Deadline for licensing of Cyber Security professionals, service providers won’t change – Authority
The Cyber Security Authority (CSA) says the January 1, 2023 deadline for the licensing of Cyber Security professionals, service providers, and establishments holds.
The Authority has consequently developed a draft framework to guide the implementation of the licensing regime.
The CSA, as part of the preparations, organised a public consultation meeting on the Framework in Accra on Wednesday, October 5, 2022, to solicit for inputs from industry players.
Dr Albert Antwi-Boasiako, Acting Director General, CSA, said the licensing and accreditation Framework would ensure that cyber security professionals, establishments, and service providers attained a higher level of professional standards in accordance with the Cyber Security Act, 2020 (Act 1038).
He said technical qualifications alone were not enough to measure professionalism, adding that the licensing regime would help to “improve the image” of the profession and protect the country’s digital ecosystem.
“There’s a direction from the Board that effective 1st January 2023, to do cyber security service in the country, you have to be licensed and the mechanisms will be outlined by the end of the year.” Dr Antwi-Boasiako said.
He added, “There are both administrative and criminal sanctions in the Cyber Security Act for those who perform cyber security services without legal authorisation and that will be applied.”
Section 49 of the Cyber Security Act, 2020 states: “A person shall not provide a cyber security service unless that person obtains a license issued by the Authority in accordance with Act 1038.”
Section 57 of Act 1038 also mandates the CSA to establish a mechanism to accredit Cyber Security professionals and practitioners.
Madam Jennifer Mensah, Functional Lead, Legal and Compliance, CSA, said given the sensitive nature of the domain of cyber security, the Framework would ensure that cyber security professionals and practitioners were fit and proper persons to render such services.
She said the GSA was considering having a tier system of categorisation of licenses and appealed to stakeholders to make input on the kind of parameters and requirements to be used.
Madam Mensah said under the Act, a person providing cyber security services without a license could face a penalty equivalent to the cost of damage caused and value of financial gain made.
She said a licensed service provider using a license for a purpose other than the purpose for which it was granted could be fined 50,000 penalty units, equivalent to GHS 600,000.
Cyber security threats have been an issue of concern following a surge in reported cases of online fraud, ransonware attacks and other cybercrimes.
Last year, cyber fraud topped cybercrime cases recorded by the Cybercrime Unit of the Criminal Investigations Department of the Ghana Police Service – accounting for 45 per cent of all cybercrime cases.
The Ghana Armed Forces (GAF), at the launch of its 2022 Cyber Security Awareness month last week, disclosed that it recorded 28 cases of cyber fraud within the last three months.
The cases, the GAF said, was connected to recruitment and enlistment drives on fake social media platforms and Mobile Money accounts.
Source: GNA
The CSA has decided to regulate the organisations and people who practice in Cyber Security by January 2023, however they are still not ready with any further information on this policy or even how to apply. This in itself is a threat to organisations in getting the right security as they are still waiting for the accredited service providers. In the mean time cyber criminals are not waiting for any policy are operating in real time. These criminals do not possess any formal education on how to breach security. Very unnecessary regulation