ARTICLE
2 December 2024

Safeguarding Nigeria's Critical National Information Infrastructure; Review Of A New Order

PL
Pavestones Legal

Contributor

Pavestones is a modern, full service, female led law practice with a particular focus on technology and innovation. The practice was borne out of a desire to meet the legal requirements of businesses by adopting a modern, cost effective and less archaic approach. Our key practice areas are Corporate and Commercial, Technology and Innovation, Data Protection and Compliance Services, Energy and Natural Resources and Banking and Finance.
The Federal Government of Nigeria has taken a significant step towards protecting the nation's information security framework with the enactment of the Designation and Protection...
Nigeria Technology

Introduction

The Federal Government of Nigeria has taken a significant step towards protecting the nation's information security framework with the enactment of the Designation and Protection of Critical National Information Infrastructure Order (the “Order”), 2024. The Order was enacted pursuant to the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (as amended) (the “Act”) .

As the Nigerian economy continues to grow, the reliability and security of critical infrastructure, such as power grids, financial networks, and healthcare systems, are increasingly central to national stability. In this newsletter we highlight some of the objectives and implications of the Order.

What is Critical National Information Infrastructure (CNII)?

Critical National Information Infrastructure (CNII) refers to interconnected systems; networks that are indispensable for the functioning of the nation's economy, security, public health, and general safety. These information infrastructures are integral to ensuring seamless communication, data storage, and operational continuity in both private and public sectors. Examples of CNII include telecommunications networks, financial systems, transportation management systems, national power grids, national identity management system etc. Disruption to any of these systems can result in significant economic loss and distress.

What is the Objective of the Order?

The main objective of the Order is to establish a system that ensures the security and stability of CNII. First, it identifies computer systems, networks and communication infrastructures installed, deployed or operated in the following sectors; (i)power and energy sector;(ii) financial industry and insurance; (iii) health; (iv) public administration;(v) national defence and security;(vi) education; (vii) information, communication, sciences and technology; (viii) agriculture; (ix) safety and emergency services; (x)mines and steel; (xi) the industrial and manufacturing sector, among others, as CNII, recognizing their vital role in national development, security and stability of the economy. Additionally, the Order emphasizes the need to create unified strategies and measures to safeguard CNII, ensuring there are protective measures against threats.

What are the Notable Provisions of the Order?

The Office of the National Security Adviser (ONSA) is tasked with leading efforts to protect CNII by collaborating with relevant stakeholders to establish a Trusted Information Sharing Network (TISN) that would encourage the exchange of information across various sectors of the Nigerian economy. The Order also empowers the ONSA to conduct regular audits and inspections of CNII to ensure compliance with applicable laws, guidelines, and rules.

Additionally, the ONSA in collaboration with relevant CNII stakeholders is required to develop and implement a Critical National Information Infrastructure Protection Plan (CNIIPP) and other measures to prevent unauthorized access, theft, vandalism, destruction, and unlawful interference with the operation of CNII. This is to minimize risks and reduce incidents that could disrupt or compromise the functionality of this CNII.

Pursuant to the Act, individuals who commit offences against CNII, specifically, unauthorized access, tampering, or interference with CNII, shall upon conviction be liable to imprisonment for up to 10 years. Where such acts result in grievous bodily harm to individuals, the imprisonment terms extends up to 15 years. In cases where such offences lead to the loss of life, offenders are liable to life imprisonment.

Conclusion

Safeguarding Nigeria's Critical National Information Infrastructure is crucial to the nation's security, economy, and public welfare. For stakeholders in the relevant designated sectors, it is important to ensure compliance and adopt proactive cybersecurity measures that will safeguard critical systems in their relevant sectors.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More