Critical Information Infrastructure (CII) constitutes assets (real/virtual), networks, systems, processes, information,
and functions that are vital to the nation such that their incapacity or destruction would have a devastating impact
on national security, the economic and social well-being of citizens. CII may comprise a number of different infrastructures
with essential interdependencies and critical information flows between them.
The Cybersecurity Act, 2020 (Act 1038) defines a critical information infrastructure as a computer system or computer network that is essential for national security or the economic and social well-being of citizens.
Cyber-attacks against CIIs are increasing, the magnitude, frequency and impact of such security incidents can impede the pursuit of economic activities, generate substantial disruption to critical services, financial losses, undermine public confidence, and cause major disruption to our economy. Recent attacks on the power grids, electoral systems, payment systems and healthcare systems around the world bring to bear the imminent threats to Ghana’s CII.
Sections 35 to 40 of the Cybersecurity Act, 2020 (Act 1038) seek to protect Ghana’s CII with provisions for Designation, Registration, Withdrawal of Designation, Management and Compliance Audit of CII, Duty of Owner of CII and Access to CII.As part of measures to implement Sections 35 to 40, the following monumental strides have been taken: Ghana identified Thirteen (13) Sectors as critical based on the criteria outlined in Section 35 of Act 1038.
The Minister responsible for cybersecurity matters, on September 23rd, 2021, designated the 13 identified sectors as Critical Information Infrastructure (CII)
Sectors by Gazette Notice (Notice No. 132).
The Minister, on October 1st 2021 launched the Directive for the Protection of Critical Information Infrastructure.The protection of CII is the shared responsibility of both public and private organisations that own and operate CIIs. To ensure a safer and resilient digital ecosystem, there is a need to adopt a framework to ensure the confidentiality, integrity, and availability of Ghana’s CII and to minimise the likelihood and impact of successful cyber-attacks against our CII.
Ghana must secure its infrastructure, deter cybercrime, develop national capacity, build a resilient digital ecosystem relative to cybersecurity, and strengthen cybersecurity cooperation among critical sectors. The protection of CII constitutes the backbone of Ghana’s digital resiliency.