Securing East Africa’s cyber domain
Ensuring that East African region remains free of cyber crime related destruction is one way of achieving the social, economic and political vision of the five member states treaty. So, too, is strengthening maritime security and cooperation. EAC really need to start making a difference to be proactive and to lead in partnership and to boldly underscore its bearing, is in the emergent area of strategic cybersecurity. As a developing region, East Africa has some of the most advanced implementation of harmonized mobile and e-commerce laws. Four out of five countries(Burundi the only one) have laws related to electronic transactions, with all four have those concerned with cybercrime. All but one(I cannot mention it for security reasons) have a national cybersecurity programme. This is, perhaps, of little surprise, given that economic prosperity and the regulatory framework to secure that as the basis for peace and security has been an EAC priority from the beginning. Since the 1998 Nairobi and Dar Es Salaam bombing attacks, as well, issues of terrorism related to cyberspace and cybercrime have featured in numerous region’s declarations and communiques.
This growing recognition of the urgency to secure cyberspace has permeated discussions in regional forum with tentative initiatives, such as a work plan aimed at promoting confidence-building measures. Where discussion has lagged in the East African region framework has been how state interactions with each other and non-state actors should be governed in cyberspace. Specifically, and rather shockingly for a grouping of relatively and mostly small states like Rwanda and Burundi with a constellation of powerful dialogue partners, there has been little consideration about the role and applicability of regional and international law in the conduct of relations in the virtual realm.A region that aspires to connectivity must underwrite its own security. This goes beyond technical resilience crucial in its own right to a framing set of cross-border laws and principles that will guide state conduct online, as well as offline. A conversation about rules must be conducted by a community to be based on rules. The duality of cyberspace means that the usual parameters that define civilian and military spaces are mutable.
How should militaries in the East African region be guided in cyberspace, when infrastructure, network grids and software are shared with the civilian world? Defining rules of engagement apply if cyber or other operations are warranted.East African militaries should also be talking with each other to clarify intentions, promote some predictability of conduct and advance inter-operability in cyberspace. EAC Defense Ministers meeting does not yet discuss cybersecurity as a separate working group. It would do well to do so. It would do better to explore the matter with its dialogue partners, many of which have superior cyber technologies and much to share. Even accounting for the inevitable natural security sensitivities in this new domain, there is plenty of scope at this stage for doctrinal development, technical exchanges and joint exercises. At the very least, militaries in the region should be establishing rules of engagement in cyberspace in accordance with prevailing international law. As geopolitical dynamics evolve and states jostle with each other for power and dominance online, it will be absolutely in East African region’s interest to shape and advocate a cyber domain based on an international legal framework.