Countries in Africa in urgent need of national cyber vetting and code review

I am a huge fan of the popular TV series Border Security: Australia’s Front Line, where visitors to the country’s airports are put through their paces in a bid to prevent the importation of prohibited items.  

Troubling news recently that tens of thousands, and perhaps many more, of China-sourced mobile devices in a number of countries in Africa have been found to have intentionally installed malware raises grave concerns. The malicious software apparently finds subscription services and submits fraudulent requests on behalf of users, doing so invisibly and without the user’s knowledge.

Given the lower relative purchasing power and pent-up demand for communication services across much of Africa, the continent is often considered a soft target for the delivery of below par, refurbished or unvetted digital devices and systems, which then have a knock-on effect of potentially making national digital infrastructure vulnerable to compromise by third parties.

In much the same way border security in Australia is constantly on the lookout for prohibited imports or items that may pose a threat to the island state’s natural ecosystem, countries in Africa need to start implementing active measures to vet all digital, connected equipment being imported and utilised in-country.

Cyber vetting and code review facilities need to be established at a national level, allowing national authorities to independently appraise and certify digital equipment while gaining more information on how the products and technologies being imported work before being approved for commercial use domestically.  

All testing and validation of equipment upon importation should be conducted on a confidential basis between the equipment supplier and the national vetting agency, and for maximum security, the review ought to be conducted as the final stage of any procurement process.

Testing and validation of at least hardware, software, cryptography, and telecommunications environments should be mandated, resulting in an integrated testing environment that covers the full spectrum of cyber security vulnerabilities. It is only through such initiatives that countries in the developing world stand any chance of closing the digital divide; protecting confidential and valuable consumer and corporate data; and exercising some measure of oversight over the march of digitisation domestically.