As the threat of state-sponsored cyber-attacks increases, multiple nations are putting together ‘cyber-armies’ able to fight back. The US Cyber Command was created in 2009 with the aim of defending the country’s infrastructure from attack. North Korea also has a cyber warfare unit and in the UK, it was recently revealed that the nation is increasing its ability to wage war in cyberspace with the creation of a new offensive force of up to 2,000 people.
Another country upping its game is Nigeria, which has itself suffered from numerous incidents of cyber-terrorism after jihadist militants Boko Haram migrated to the internet. The nation claims Boko Haram is leveraging social media for recruitment and was responsible for defacing the Defence Headquarters website. The group is also blamed for a hack on the Independent National Electoral Commission (INEC) website on a presidential election day.
In 2016, the Nigerian Army announced plans to take the war against insurgency to the nation’s cyber space. The result is the Nigerian Army Cyber Warfare Command: 150 IT trained officers and men drawn from the corps and services in the Nigerian Army. Their aim: to monitor, defend and assault in cyberspace through distributed denial of service (DDoS) attacks on criminals, nation states and terrorists.
So what led to the setup of the Command? “There have been a lot of issues with Boko Haram and also general cybersecurity problems,” says Eric Vanderburg, vice president of cybersecurity at TCDI, who is also an author and speaker on information security. “Crime is widespread in Africa, but their economy is one of the largest.”
The Nigerian army says it has acquired state of the art technical equipment and experts from IBM are currently configuring its newly procured servers. With the capacity to protect the country’s critical infrastructure, the command will also monitor the Nigerian Army’s networks and advise field commanders on how to use the computer-based weapons systems.
But there will be challenges as the country tries to tackle years of crime taking place in cyberspace. For example, Nigeria is simply training existing officers who might have no previous knowledge or experience in cybersecurity.
“They are all former army and military personnel,” says Vanderburg. “But they really need – even if only for leadership – someone to provide that guidance and specific knowledge on some of the key areas to the new recruits to train them through a programme. I just don’t see how it could be effective without bringing in some experienced people.”
If there isn’t much action, Nigeria’s Command could be more about appearances. “I think it is posturing,” Vanderburg says. “They have resisted some of the cooperation from the US – we had the US-Africa Command, for example.”
In addition: “They have previously said they have eradicated the Boko Haram threat but it’s really still there beneath the surface,” Vanderburg points out. “I think that’s going to be a lot of what happens here: they will do something with the cyber command, maybe fix some small issue and declare the cyber problem fixed.”
Nigeria also wants to show criminals and other nations it is doing something about cybercrime in a country known for its scams and phishing emails. “I think there is going to be an increasing focus on Africa: with how many cyber-attacks are coming out of it and international pressure to solve the problem,” Vanderburg says.
Internationally, Vanderburg stresses the need for a group in each country as well as cooperation between nations. “Each country should have something that helps coordinate local resources in response to cyber threats, but those groups need to work together on an international scale to now identify the problem. If, for example, an event impacts five countries, each of those could then have local units able to respond it.”