By 
By Sonny Aragba-Akpore
On June 24,2024, President Bola Ahmed Tinubu signed an Executive Order for the protection of information and communications technology (ICT) equipment in order to build a robust economy. Captioned DESIGNATION AND PROTECTION OF CRITICAL NATIONAL INFORMATION INFRASTRUCTURE ORDER, (CNII)2024, the order derives its power from Cybercrime Act of 2015.
RELATED: Nigerian government enacts Critical National Information Infrastructure Protection Order, 2024
Specifically, this is in exercise of the powers conferred on the President by section 3 of the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (as amended), and all other powers enabling him in that behalf.
“The objectives of this Order are to designate certain Information and Communications Technology systems (ICT), networks and infrastructure operating in Nigeria, as Critical National Information Infrastructure (CNII), develop cohesive measures and strategies for the security and protection of CNII, and ensure their continued operation.
Order is to ensure effective functioning of ICT systems
The order specifies adoption and proactive holistic approach in the identification, security and protection of CNIl; reduce to the barest minimum, incidences capable of damaging, disrupting, or interfering with the operation, functionality, or integrity of CNII.
The order is essentially to ensure the effective functioning of ICT systems, networks, and infrastructure, which are critical to driving national imperatives, economic development, national security and defense, public health and safety, and government operations.
It lists Computer systems, networks, and communication infrastructures acquired, installed, deployed, and operated in sectors of the Nigerian economy as in the Schedule to this Order as critical and are hereby designated as CNII.
A sleepy CNII?
But beautiful as the document is, its impact is yet to be felt. In spite of the good intentions thereto, not much has been done or heard in this regard as it appears the document appears confined to government archive as one of those policies that have good intentions but remain slow in implementation.
Strangely, nobody is even talking about it and industry players are worried.
As for the Cybercrime Act from where this order was derived, very little has come from there too except pockets of arrests and prosecution especially of persons who may have alleged to have carried out cyberstalking and others.
The CNII order requires strong implementation especially if we intend to build a resilient and robust economy and sustain and protect telecommunications infrastructure, grow the ICT sector to improve on the Gross Domestic Product (GDP) among others.
Not much has been heard or implemented since 2024 when the order was signed and it is worrisome that such a beautiful policy is allowed to rot away in the back waters of governance.
Why the CNII matters
CNII refers to interconnected systems; networks that are indispensable for the functioning of the nation’s economy, security, public health, and general safety. These information infrastructures ensure seamless communication, data storage, and operational continuity in both private and public sectors.
Examples of CNII include telecommunications networks, financial systems, transportation management systems, national power grids, national identity management system among others. Disruption to any of these systems could result in significant economic losses and distress.
Legal experts explain that Office of the National Security Adviser (ONSA) is tasked with leading efforts to protect CNII by collaborating with relevant stakeholders to establish a Trusted Information Sharing Network (TISN) that would encourage the exchange of information across various sectors of the Nigerian economy.
The Order also empowers the ONSA to conduct regular audits and inspections of CNII to ensure compliance with applicable laws, guidelines, and rules.
Additionally, the ONSA in collaboration with relevant CNII stakeholders is required to develop and implement a Critical National Information Infrastructure Protection Plan (CNIIPP) and other measures to prevent unauthorized access, theft, vandalism, destruction, and unlawful interference with the operation of CNII.
This is to minimize risks and reduce incidents that could disrupt or compromise the functionality of this CNII.
Pursuant to the Act, individuals who commit offences against CNII, specifically, unauthorized access, tampering, or interference with CNII, shall upon conviction be liable to imprisonment for up to 10 years. Where such acts result in grievous bodily harm to individuals, the imprisonment terms extend up to 15 years. In cases where such offences lead to the loss of life, offenders are liable to life imprisonment.
Political will and challenges to enforcing the Order
The designation of telecom infrastructure as a critical national infrastructure may not address the challenges of vandalism except the government displays the political will to enforce the Order.
The immediate past government had approved and also directed those necessary physical protective measures be put in place to safeguard telecommunications infrastructure deployed across the country.
The presidential directive, mandated Office of the National Security Adviser (ONSA), Defence Headquarters (DHQ), Nigeria Police Force (NPF), Department of State Services (DSS), and the Nigeria Security and Civil Defence Corps (NSCDC), to ensure protection of the infrastructure and were properly notified of the President’s directive and were expected to enforce same as directed.
But very little was done because this had no impact as vandalism of the infrastructure remained a daily occurrence across the country to date.
That is why this government should sum up the political will to implement this Executive Order, safeguard the infrastructure and fuel the economy.
Communications, Innovation and Digital Economy Minister, Bosun Tijani explained at the advent of the document that “the order is a significant step that would strengthen and protect investments in the ICT sector by reducing incidences capable of damaging the operations and functionality of the country’s technological systems, infrastructure, and networks.”
Telecom infrastructure as CNII could improve telecoms QoS
The Minister added that designating telecom infrastructure as CNII would help improve the quality of telecoms services, which has often been affected by disruption and intentional damage.
“This gazette now makes it an offence to wilfully damage assets such as telco towers/sites, switch stations, data centres, satellite infrastructure, submarine & fibre optic cables, transmission equipment, e-government platforms, databases among many others,” adding that government would continue to work to create an enabling and supportive environment and policies for the digital economy to thrive.
The Order identifies areas that are critical for protection as power and energy sectors of the economy, water; information, communication, science and technology; banking, finance and insurance; health; public administration; education; defense and security transport; food and agriculture; safety and emergency services; industrial and manufacturing; and mines and steel.
Role of National Security Adviser
The order states that the National Security Adviser (NSA) may, with the approval of the President, update the list of sectors in the Schedule to this Order, taking into consideration emerging technologies and platforms, in line with the Cybercrimes (Prohibition, Prevention, Etc.) Act (“the Act”), and the National Cybersecurity Policy and Strategy (“the Policy”). And any update made pursuant to the listed areas shall be published in the Federal Gazette.
“The Office of the National Security Adviser (ONSA) shall, in collaboration with relevant CNII stakeholders, develop a comprehensive Critical National Information Infrastructure Protection Plan (CNIIPP); and guidelines, specifying minimum standards, rules, and procedures for the protection, preservation and general management of designated CNII, for the approval of the President.”
“The ONSA shall, in collaboration with relevant CNII stakeholders, establish a Trusted information Sharing Network (TISN), as a multidisciplinary framework, comprising owners and operators of CNII; representatives from relevant Ministries, Departments, and Agencies of government (MDAs); and identified private sector organisations, to build and execute awareness campaigns on risks to CNII, share information and techniques required to assess and mitigate risks in a decentralised manner across sectors of the economy, and implement capacity building initiatives to strengthen and mainstream resilience and protection of the infrastructure and networks.”
Members and entities within the TISN shall collaborate and share information on threats and vulnerabilities, and develop strategies and solution to mitigate known and evolving risks.
How much of this has been implemented across board leaves us guessing.
Despite CNII, attacks on infrastructure across country persist
Before the Presidential intervention, it has been a tale of woes by stakeholders in the Nigerian ICT sector who have been calling on the government to designate telecom infrastructure as a critical national infrastructure to address the challenges of persistent attacks on the infrastructure across the country.
In March 2024, the Operators reiterated the call as Nigeria suffered an internet outage due to damage to some fibre optic cables.
“In 2023 alone, MTN Nigeria suffered more than 6,000 cuts on its fibre cable. The operator relocated 2,500 kilometres of vulnerable fibre cables between 2022 and 2023, at a cost of more than N11bn —enough to build 870 kilometres of new fibre lines in areas without coverage.”
Early in August 2024, Chief Executive Officer of Airtel Nigeria, Carl Cruz, while speaking during an industry forum, said the telecom company had been recording an average of 1,000 cases of fibre cuts e
