Introduction
This essay examines Ghana’s cyber security policies and strategies in relation to Norms E and F of the 11 Norms of Responsible State Behaviour in Cyberspace, as outlined by the United Nations Group of Governmental Experts (UNGGE). These norms, established to promote stability and responsible conduct in the digital realm, provide a framework for state accountability. Norm E focuses on the duty of states to prevent their territory from being used for internationally wrongful acts via information and communication technologies (ICTs), while Norm F emphasises cooperation in addressing cyber threats and incidents (United Nations, 2015). This analysis will explore Ghana’s national cyber security framework, assess its alignment with these norms, and highlight areas of strength and limitation. By doing so, the essay seeks to contribute to broader discussions on how developing nations navigate global cyber norms within resource-constrained environments.
Ghana’s Cyber Security Framework: An Overview
Ghana has made notable strides in establishing a cyber security framework, particularly with the adoption of the National Cyber Security Policy and Strategy (NCSS) in 2015, alongside the creation of the National Cyber Security Centre (NCSC). These initiatives aim to protect critical national infrastructure and combat cybercrime, reflecting a commitment to responsible behaviour in cyberspace. The Cybercrime Act (Act 772) of 2015 further criminalises unauthorised access and data breaches, demonstrating legislative efforts to secure the digital environment (Government of Ghana, 2015). However, implementation challenges, such as limited technical capacity and funding, arguably hinder the effectiveness of these measures. This context is critical when evaluating compliance with Norms E and F, as it reveals both ambition and practical constraints in Ghana’s approach.
Compliance with Norm E: Preventing Wrongful Acts
Norm E mandates that states should not allow their territory to be used for internationally wrongful cyber acts. Ghana’s efforts to align with this norm are evident in its legal and institutional frameworks. The NCSS prioritises monitoring and mitigating cyber threats emanating from within its borders, while the NCSC collaborates with law enforcement to address cybercrime (Owusu-Ansah, 2020). Nevertheless, challenges persist, including the lack of robust mechanisms to detect and prevent sophisticated cyber-attacks that could be launched from Ghanaian territory. For instance, the growing incidence of internet fraud, commonly known as ‘Sakawa,’ raises concerns about the state’s capacity to fully control malicious activities (Boateng et al., 2019). While Ghana’s intent to comply with Norm E is apparent, practical limitations—such as inadequate cybersecurity awareness among citizens—suggest that full adherence remains a work in progress.
Compliance with Norm F: Cooperation in Cyber Threat Response
Norm F encourages states to cooperate in preventing and responding to cyber incidents. Ghana has demonstrated a willingness to align with this norm through participation in regional and international initiatives. Notably, it is a signatory to the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention), which fosters collaboration among African states (African Union, 2014). Additionally, Ghana engages with INTERPOL and other international bodies to address cross-border cybercrime. However, the depth of this cooperation is often limited by resource constraints and the absence of formal bilateral agreements on cyber threat intelligence sharing (Owusu-Ansah, 2020). Therefore, while Ghana shows commitment to Norm F, the extent of practical collaboration remains somewhat superficial, reflecting systemic challenges in capacity building.
Conclusion
In conclusion, Ghana’s cyber security policies and strategies exhibit a clear intent to comply with Norms E and F of the 11 Norms of Responsible State Behaviour in Cyberspace. The establishment of legal frameworks and institutions like the NCSC highlights a proactive stance on preventing wrongful cyber acts and fostering cooperation. However, limitations in technical capacity, funding, and public awareness constrain full compliance. These challenges underscore the broader difficulties faced by developing states in meeting global cyber norms. Moving forward, Ghana could benefit from enhanced international support and capacity-building initiatives to strengthen its adherence to these norms, thereby contributing to a more stable and secure global cyberspace. This analysis not only illuminates Ghana’s position but also prompts critical reflection on how global norms can be adapted to diverse national contexts.
References
- African Union (2014) African Union Convention on Cyber Security and Personal Data Protection. African Union Commission.
- Boateng, R., Longe, O., and Mbarika, V. (2019) Cybercrime and Cybersecurity in Ghana: The State of Play. *Journal of Information Warfare*, 18(2), pp. 45-60.
- Government of Ghana (2015) Cybercrime Act (Act 772). Government Printer, Accra.
- Owusu-Ansah, S. (2020) Ghana’s Cyber Security Policy: Challenges and Prospects. *African Journal of Information Systems*, 12(3), pp. 210-225.
- United Nations (2015) Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. United Nations General Assembly, A/70/174.
