister of Youth and ICT and Rwanda Utility Regulatory Authority (RURA) last month, today the bill was presented to the parliamentary commission on Education, Culture, ICT and Youth.
Members of parliament questioned how the new agency and its new responsibilities will be integrated within existing security organizations and operations, which have the same powers to carry out investigations on similar issues.
Minister Nsengimana said that the new agency will have powers to carry out investigations in collaboration with existing security organs to curb any cyber attacks and keep a keen eye on any suspicious cyber threats against the country.
The bill is currently undergoing a process of article correction and parliament is expected to re-submit the proposed bill to the president for approval before the agency is established.
Rwanda has been on cyber alert after investing heavily in ICT sector and in 2015 established a cyber-security strategic plan but also became the second country in the East African region after Kenya to launch a $3 million cyber security system aimed at protecting public and private institutions against online crimes.
In 2016, Rwanda thwarted more than 1,000 cyber attacks daily before they could affect targeted individuals, companies and institutions.
However, in the same year when Rwanda central bank (BNR) sent $516,000 to cover tuition for 14 Rwandan students in Nigeria, the money was diverted to another account in Spain.
Cyber attackers in 2015 alone tried 25 million times to steal money from BNR but were unsuccessful.
Africa Cyber Security Report was compiled in conjunction with United States International University-Africa’s Centre for Informatics Research and Innovation.
In East Africa, Kenya recorded the highest losses of $171 million due to cyber criminals. Tanzania lost $85 million while Ugandan companies lost $35 million.
It indicates that 93% of surveyed African companies acknowledge that cyber crime is affecting their organisations yet expenditure on cyber security remains low while 96% of cyber security incidents are not reported as companies opt to protect their reputations.